hijacked??

View previous topic View next topic Go down

hijacked??

Post by robotkilla101010 on Wed Jan 09, 2013 6:56 pm

Hi Guys,

I think i have a virus / Trojan!!

my internet connection runs really slow at times. there are 1'000's of packets being received and sent in very short sessions.
There is a Gupdate that runs every hour!
I think my anti virus has been disabled!

my homepage may have changed too.

your help is greatly appreciated.

Thanks in advance.

RK

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by Dr Jay on Wed Jan 09, 2013 7:20 pm

Hi there!

ComboFix scan

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Wed Jan 09, 2013 7:47 pm

log as requested.

ComboFix 13-01-08.01 - Laptop User 09/01/2013 19:38:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.3574.2519 [GMT 0:00]
Running from: c:\documents and settings\Laptop User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Laptop User\Application Data\inst.exe
c:\documents and settings\Laptop User\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Laptop User\Application Data\Microsoft\bass.dll
c:\documents and settings\Laptop User\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Laptop User\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Laptop User\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Laptop User\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Laptop User\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Laptop User\Application Data\vso_ts_preview.xml
c:\documents and settings\Laptop User\WINDOWS
c:\program files\15307_01.exe
c:\windows\system\VI30AUT.DLL
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 05:19 . 2013-01-09 05:19 -------- d-----w- c:\documents and settings\Mrs Snoozlepotts\Application Data\Malwarebytes
2012-12-13 21:41 . 2012-12-13 21:41 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:30 . 2004-08-12 13:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:30 . 2004-08-12 13:20 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2004-08-12 13:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:30 . 2004-08-12 13:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-01-28 22:49 . 2009-01-28 22:49 22260008 -c--a-w- c:\program files\SkypeSetup.exe
2012-01-12 05:34 . 2012-01-12 05:34 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-05-18 14:22 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-05-18 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-19 2042208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 19:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Laptop User^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Laptop User\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-05-26 10:03 2346192 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 18:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 16:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 16:13 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-07-25 15:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-07-25 15:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-31 12:13 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-05-18 16:25 323584 ------w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7311_Monitor]
2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 16:13 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-02 04:56 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 13:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 11:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-31 02:41 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1c99377942a6a2e"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"dopewars-server"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Cisco Packet Tracer 5.3\\bin\\PacketTracer5.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Laptop User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [27/03/2007 15:46 3456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/08/2008 14:09 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/08/2008 14:09 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/09/2008 11:05 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2008 11:05 297752]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/08/2008 17:19 108032]
S2 gupdate1c99377942a6a2e;Google Update Service (gupdate1c99377942a6a2e);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2009 16:23 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 160944]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [08/08/2008 14:23 37296]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/03/2012 11:58 20464]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/08/2004 13:30 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [28/08/2009 00:07 47360]
S4 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/03/2012 11:58 652360]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [01/02/2006 23:49 204800]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - klmd21
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Fotofox: [You must be registered and logged in to see this link.] - %profile%\extensions\fotofox@mozilla.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GoogleTube: [You must be registered and logged in to see this link.] - %profile%\extensions\googletube@googletube.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: CSS Validator: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09} - %profile%\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
FF - Ext: EditCSS: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} - %profile%\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
FF - Ext: ImageBot: {55009080-176f-11da-8cd6-0800200c9a66} - %profile%\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Font Finder: [You must be registered and logged in to see this link.] - %profile%\extensions\fontfinder@bendodson.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-01-09 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1292428093-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-01-09 19:45:08
ComboFix-quarantined-files.txt 2013-01-09 19:44
.
Pre-Run: 13,958,115,328 bytes free
Post-Run: 14,217,465,856 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E8237F621490C27CC68BB57B8FC4128F

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by Dr Jay on Wed Jan 09, 2013 10:26 pm

TDSSKiller Scan

Please download and run [You must be registered and logged in to see this link.] to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Thu Jan 10, 2013 12:41 am

HI DMJ,

I just saw a "GoogleUpdateTaskMachineUA" disabled in the Schedule tasks folder.

Should i enable this and re run Combifix first??
and post the new log?
Before running TDSSKiller??

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Thu Jan 10, 2013 2:35 am

I enabled that suspicious looking google update and restarted.

I ran combifix again here is the revised printout.

ComboFix 13-01-08.01 - Laptop User 10/01/2013 1:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.3574.2928 [GMT 0:00]
Running from: c:\documents and settings\Laptop User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-09 05:19 . 2013-01-09 05:19 -------- d-----w- c:\documents and settings\Mrs Snoozlepotts\Application Data\Malwarebytes
2012-12-13 21:41 . 2012-12-13 21:41 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:30 . 2004-08-12 13:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:30 . 2004-08-12 13:20 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2004-08-12 13:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:30 . 2004-08-12 13:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-01-28 22:49 . 2009-01-28 22:49 22260008 -c--a-w- c:\program files\SkypeSetup.exe
2012-01-12 05:34 . 2012-01-12 05:34 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-05-18 14:22 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-05-18 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-19 2042208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 19:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Laptop User^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Laptop User\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-05-26 10:03 2346192 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 18:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 16:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 16:13 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-07-25 15:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-07-25 15:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-31 12:13 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-05-18 16:25 323584 ------w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7311_Monitor]
2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 16:13 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-02 04:56 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 13:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 11:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-31 02:41 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1c99377942a6a2e"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"dopewars-server"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Cisco Packet Tracer 5.3\\bin\\PacketTracer5.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Laptop User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [27/03/2007 15:46 3456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/08/2008 14:09 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/08/2008 14:09 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/09/2008 11:05 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2008 11:05 297752]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/08/2008 17:19 108032]
S2 gupdate1c99377942a6a2e;Google Update Service (gupdate1c99377942a6a2e);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2009 16:23 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 160944]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [08/08/2008 14:23 37296]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/03/2012 11:58 20464]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/08/2004 13:30 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [28/08/2009 00:07 47360]
S4 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/03/2012 11:58 652360]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [01/02/2006 23:49 204800]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Fotofox: [You must be registered and logged in to see this link.] - %profile%\extensions\fotofox@mozilla.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GoogleTube: [You must be registered and logged in to see this link.] - %profile%\extensions\googletube@googletube.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: CSS Validator: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09} - %profile%\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
FF - Ext: EditCSS: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} - %profile%\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
FF - Ext: ImageBot: {55009080-176f-11da-8cd6-0800200c9a66} - %profile%\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Font Finder: [You must be registered and logged in to see this link.] - %profile%\extensions\fontfinder@bendodson.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-01-10 01:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1292428093-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\WININET.dll
c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-01-10 01:43:16
ComboFix-quarantined-files.txt 2013-01-10 01:43
ComboFix2.txt 2013-01-09 19:45
.
Pre-Run: 14,183,833,600 bytes free
Post-Run: 14,166,687,744 bytes free
.
- - End Of File - - 502810B7AE0F5C2E1F7C28D471C228C5

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Thu Jan 10, 2013 2:42 am

i ran TDSSKILLER

It found no threats just unsigned files!!17 in all. The Oracle and WAMP ones are ok, i use them for testing joomla sites on the local machine.

