site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > [Malware] Starburn software problem -Virus/malware?

Search Topic:
 Uniqs:
5880		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
page: 1 · 2 · 3
AuthorAll Replies


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

reply to lilhurricane

Re: [Malware] Starburn software problem -Virus/malware?

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- -- (tclondrv)
DRV - File not found [Kernel | Boot | Stopped] -- -- (szkg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/10/31 12:13:10 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/10/10 14:00:08 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/10/10 14:00:04 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/10/02 11:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/21 17:16:36 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2012/08/29 17:24:08 | 000,161,312 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/03/07 13:31:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2012/03/07 13:31:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2012/03/07 13:31:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2012/03/07 13:31:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2012/03/07 13:31:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2012/01/05 00:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/11/14 19:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/02/18 07:57:18 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TucbAudio.sys -- (TucbAudio)
DRV - [2010/02/16 11:44:26 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/05/22 14:06:01 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/10/03 14:06:38 | 000,022,656 | R--- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt.sys -- (camfilt)
DRV - [2006/09/29 10:12:00 | 000,274,816 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BLvid.sys -- (APL531)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »home.sweetim.com/?crg=3.1010000.···606FC20}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···m=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2012-12-07 23:19:02 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 10:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 10:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/01 19:09:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/12/01 19:08:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com: C:\DOCUME~1\annas\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] ()

[2012/07/09 09:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\annas\Application Data\Mozilla\Extensions
[2010/08/26 19:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\annas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/09 09:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\annas\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2012/12/05 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/01 21:58:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/12/05 10:35:26 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 17:35:28 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/11/20 07:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/24 17:07:33 | 000,002,261 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Custom search.xml
[2012/11/20 07:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/06 17:41:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\annas\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk = C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk = C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
O4 - Startup: C:\Documents and Settings\annas\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\annas\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} »eic.lgservice.com/DjvuViewer/DjV···.1.4.cab (DjVuCtl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} »cdn.scan.onecare.live.com/resour···5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} »update.microsoft.com/windowsupda···rols/en/
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2012-12-07 23:19:28 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

x86/client/wuweb_site.cab?1144743462484 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C338859-52A3-49F6-AED7-DBFF78ABE174}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C338859-52A3-49F6-AED7-DBFF78ABE174}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE60E668-8D91-4FCF-A5B3-C0421F29144F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\annas\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\annas\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/14 11:31:11 | 000,000,030 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/12/07 16:34:22 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /k:E *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/12/06 17:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/12/06 17:19:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/12/06 17:19:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/12/06 17:19:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/12/06 17:19:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/12/06 17:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\Windows Search
[2012/12/06 17:17:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/06 16:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/12/06 15:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/12/06 15:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\Windows Desktop Search
[2012/12/06 15:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/12/06 15:24:05 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2012/12/06 15:24:05 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2012/12/06 15:24:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2012/12/05 13:08:24 | 076,987,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msert.exe
[2012/12/05 10:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/03 14:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2012/12/02 18:21:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2012/12/02 17:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Desktop\Old Firefox Data-2
[2012/12/02 17:44:29 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys
[2012/12/02 17:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2013
[2012/12/02 17:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/12/02 17:10:22 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\capicom.dll
[2012/12/02 17:10:22 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2012/12/02 17:10:08 | 000,622,616 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012/12/02 17:10:08 | 000,481,464 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012/12/02 16:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\