Here's the log:


02:18:57.0984 0572 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:18:58.0359 0572 ============================================================
02:18:58.0359 0572 Current date / time: 2013/01/10 02:18:58.0359
02:18:58.0359 0572 SystemInfo:
02:18:58.0359 0572
02:18:58.0359 0572 OS Version: 5.1.2600 ServicePack: 3.0
02:18:58.0359 0572 Product type: Workstation
02:18:58.0359 0572 ComputerName: DELL
02:18:58.0359 0572 UserName: Laptop User
02:18:58.0359 0572 Windows directory: C:\WINDOWS
02:18:58.0359 0572 System windows directory: C:\WINDOWS
02:18:58.0359 0572 Processor architecture: Intel x86
02:18:58.0359 0572 Number of processors: 1
02:18:58.0359 0572 Page size: 0x1000
02:18:58.0359 0572 Boot type: Normal boot
02:18:58.0359 0572 ============================================================
02:19:00.0250 0572 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:19:00.0250 0572 ============================================================
02:19:00.0250 0572 \Device\Harddisk0\DR0:
02:19:00.0250 0572 MBR partitions:
02:19:00.0250 0572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
02:19:00.0250 0572 ============================================================
02:19:00.0296 0572 C: <-> \Device\Harddisk0\DR0\Partition1
02:19:00.0296 0572 ============================================================
02:19:00.0296 0572 Initialize success
02:19:00.0296 0572 ============================================================
02:20:02.0796 2080 ============================================================
02:20:02.0796 2080 Scan started
02:20:02.0796 2080 Mode: Manual; SigCheck; TDLFS;
02:20:02.0796 2080 ============================================================
02:20:03.0109 2080 ================ Scan system memory ========================
02:20:03.0812 2080 System memory - ok
02:20:03.0828 2080 ================ Scan services =============================
02:20:03.0921 2080 Abiosdsk - ok
02:20:03.0937 2080 abp480n5 - ok
02:20:04.0000 2080 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:20:04.0250 2080 ACPI - ok
02:20:04.0265 2080 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
02:20:04.0359 2080 ACPIEC - ok
02:20:04.0421 2080 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
02:20:04.0421 2080 adfs - ok
02:20:04.0437 2080 adpu160m - ok
02:20:04.0453 2080 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:20:04.0562 2080 aec - ok
02:20:04.0609 2080 [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
02:20:04.0640 2080 AegisP - ok
02:20:04.0687 2080 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
02:20:04.0718 2080 Afc ( UnsignedFile.Multi.Generic ) - warning
02:20:04.0718 2080 Afc - detected UnsignedFile.Multi.Generic (1)
02:20:04.0781 2080 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:20:04.0812 2080 AFD - ok
02:20:04.0828 2080 Aha154x - ok
02:20:04.0828 2080 aic78u2 - ok
02:20:04.0828 2080 aic78xx - ok
02:20:04.0890 2080 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:20:04.0984 2080 Alerter - ok
02:20:05.0031 2080 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:20:05.0140 2080 ALG - ok
02:20:05.0156 2080 AliIde - ok
02:20:05.0187 2080 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
02:20:05.0234 2080 AmdK8 - ok
02:20:05.0250 2080 amsint - ok
02:20:05.0312 2080 [ 27CD212830201E918C45EC458B96E652 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
02:20:05.0328 2080 AnyDVD ( UnsignedFile.Multi.Generic ) - warning
02:20:05.0328 2080 AnyDVD - detected UnsignedFile.Multi.Generic (1)
02:20:05.0359 2080 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:20:05.0484 2080 AppMgmt - ok
02:20:05.0546 2080 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:20:05.0656 2080 Arp1394 - ok
02:20:05.0656 2080 asc - ok
02:20:05.0671 2080 asc3350p - ok
02:20:05.0671 2080 asc3550 - ok
02:20:05.0843 2080 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:20:05.0859 2080 aspnet_state - ok
02:20:05.0859 2080 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:20:05.0984 2080 AsyncMac - ok
02:20:06.0000 2080 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:20:06.0125 2080 atapi - ok
02:20:06.0125 2080 Atdisk - ok
02:20:06.0140 2080 [ 1842B56B3D3F195C36F62708D266B95E ] atiide C:\WINDOWS\system32\DRIVERS\atiide.sys
02:20:06.0187 2080 atiide - ok
02:20:06.0218 2080 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:20:06.0328 2080 Atmarpc - ok
02:20:06.0359 2080 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:20:06.0468 2080 AudioSrv - ok
02:20:06.0515 2080 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:20:06.0640 2080 audstub - ok
02:20:06.0843 2080 [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc C:\PROGRA~1\AVG\AVG8\avgemc.exe
02:20:06.0875 2080 avg8emc - ok
02:20:06.0937 2080 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
02:20:06.0968 2080 avg8wd - ok
02:20:07.0031 2080 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
02:20:07.0046 2080 AvgLdx86 - ok
02:20:07.0078 2080 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
02:20:07.0093 2080 AvgMfx86 - ok
02:20:07.0156 2080 [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
02:20:07.0156 2080 AvgTdiX - ok
02:20:07.0234 2080 [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
02:20:07.0343 2080 BCM43XX - ok
02:20:07.0375 2080 [ 6489310D11971F6BA6C7F49BE0BAF6E0 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
02:20:07.0421 2080 bcm4sbxp - ok
02:20:07.0484 2080 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:20:07.0609 2080 Beep - ok
02:20:07.0671 2080 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:20:07.0812 2080 BITS - ok
02:20:07.0859 2080 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:20:07.0875 2080 Browser - ok
02:20:07.0906 2080 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
02:20:08.0031 2080 BthEnum - ok
02:20:08.0062 2080 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
02:20:08.0187 2080 BthPan - ok
02:20:08.0250 2080 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
02:20:08.0296 2080 BTHPORT - ok
02:20:08.0359 2080 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
02:20:08.0468 2080 BthServ - ok
02:20:08.0515 2080 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
02:20:08.0625 2080 BTHUSB - ok
02:20:08.0671 2080 [ 24B6F65F80EBE0111E7807769AE3D6C0 ] btusbflt C:\WINDOWS\system32\drivers\btusbflt.sys
02:20:08.0687 2080 btusbflt - ok
02:20:08.0812 2080 catchme - ok
02:20:08.0828 2080 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:20:08.0968 2080 cbidf2k - ok
02:20:09.0015 2080 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:20:09.0125 2080 CCDECODE - ok
02:20:09.0125 2080 cd20xrnt - ok
02:20:09.0171 2080 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:20:09.0281 2080 Cdaudio - ok
02:20:09.0312 2080 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:20:09.0421 2080 Cdfs - ok
02:20:09.0437 2080 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:20:09.0562 2080 Cdrom - ok
02:20:09.0562 2080 Changer - ok
02:20:09.0609 2080 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:20:09.0703 2080 CiSvc - ok
02:20:09.0734 2080 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:20:09.0843 2080 ClipSrv - ok
02:20:09.0890 2080 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:20:09.0890 2080 clr_optimization_v2.0.50727_32 - ok
02:20:09.0906 2080 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
02:20:10.0015 2080 CmBatt - ok
02:20:10.0031 2080 CmdIde - ok
02:20:10.0062 2080 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
02:20:10.0171 2080 Compbatt - ok
02:20:10.0171 2080 COMSysApp - ok
02:20:10.0187 2080 Cpqarray - ok
02:20:10.0250 2080 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:20:10.0359 2080 CryptSvc - ok
02:20:10.0359 2080 dac2w2k - ok
02:20:10.0375 2080 dac960nt - ok
02:20:10.0437 2080 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:20:10.0531 2080 DcomLaunch - ok
02:20:10.0578 2080 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:20:10.0687 2080 Dhcp - ok
02:20:10.0718 2080 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:20:10.0828 2080 Disk - ok
02:20:10.0828 2080 dmadmin - ok
02:20:10.0890 2080 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:20:11.0000 2080 dmboot - ok
02:20:11.0046 2080 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:20:11.0156 2080 dmio - ok
02:20:11.0187 2080 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:20:11.0312 2080 dmload - ok
02:20:11.0359 2080 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:20:11.0468 2080 dmserver - ok
02:20:11.0531 2080 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:20:11.0640 2080 DMusic - ok
02:20:11.0671 2080 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:20:11.0734 2080 Dnscache - ok
02:20:11.0734 2080 dopewars-server - ok
02:20:11.0781 2080 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:20:11.0875 2080 Dot3svc - ok
02:20:11.0875 2080 dpti2o - ok
02:20:11.0906 2080 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:20:12.0031 2080 drmkaud - ok
02:20:12.0046 2080 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:20:12.0140 2080 EapHost - ok
02:20:12.0187 2080 [ C61C83501268B0110B5C5DB7E63DEE0C ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
02:20:12.0203 2080 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
02:20:12.0203 2080 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
02:20:12.0265 2080 [ 084A13F18856D610D44D3109A9D2ACDE ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
02:20:12.0281 2080 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
02:20:12.0281 2080 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
02:20:12.0328 2080 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:20:12.0437 2080 ERSvc - ok
02:20:12.0500 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:20:12.0546 2080 Eventlog - ok
02:20:12.0609 2080 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:20:12.0625 2080 EventSystem - ok
02:20:12.0718 2080 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
02:20:12.0781 2080 EvtEng ( UnsignedFile.Multi.Generic ) - warning
02:20:12.0781 2080 EvtEng - detected UnsignedFile.Multi.Generic (1)
02:20:12.0796 2080 ewusbnet - ok
02:20:12.0796 2080 ew_hwusbdev - ok
02:20:12.0859 2080 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:20:12.0968 2080 Fastfat - ok
02:20:13.0015 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:20:13.0046 2080 FastUserSwitchingCompatibility - ok
02:20:13.0062 2080 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
02:20:13.0171 2080 Fdc - ok
02:20:13.0203 2080 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:20:13.0312 2080 Fips - ok
02:20:13.0390 2080 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:20:13.0421 2080 FLEXnet Licensing Service - ok
02:20:13.0468 2080 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:20:13.0578 2080 Flpydisk - ok
02:20:13.0640 2080 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:20:13.0750 2080 FltMgr - ok
02:20:13.0859 2080 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:20:13.0859 2080 FontCache3.0.0.0 - ok
02:20:13.0875 2080 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:20:14.0000 2080 Fs_Rec - ok
02:20:14.0031 2080 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:20:14.0156 2080 Ftdisk - ok
02:20:14.0156 2080 getPlusHelper - ok
02:20:14.0203 2080 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:20:14.0296 2080 Gpc - ok
02:20:14.0453 2080 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c99377942a6a2e C:\Program Files\Google\Update\GoogleUpdate.exe
02:20:14.0468 2080 gupdate1c99377942a6a2e - ok
02:20:14.0468 2080 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
02:20:14.0484 2080 gupdatem - ok
02:20:14.0531 2080 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:20:14.0531 2080 gusvc - ok
02:20:14.0609 2080 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:20:14.0703 2080 HDAudBus - ok
02:20:14.0812 2080 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:20:14.0921 2080 helpsvc - ok
02:20:14.0984 2080 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
02:20:15.0078 2080 HidServ - ok
02:20:15.0093 2080 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:20:15.0203 2080 HidUsb - ok
02:20:15.0250 2080 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:20:15.0375 2080 hkmsvc - ok
02:20:15.0375 2080 hpn - ok
02:20:15.0390 2080 HSFHWAZL - ok
02:20:15.0390 2080 HSF_DPV - ok
02:20:15.0468 2080 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:20:15.0500 2080 HTTP - ok
02:20:15.0531 2080 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:20:15.0640 2080 HTTPFilter - ok
02:20:15.0640 2080 huawei_cdcacm - ok
02:20:15.0640 2080 huawei_cdcecm - ok
02:20:15.0656 2080 huawei_enumerator - ok
02:20:15.0656 2080 huawei_ext_ctrl - ok
02:20:15.0671 2080 hwdatacard - ok
02:20:15.0687 2080 hwusbdev - ok
02:20:15.0687 2080 hwusbfake - ok
02:20:15.0703 2080 i2omgmt - ok
02:20:15.0703 2080 i2omp - ok
02:20:15.0765 2080 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:20:15.0875 2080 i8042prt - ok
02:20:16.0140 2080 [ BFFA387180121DF1E4646C4CED3E16CA ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:20:16.0343 2080 ialm - ok
02:20:16.0406 2080 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:20:16.0421 2080 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:20:16.0421 2080 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:20:16.0593 2080 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:20:16.0625 2080 idsvc - ok
02:20:16.0640 2080 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:20:16.0765 2080 Imapi - ok
02:20:16.0828 2080 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:20:16.0937 2080 ImapiService - ok
02:20:16.0937 2080 ini910u - ok
02:20:17.0000 2080 [ EFCBDFD6DC30A30FD10065280B57C6A3 ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
02:20:17.0031 2080 IntcHdmiAddService - ok
02:20:17.0046 2080 IntelIde - ok
02:20:17.0093 2080 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:20:17.0187 2080 intelppm - ok
02:20:17.0203 2080 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:20:17.0328 2080 Ip6Fw - ok
02:20:17.0359 2080 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:20:17.0484 2080 IpFilterDriver - ok
02:20:17.0515 2080 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:20:17.0625 2080 IpInIp - ok
02:20:17.0656 2080 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:20:17.0750 2080 IpNat - ok
02:20:17.0750 2080 iPod Service - ok
02:20:17.0812 2080 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:20:17.0890 2080 IPSec - ok
02:20:17.0921 2080 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:20:18.0031 2080 IRENUM - ok
02:20:18.0062 2080 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:20:18.0156 2080 isapnp - ok
02:20:18.0312 2080 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
02:20:18.0328 2080 JavaQuickStarterService - ok
02:20:18.0359 2080 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\WINDOWS\system32\DRIVERS\k750bus.sys
02:20:18.0406 2080 k750bus - ok
02:20:18.0421 2080 [ F44521F63C0C00364FA3D59DB980DE6A ] k750mdfl C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
02:20:18.0515 2080 k750mdfl - ok
02:20:18.0531 2080 [ E93323C3ED5E8923A177740A973C27B2 ] k750mdm C:\WINDOWS\system32\DRIVERS\k750mdm.sys
02:20:18.0562 2080 k750mdm - ok
02:20:18.0593 2080 [ 9D5F5A70CA0B7C428EFCD73DB50E6AC7 ] k750mgmt C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
02:20:18.0593 2080 k750mgmt - ok
02:20:18.0609 2080 [ 81CA2D57B2C14F76F4BA80846784BB3D ] k750obex C:\WINDOWS\system32\DRIVERS\k750obex.sys
02:20:18.0640 2080 k750obex - ok
02:20:18.0671 2080 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:20:18.0765 2080 Kbdclass - ok
02:20:18.0828 2080 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:20:18.0921 2080 kbdhid - ok
02:20:18.0953 2080 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:20:19.0062 2080 kmixer - ok
02:20:19.0109 2080 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:20:19.0156 2080 KSecDD - ok
02:20:19.0203 2080 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:20:19.0250 2080 lanmanserver - ok
02:20:19.0296 2080 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:20:19.0312 2080 lanmanworkstation - ok
02:20:19.0312 2080 lbrtfdc - ok
02:20:19.0375 2080 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:20:19.0484 2080 LmHosts - ok
02:20:19.0531 2080 [ B7CA8CC3F978201856B6AB82F40953C3 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
02:20:19.0546 2080 MBAMProtector - ok
02:20:19.0640 2080 [ FA083726E6CA3FC67FAC69C1118F1F03 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
02:20:19.0671 2080 MBAMService - ok
02:20:19.0812 2080 [ 0EFEE4F2D23BA2D8B27FBA942106E0E1 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
02:20:19.0828 2080 MDM ( UnsignedFile.Multi.Generic ) - warning
02:20:19.0828 2080 MDM - detected UnsignedFile.Multi.Generic (1)
02:20:19.0843 2080 mdmxsdk - ok
02:20:19.0875 2080 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:20:20.0000 2080 Messenger - ok
02:20:20.0046 2080 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:20:20.0156 2080 mnmdd - ok
02:20:20.0187 2080 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:20:20.0281 2080 mnmsrvc - ok
02:20:20.0296 2080 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:20:20.0406 2080 Modem - ok
02:20:20.0421 2080 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:20:20.0515 2080 Mouclass - ok
02:20:20.0562 2080 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:20:20.0687 2080 mouhid - ok
02:20:20.0734 2080 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:20:20.0843 2080 MountMgr - ok
02:20:20.0859 2080 mraid35x - ok
02:20:20.0875 2080 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:20:20.0984 2080 MRxDAV - ok
02:20:21.0078 2080 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:20:21.0125 2080 MRxSmb - ok
02:20:21.0171 2080 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:20:21.0281 2080 MSDTC - ok
02:20:21.0375 2080 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:20:21.0500 2080 Msfs - ok
02:20:21.0500 2080 MSIServer - ok
02:20:21.0515 2080 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:20:21.0625 2080 MSKSSRV - ok
02:20:21.0687 2080 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:20:21.0781 2080 MSPCLOCK - ok
02:20:21.0781 2080 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:20:21.0890 2080 MSPQM - ok
02:20:21.0937 2080 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:20:22.0031 2080 mssmbios - ok
02:20:22.0078 2080 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:20:22.0187 2080 MSTEE - ok
02:20:22.0234 2080 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:20:22.0265 2080 Mup - ok
02:20:22.0281 2080 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:20:22.0375 2080 NABTSFEC - ok
02:20:22.0437 2080 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:20:22.0546 2080 napagent - ok
02:20:22.0578 2080 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:20:22.0687 2080 NDIS - ok
02:20:22.0703 2080 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:20:22.0812 2080 NdisIP - ok
02:20:22.0859 2080 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:20:22.0890 2080 NdisTapi - ok
02:20:22.0937 2080 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:20:23.0046 2080 Ndisuio - ok
02:20:23.0093 2080 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:20:23.0203 2080 NdisWan - ok
02:20:23.0250 2080 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:20:23.0281 2080 NDProxy - ok
02:20:23.0296 2080 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:20:23.0406 2080 NetBIOS - ok
02:20:23.0421 2080 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:20:23.0531 2080 NetBT - ok
02:20:23.0593 2080 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:20:23.0703 2080 NetDDE - ok
02:20:23.0718 2080 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:20:23.0812 2080 NetDDEdsdm - ok
02:20:23.0843 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:20:23.0968 2080 Netlogon - ok
02:20:24.0000 2080 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:20:24.0109 2080 Netman - ok
02:20:24.0140 2080 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:20:24.0156 2080 NetTcpPortSharing - ok
02:20:24.0296 2080 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
02:20:24.0437 2080 NETw4x32 - ok
02:20:24.0453 2080 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:20:24.0562 2080 NIC1394 - ok
02:20:24.0609 2080 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:20:24.0671 2080 Nla - ok
02:20:24.0671 2080 nosGetPlusHelper - ok
02:20:25.0031 2080 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:20:25.0125 2080 Npfs - ok
02:20:25.0171 2080 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:20:25.0281 2080 Ntfs - ok
02:20:25.0312 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:20:25.0406 2080 NtLmSsp - ok
02:20:25.0453 2080 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:20:25.0578 2080 NtmsSvc - ok
02:20:25.0609 2080 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:20:25.0734 2080 Null - ok
02:20:25.0765 2080 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:20:25.0906 2080 NwlnkFlt - ok
02:20:25.0906 2080 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:20:26.0015 2080 NwlnkFwd - ok
02:20:26.0046 2080 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:20:26.0156 2080 ohci1394 - ok
02:20:26.0218 2080 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
02:20:26.0234 2080 OMCI ( UnsignedFile.Multi.Generic ) - warning
02:20:26.0234 2080 OMCI - detected UnsignedFile.Multi.Generic (1)
02:20:26.0296 2080 OracleJobSchedulerXE - ok
02:20:26.0312 2080 OracleMTSRecoveryService - ok
02:20:26.0312 2080 OracleServiceXE - ok
02:20:26.0328 2080 OracleXEClrAgent - ok
02:20:26.0375 2080 [ 8AF936CE45788974EFFF7D0F19143583 ] OracleXETNSListener C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
02:20:26.0406 2080 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - warning
02:20:26.0406 2080 OracleXETNSListener - detected UnsignedFile.Multi.Generic (1)
02:20:26.0453 2080 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:20:26.0468 2080 ose - ok
02:20:26.0531 2080 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
02:20:26.0640 2080 Parport - ok
02:20:26.0656 2080 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:20:26.0750 2080 PartMgr - ok
02:20:26.0796 2080 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:20:26.0937 2080 ParVdm - ok
02:20:26.0953 2080 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:20:27.0062 2080 PCI - ok
02:20:27.0078 2080 PCIDump - ok
02:20:27.0093 2080 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:20:27.0218 2080 PCIIde - ok
02:20:27.0265 2080 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:20:27.0359 2080 Pcmcia - ok
02:20:27.0390 2080 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
02:20:27.0406 2080 pcouffin ( UnsignedFile.Multi.Generic ) - warning
02:20:27.0406 2080 pcouffin - detected UnsignedFile.Multi.Generic (1)
02:20:27.0406 2080 PDCOMP - ok
02:20:27.0421 2080 PDFRAME - ok
02:20:27.0421 2080 PDRELI - ok
02:20:27.0437 2080 PDRFRAME - ok
02:20:27.0437 2080 perc2 - ok
02:20:27.0453 2080 perc2hib - ok
02:20:27.0484 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:20:27.0515 2080 PlugPlay - ok
02:20:27.0531 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:20:27.0625 2080 PolicyAgent - ok
02:20:27.0671 2080 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:20:27.0765 2080 PptpMiniport - ok
02:20:27.0796 2080 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:20:27.0906 2080 Processor - ok
02:20:27.0906 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:20:28.0000 2080 ProtectedStorage - ok
02:20:28.0046 2080 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:20:28.0140 2080 PSched - ok
02:20:28.0187 2080 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:20:28.0312 2080 Ptilink - ok
02:20:28.0359 2080 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:20:28.0359 2080 PxHelp20 - ok
02:20:28.0375 2080 ql1080 - ok
02:20:28.0375 2080 Ql10wnt - ok
02:20:28.0390 2080 ql12160 - ok
02:20:28.0390 2080 ql1240 - ok
02:20:28.0406 2080 ql1280 - ok
02:20:28.0421 2080 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:20:28.0531 2080 RasAcd - ok
02:20:28.0578 2080 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:20:28.0703 2080 RasAuto - ok
02:20:28.0718 2080 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:20:28.0843 2080 Rasl2tp - ok
02:20:28.0890 2080 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:20:29.0000 2080 RasMan - ok
02:20:29.0031 2080 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:20:29.0140 2080 RasPppoe - ok
02:20:29.0171 2080 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:20:29.0296 2080 Raspti - ok
02:20:29.0312 2080 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:20:29.0406 2080 Rdbss - ok
02:20:29.0421 2080 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:20:29.0531 2080 RDPCDD - ok
02:20:29.0562 2080 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:20:29.0671 2080 rdpdr - ok
02:20:29.0718 2080 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:20:29.0750 2080 RDPWD - ok
02:20:29.0812 2080 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:20:29.0906 2080 RDSessMgr - ok
02:20:29.0953 2080 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:20:30.0062 2080 redbook - ok
02:20:30.0125 2080 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
02:20:30.0140 2080 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
02:20:30.0140 2080 RegSrvc - detected UnsignedFile.Multi.Generic (1)
02:20:30.0187 2080 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:20:30.0296 2080 RemoteAccess - ok
02:20:30.0343 2080 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:20:30.0437 2080 RemoteRegistry - ok
02:20:30.0468 2080 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
02:20:30.0562 2080 RFCOMM - ok
02:20:30.0609 2080 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
02:20:30.0640 2080 rimmptsk - ok
02:20:30.0656 2080 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
02:20:30.0687 2080 rimsptsk - ok
02:20:30.0703 2080 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
02:20:30.0750 2080 rismxdp - ok
02:20:30.0765 2080 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:20:30.0859 2080 RpcLocator - ok
02:20:30.0890 2080 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
02:20:30.0937 2080 RpcSs - ok
02:20:30.0968 2080 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:20:31.0093 2080 RSVP - ok
02:20:31.0156 2080 [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
02:20:31.0218 2080 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
02:20:31.0218 2080 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
02:20:31.0234 2080 [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
02:20:31.0250 2080 s24trans ( UnsignedFile.Multi.Generic ) - warning
02:20:31.0250 2080 s24trans - detected UnsignedFile.Multi.Generic (1)
02:20:31.0265 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:20:31.0359 2080 SamSs - ok
02:20:31.0453 2080 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:20:31.0453 2080 SASDIFSV - ok
02:20:31.0500 2080 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:20:31.0500 2080 SASKUTIL - ok
02:20:31.0562 2080 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:20:31.0671 2080 SCardSvr - ok
02:20:31.0718 2080 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:20:31.0828 2080 Schedule - ok
02:20:31.0859 2080 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
02:20:31.0968 2080 sdbus - ok
02:20:32.0000 2080 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:20:32.0093 2080 Secdrv - ok
02:20:32.0125 2080 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:20:32.0234 2080 seclogon - ok
02:20:32.0265 2080 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:20:32.0375 2080 SENS - ok
02:20:32.0390 2080 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
02:20:32.0500 2080 Serial - ok
02:20:32.0531 2080 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
02:20:32.0625 2080 sffdisk - ok
02:20:32.0625 2080 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
02:20:32.0718 2080 sffp_sd - ok
02:20:32.0734 2080 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:20:32.0843 2080 Sfloppy - ok
02:20:32.0906 2080 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:20:33.0062 2080 SharedAccess - ok
02:20:33.0078 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:20:33.0093 2080 ShellHWDetection - ok
02:20:33.0109 2080 Simbad - ok
02:20:33.0203 2080 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:20:33.0218 2080 SkypeUpdate - ok
02:20:33.0234 2080 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:20:33.0343 2080 SLIP - ok
02:20:33.0343 2080 Sparrow - ok
02:20:33.0390 2080 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:20:33.0500 2080 splitter - ok
02:20:33.0546 2080 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:20:33.0578 2080 Spooler - ok
02:20:33.0593 2080 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:20:33.0703 2080 sr - ok
02:20:33.0765 2080 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:20:33.0859 2080 srservice - ok
02:20:33.0906 2080 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:20:33.0953 2080 Srv - ok
02:20:34.0000 2080 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:20:34.0125 2080 SSDPSRV - ok
02:20:34.0171 2080 [ 686FA4ACFDCB4E16B7F0230B88F6D17E ] STacSV C:\WINDOWS\system32\STacSV.exe
02:20:34.0187 2080 STacSV ( UnsignedFile.Multi.Generic ) - warning
02:20:34.0187 2080 STacSV - detected UnsignedFile.Multi.Generic (1)
02:20:34.0281 2080 [ 31BA85E1CFF39A57F702A2A0877BB8E1 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
02:20:34.0375 2080 STHDA - ok
02:20:34.0437 2080 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:20:34.0546 2080 stisvc - ok
02:20:34.0609 2080 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:20:34.0703 2080 streamip - ok
02:20:34.0718 2080 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:20:34.0828 2080 swenum - ok
02:20:34.0859 2080 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:20:34.0953 2080 swmidi - ok
02:20:34.0968 2080 SwPrv - ok
02:20:34.0968 2080 symc810 - ok
02:20:34.0984 2080 symc8xx - ok
02:20:34.0984 2080 sym_hi - ok
02:20:35.0000 2080 sym_u3 - ok
02:20:35.0031 2080 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:20:35.0140 2080 sysaudio - ok
02:20:35.0187 2080 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:20:35.0296 2080 SysmonLog - ok
02:20:35.0359 2080 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:20:35.0468 2080 TapiSrv - ok
02:20:35.0531 2080 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:20:35.0562 2080 Tcpip - ok
02:20:35.0593 2080 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:20:35.0703 2080 TDPIPE - ok
02:20:35.0734 2080 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:20:35.0859 2080 TDTCP - ok
02:20:35.0875 2080 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:20:35.0984 2080 TermDD - ok
02:20:36.0046 2080 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:20:36.0171 2080 TermService - ok
02:20:36.0203 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:20:36.0218 2080 Themes - ok
02:20:36.0265 2080 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:20:36.0375 2080 TlntSvr - ok
02:20:36.0375 2080 TosIde - ok
02:20:36.0406 2080 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:20:36.0515 2080 TrkWks - ok
02:20:36.0578 2080 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:20:36.0687 2080 Udfs - ok
02:20:36.0687 2080 UIUSys - ok
02:20:36.0703 2080 ultra - ok
02:20:36.0765 2080 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:20:36.0875 2080 Update - ok
02:20:36.0937 2080 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:20:37.0031 2080 upnphost - ok
02:20:37.0062 2080 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:20:37.0171 2080 UPS - ok
02:20:37.0187 2080 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:20:37.0281 2080 usbaudio - ok
02:20:37.0343 2080 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:20:37.0453 2080 usbccgp - ok
02:20:37.0515 2080 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:20:37.0609 2080 usbehci - ok
02:20:37.0640 2080 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:20:37.0734 2080 usbhub - ok
02:20:37.0750 2080 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:20:37.0875 2080 usbohci - ok
02:20:37.0906 2080 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:20:38.0015 2080 usbscan - ok
02:20:38.0031 2080 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:20:38.0125 2080 USBSTOR - ok
02:20:38.0156 2080 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:20:38.0265 2080 usbuhci - ok
02:20:38.0312 2080 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:20:38.0406 2080 VgaSave - ok
02:20:38.0406 2080 ViaIde - ok
02:20:38.0546 2080 [ B5BA71EADEED0773D2E0978F962E1BF3 ] Visual Studio Analyzer RPC bridge C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
02:20:38.0546 2080 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - warning
02:20:38.0546 2080 Visual Studio Analyzer RPC bridge - detected UnsignedFile.Multi.Generic (1)
02:20:38.0562 2080 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:20:38.0671 2080 VolSnap - ok
02:20:38.0750 2080 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:20:38.0843 2080 VSS - ok
02:20:38.0875 2080 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:20:38.0984 2080 W32Time - ok
02:20:39.0109 2080 [ 375640F39F2D613B6FDCF8C2F956205A ] wampapache c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
02:20:39.0125 2080 wampapache ( UnsignedFile.Multi.Generic ) - warning
02:20:39.0125 2080 wampapache - detected UnsignedFile.Multi.Generic (1)
02:20:39.0218 2080 wampmysqld - ok
02:20:39.0281 2080 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:20:39.0390 2080 Wanarp - ok
02:20:39.0453 2080 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
02:20:39.0468 2080 Wdf01000 - ok
02:20:39.0484 2080 WDICA - ok
02:20:39.0500 2080 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:20:39.0609 2080 wdmaud - ok
02:20:39.0656 2080 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:20:39.0765 2080 WebClient - ok
02:20:39.0765 2080 winachsf - ok
02:20:39.0890 2080 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:20:39.0984 2080 winmgmt - ok
02:20:40.0062 2080 [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
02:20:40.0062 2080 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
02:20:40.0062 2080 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
02:20:40.0078 2080 wltrysvc - ok
02:20:40.0125 2080 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
02:20:40.0218 2080 WmdmPmSN - ok
02:20:40.0296 2080 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:20:40.0390 2080 Wmi - ok
02:20:40.0406 2080 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:20:40.0500 2080 WmiAcpi - ok
02:20:40.0562 2080 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:20:40.0671 2080 WmiApSrv - ok
02:20:40.0718 2080 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:20:40.0843 2080 WS2IFSL - ok
02:20:40.0890 2080 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:20:41.0000 2080 wscsvc - ok
02:20:41.0046 2080 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:20:41.0156 2080 WSTCODEC - ok
02:20:41.0187 2080 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:20:41.0296 2080 wuauserv - ok
02:20:41.0375 2080 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:20:41.0515 2080 WZCSVC - ok
02:20:41.0546 2080 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:20:41.0656 2080 xmlprov - ok
02:20:41.0718 2080 [ 67331FD053F97A874A60374BE6B59523 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
02:20:41.0781 2080 yukonwxp - ok
02:20:41.0812 2080 ================ Scan global ===============================
02:20:41.0859 2080 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:20:41.0906 2080 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:20:41.0921 2080 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:20:41.0937 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:20:41.0953 2080 [Global] - ok
02:20:41.0953 2080 ================ Scan MBR ==================================
02:20:41.0968 2080 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
02:20:42.0281 2080 \Device\Harddisk0\DR0 - ok
02:20:42.0281 2080 ================ Scan VBR ==================================
02:20:42.0296 2080 [ 865CFA960AB9BB6DD6DFB33139E77B8E ] \Device\Harddisk0\DR0\Partition1
02:20:42.0296 2080 \Device\Harddisk0\DR0\Partition1 - ok
02:20:42.0296 2080 ============================================================
02:20:42.0296 2080 Scan finished
02:20:42.0296 2080 ============================================================
02:20:42.0406 0268 Detected object count: 17
02:20:42.0406 0268 Actual detected object count: 17
02:27:53.0687 0268 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0687 0268 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0687 0268 AnyDVD ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0687 0268 AnyDVD ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0687 0268 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0687 0268 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0687 0268 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0687 0268 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0687 0268 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0687 0268 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0687 0268 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0687 0268 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 wampapache ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 wampapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:27:53.0703 0268 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
02:27:53.0703 0268 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by Dr Jay on Thu Jan 10, 2013 9:35 am

Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.



RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan




  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.




  • The report has been created on the desktop.


  • Next click on the ShortcutsFix


  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Thu Jan 10, 2013 5:58 pm

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laptop User [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/10/2013 17:57:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 6 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 381 / Fail 0
Start menu: Success 4 / Fail 0
User folder: Success 83 / Fail 0
My documents: Success 261 / Fail 261
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 123 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_01102013_02d1757.txt >>
RKreport[1]_S_01102013_02d1746.txt ; RKreport[2]_D_01102013_02d1753.txt ; RKreport[3]_SC_01102013_02d1757.txt



robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Thu Jan 10, 2013 6:06 pm

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laptop User [Admin rights]
Mode : Scan -- Date : 01/10/2013 17:46:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (C:\Documents and Settings\Laptop User\Desktop\mbar\mbar\mbar.exe /cleanup /s) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA739FC4C)
SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA739FD3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8046GSX +++++
--- User ---
[MBR] 97df5cbf9b1e0e38646592f4a39a3fab
[BSP] e31b0ec4f270de7c9c2689a6b9f263e8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01102013_02d1746.txt >>
RKreport[1]_S_01102013_02d1746.txt



robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Thu Jan 10, 2013 6:07 pm

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laptop User [Admin rights]
Mode : Remove -- Date : 01/10/2013 17:53:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (C:\Documents and Settings\Laptop User\Desktop\mbar\mbar\mbar.exe /cleanup /s) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA739FC4C)
SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA739FD3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8046GSX +++++
--- User ---
[MBR] 97df5cbf9b1e0e38646592f4a39a3fab
[BSP] e31b0ec4f270de7c9c2689a6b9f263e8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01102013_02d1753.txt >>
RKreport[1]_S_01102013_02d1746.txt ; RKreport[2]_D_01102013_02d1753.txt



robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Thu Jan 10, 2013 6:08 pm

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laptop User [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/10/2013 17:57:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 6 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 381 / Fail 0
Start menu: Success 4 / Fail 0
User folder: Success 83 / Fail 0
My documents: Success 261 / Fail 261
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 123 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_01102013_02d1757.txt >>
RKreport[1]_S_01102013_02d1746.txt ; RKreport[2]_D_01102013_02d1753.txt ; RKreport[3]_SC_01102013_02d1757.txt



robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by Dr Jay on Fri Jan 11, 2013 1:23 am

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

eset online scan output

Post by robotkilla101010 on Fri Jan 11, 2013 11:43 am

C:\Documents and Settings\Laptop User\My Documents\Downloads\cnet_SolarWinds-TFTP-Server_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DC44A0AE-E396-4AE3-BC35-2B6D1D69B9F4}\RP1002\A0227518.exe NSIS/TrojanDownloader.Agent.NLH trojan cleaned by deleting - quarantined

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Fri Jan 11, 2013 12:41 pm

i have just finished the eset online scan deleted and restarted.

the firewall is on.
here is netstat -ano output.
why are so many ports open on the loopback address??

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 996
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 3080
TCP 127.0.0.1:1276 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1277 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1292 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1296 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1298 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1300 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1302 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1303 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1304 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1305 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1318 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1320 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1326 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1328 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1330 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1332 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1334 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1336 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1338 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1348 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1350 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1352 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1360 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1362 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1364 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1396 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1420 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1454 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1458 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1460 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1499 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1511 127.0.0.1:10080 CLOSE_WAIT 3488
TCP 127.0.0.1:1522 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1552 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1558 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1644 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1649 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1650 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1690 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1692 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:10080 0.0.0.0:0 LISTENING 640
TCP 127.0.0.1:10080 127.0.0.1:1276 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1277 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1292 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1296 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1310 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1312 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1314 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1316 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1318 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1320 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1326 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1328 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1330 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1332 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1334 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1336 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1338 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1340 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1346 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1348 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1350 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1352 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1353 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1354 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1360 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1362 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1364 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1372 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1374 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1378 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1380 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1381 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1382 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1390 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1391 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1394 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1396 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1414 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1418 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1420 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1432 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1434 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1440 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1446 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1454 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1458 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1460 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1470 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1472 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1485 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1501 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1504 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1508 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1510 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1511 FIN_WAIT_2 640
TCP 127.0.0.1:10080 127.0.0.1:1513 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1515 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1520 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1522 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1524 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1535 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1552 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1555 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1556 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1557 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1558 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1563 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1566 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1569 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1570 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1573 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1575 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1576 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1577 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1578 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1579 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1580 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1587 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1588 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1593 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1594 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1597 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1603 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1605 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1607 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1609 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1617 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1618 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1623 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1626 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1629 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1644 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1646 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1648 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1649 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1655 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1656 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1657 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1658 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1659 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1667 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1672 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1673 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1674 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1678 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1680 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1692 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1694 TIME_WAIT 0
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING 2064
TCP 127.0.0.1:13128 0.0.0.0:0 LISTENING 640
TCP 127.0.0.1:18080 0.0.0.0:0 LISTENING 640
TCP 192.168.1.2:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.2:1281 173.194.78.94:80 ESTABLISHED 640
TCP 192.168.1.2:1286 173.194.78.94:80 ESTABLISHED 640
TCP 192.168.1.2:1293 173.194.41.191:80 ESTABLISHED 640
TCP 192.168.1.2:1297 173.194.41.151:80 ESTABLISHED 640
TCP 192.168.1.2:1299 173.194.41.151:80 TIME_WAIT 0
TCP 192.168.1.2:1301 173.194.41.143:80 TIME_WAIT 0
TCP 192.168.1.2:1306 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1307 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1308 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1309 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1319 173.194.41.136:80 ESTABLISHED 640
TCP 192.168.1.2:1321 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1327 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1329 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1331 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1333 23.14.136.74:80 ESTABLISHED 640
TCP 192.168.1.2:1335 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1337 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1339 173.194.41.154:80 ESTABLISHED 640
TCP 192.168.1.2:1349 173.194.41.155:80 ESTABLISHED 640
TCP 192.168.1.2:1351 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1355 173.194.41.156:80 ESTABLISHED 640
TCP 192.168.1.2:1361 173.194.41.155:80 ESTABLISHED 640
TCP 192.168.1.2:1363 23.14.87.231:80 ESTABLISHED 640
TCP 192.168.1.2:1365 173.194.41.141:80 ESTABLISHED 640
TCP 192.168.1.2:1397 23.14.136.74:80 ESTABLISHED 640
TCP 192.168.1.2:1421 173.194.41.141:80 ESTABLISHED 640
TCP 192.168.1.2:1457 173.194.41.155:80 ESTABLISHED 640
TCP 192.168.1.2:1459 69.25.24.26:80 ESTABLISHED 640
TCP 192.168.1.2:1461 31.186.225.24:80 ESTABLISHED 640
TCP 192.168.1.2:1500 173.194.41.155:80 TIME_WAIT 0
TCP 192.168.1.2:1512 64.191.216.116:80 CLOSE_WAIT 640
TCP 192.168.1.2:1523 64.191.216.116:80 ESTABLISHED 640
TCP 192.168.1.2:1550 199.7.55.190:80 TIME_WAIT 0
TCP 192.168.1.2:1553 173.194.78.106:80 ESTABLISHED 640
TCP 192.168.1.2:1554 173.194.41.154:443 ESTABLISHED 3488
TCP 192.168.1.2:1561 173.194.78.95:80 ESTABLISHED 640
TCP 192.168.1.2:1645 80.150.193.66:80 ESTABLISHED 640
TCP 192.168.1.2:1652 74.217.78.146:80 ESTABLISHED 640
TCP 192.168.1.2:1653 74.217.78.146:80 TIME_WAIT 0
TCP 192.168.1.2:1691 217.72.250.66:80 TIME_WAIT 0
TCP 192.168.1.2:1693 173.194.41.100:80 ESTABLISHED 640
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 760
UDP 0.0.0.0:4500 *:* 760
UDP 127.0.0.1:123 *:* 1092
UDP 127.0.0.1:1900 *:* 1396
UDP 192.168.1.2:123 *:* 1092
UDP 192.168.1.2:137 *:* 4
UDP 192.168.1.2:138 *:* 4
UDP 192.168.1.2:1900 *:* 1396

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Fri Jan 11, 2013 1:37 pm

Wont install MS update KB2742597
Still looks like a lot of packets being transferred. 11,000 sent 12,000 received, in a short period of time.
i ran tcpview.exe but it looks ok

to remove the Qoobox from malware bytes, just uninstall? this programme isn't on my add / remove programmes list!!! is there another way?

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Fri Jan 11, 2013 3:35 pm

new combofix out put


ComboFix 13-01-08.01 - Laptop User 11/01/2013 14:35:46.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.3574.2888 [GMT 0:00]
Running from: c:\documents and settings\Laptop User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 13:31 . 2013-01-11 13:31 -------- d-----w- c:\windows\LastGood
2013-01-10 17:17 . 2013-01-10 17:17 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-01-10 02:56 . 2013-01-10 02:56 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\PCHealth
2013-01-09 05:19 . 2013-01-09 05:19 -------- d-----w- c:\documents and settings\Mrs Snoozlepotts\Application Data\Malwarebytes
2012-12-13 21:41 . 2012-12-13 21:41 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2009-08-19 16:07 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:30 . 2004-08-12 13:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:30 . 2004-08-12 13:20 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2004-08-12 13:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:30 . 2004-08-12 13:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-01-28 22:49 . 2009-01-28 22:49 22260008 -c--a-w- c:\program files\SkypeSetup.exe
2012-01-12 05:34 . 2012-01-12 05:34 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-05-18 14:22 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-05-18 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-19 2042208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 19:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Laptop User^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Laptop User\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-05-26 10:03 2346192 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 18:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 16:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 16:13 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-07-25 15:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-07-25 15:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-31 12:13 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-05-18 16:25 323584 ------w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7311_Monitor]
2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 16:13 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-02 04:56 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 13:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 11:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-31 02:41 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1c99377942a6a2e"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"dopewars-server"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Cisco Packet Tracer 5.3\\bin\\PacketTracer5.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Laptop User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [27/03/2007 15:46 3456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/08/2008 14:09 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/08/2008 14:09 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/09/2008 11:05 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2008 11:05 297752]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/08/2008 17:19 108032]
S2 gupdate1c99377942a6a2e;Google Update Service (gupdate1c99377942a6a2e);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2009 16:23 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 160944]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [08/08/2008 14:23 37296]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/01/2013 17:17 35144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/03/2012 11:58 20464]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/08/2004 13:30 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [28/08/2009 00:07 47360]
S4 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/03/2012 11:58 652360]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [01/02/2006 23:49 204800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Fotofox: [You must be registered and logged in to see this link.] - %profile%\extensions\fotofox@mozilla.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GoogleTube: [You must be registered and logged in to see this link.] - %profile%\extensions\googletube@googletube.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: CSS Validator: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09} - %profile%\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
FF - Ext: EditCSS: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} - %profile%\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
FF - Ext: ImageBot: {55009080-176f-11da-8cd6-0800200c9a66} - %profile%\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Font Finder: [You must be registered and logged in to see this link.] - %profile%\extensions\fontfinder@bendodson.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-01-11 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1292428093-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-01-11 14:40:39
ComboFix-quarantined-files.txt 2013-01-11 14:40
ComboFix2.txt 2013-01-11 14:30
ComboFix3.txt 2013-01-11 12:15
ComboFix4.txt 2013-01-11 02:48
ComboFix5.txt 2013-01-11 14:34
.
Pre-Run: 13,177,348,096 bytes free
Post-Run: 13,164,163,072 bytes free
.
- - End Of File - - 181A50F9C8C6B4E74F57E7EFCC06F4D0

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by Dr Jay on Fri Jan 11, 2013 4:54 pm

Closer look:

OTL Quick Scan

Please download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Sat Jan 12, 2013 12:32 am

OTL logfile created on: 12/01/2013 00:16:32 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Laptop User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 82.50% Memory free
6.82 Gb Paging File | 6.14 Gb Available in Paging File | 89.95% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 12.18 Gb Free Space | 16.34% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Laptop User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/12 00:15:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laptop User\My Documents\Downloads\OTL.exe
PRC - [2011/10/19 11:22:52 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/21 19:48:18 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/21 19:48:18 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/21 19:48:15 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/21 19:48:14 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/21 19:48:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe


========== Modules (No Company Name) ==========

MOD - [2007/10/09 18:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/07/25 15:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/01 23:43:28 | 000,006,144 | ---- | M] () -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\orajox10.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\dopewars-1.5.12\dopewars.exe -- (dopewars-server)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/01/31 12:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/08/21 19:48:14 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/21 19:48:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/16 12:29:28 | 006,562,432 | ---- | M] () [Disabled | Stopped] -- c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/03/06 12:26:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2007/02/19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/02/01 23:51:06 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/01 23:49:14 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/01 23:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/01 23:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [1998/06/05 23:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LAPTOP~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/01/10 17:17:03 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/12/10 14:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 02:10:04 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2010/05/07 02:10:04 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2010/05/07 02:10:04 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2010/05/07 02:10:04 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2010/05/07 02:10:02 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/21 19:48:18 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 19:48:18 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/09 10:26:19 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/10/09 18:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/17 09:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/08 07:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/19 13:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/06 09:40:36 | 000,108,032 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2006/10/20 13:34:16 | 000,037,296 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2006/09/13 17:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2006/08/17 07:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/24 22:04:05 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005/05/03 15:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.] "
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.6.2.1
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}:0.3.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.2
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8
FF - prefs.js..extensions.enabledItems: {55009080-176f-11da-8cd6-0800200c9a66}:4.2.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 18:51:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/31 02:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 22:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/29 20:49:25 | 000,000,000 | ---D | M]

[2009/01/11 23:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Extensions
[2013/01/06 23:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions
[2010/04/04 01:33:29 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/05/28 00:16:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/07 13:28:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/08/25 13:03:49 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2011/09/19 15:36:22 | 000,000,000 | ---D | M] (View Source In Dreamweaver) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{432b7585-862d-4384-9340-b66a5e426dca}
[2010/04/04 01:33:26 | 000,000,000 | ---D | M] (ImageBot) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2011/09/19 15:36:25 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/05/23 01:32:29 | 000,000,000 | ---D | M] ("lori (Life-of-request info)") -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
[2011/09/19 15:36:22 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/05/23 01:32:35 | 000,000,000 | ---D | M] (CSSViewer) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{8be51513-0433-45c1-9203-7b45019df871}
[2011/06/05 22:36:50 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/05/23 01:32:30 | 000,000,000 | ---D | M] (EditCSS) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
[2011/08/25 13:03:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/04 01:33:21 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2011/01/11 16:33:13 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/23 01:32:35 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2011/09/19 15:36:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/11 16:33:11 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/04 01:33:17 | 000,000,000 | ---D | M] (Font Finder) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\fontfinder@bendodson.com
[2011/06/05 22:36:53 | 000,000,000 | ---D | M] (Fotofox) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\fotofox@mozilla.com
[2010/04/04 01:33:29 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\googletube@googletube.com
[2010/04/22 03:52:55 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\ststusscicalc@sunny
[2009/06/08 00:06:18 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\searchplugins\bing.xml
[2012/12/14 02:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 13:23:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 02:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:16:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/01/12 05:34:08 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2012/01/12 05:34:14 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/09/10 00:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2011/03/22 02:48:40 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/22 02:48:40 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/22 02:48:41 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/22 02:48:41 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: MeasureIt! = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Web Developer = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4_0\
CHR - Extension: WOT = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: Rulers, Guides, Eye Dropper and Color Picker = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjpngjgkahhflejneemihpbnfdoafoeh\1.1_0\
CHR - Extension: Network and Internet tools = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji\1.65_0\
CHR - Extension: *Ultimate Football Results* = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj\1.6.72_0\
CHR - Extension: Abstract Green Nebula = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmiakbfojdnbagbidpdhfdfdmdefphkm\1.0_0\

O1 HOSTS File: ([2013/01/09 19:43:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E035440-8BCC-4F6C-A796-5869DFEFBC95}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0110438-7CE7-4023-AEB7-688A3E0C059A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/27 15:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 15:48:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Laptop User\Recent
[2013/01/11 15:48:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/11 14:40:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/10 19:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\My Documents\tcpview
[2013/01/10 17:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\RK_Quarantine
[2013/01/10 17:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\mbar
[2013/01/10 02:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Local Settings\Application Data\PCHealth
[2013/01/09 19:36:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/09 19:33:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/09 19:33:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/09 19:33:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/09 19:33:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/08 16:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\boat
[2012/12/13 21:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/12/13 21:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/08/28 00:07:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.sys
[2009/01/28 22:49:30 | 022,260,008 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/01/11 23:55:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 23:55:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/11 23:52:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/11 18:51:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/11 09:37:57 | 063,502,340 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2013/01/11 02:22:54 | 000,000,185 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2013/01/11 00:06:30 | 000,444,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/11 00:06:30 | 000,072,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 17:17:03 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/09 19:43:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/09 19:36:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/12/21 03:37:56 | 002,371,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/17 04:47:09 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/13 21:41:41 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013/01/10 17:17:03 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/09 19:36:34 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2013/01/09 19:36:29 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2013/01/09 19:33:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/09 19:33:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/09 19:33:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/09 19:33:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/09 19:33:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/26 18:05:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/26 05:02:55 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Laptop User\.packettracer
[2009/08/28 00:07:39 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.cat
[2009/08/28 00:07:39 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.inf
[2008/11/11 18:35:38 | 000,037,762 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\Comma Separated Values (Windows).ADR
[2008/09/29 01:04:23 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\LangueLaptop User.ini
[2008/09/19 01:41:15 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\WavCodec.wff
[2008/09/17 00:28:30 | 000,233,984 | ---- | C] () -- C:\Documents and Settings\Laptop User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/27 16:00:06 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Laptop User\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2007/03/27 15:56:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by Dr Jay on Sat Jan 12, 2013 6:14 pm

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    [2010/05/19 13:23:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/27 02:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/26 21:16:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)



ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Wed Jan 16, 2013 11:22 pm

i have copied the otl output file but it wont paste !!!
Cntrl v = ’žA !!!

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

Re: hijacked??

Post by robotkilla101010 on Wed Jan 16, 2013 11:57 pm

I cannot run the ESET online scan. or run Combofix, Tigzy etc!!

windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them

robotkilla101010
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2013-01-09
OS : xp

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum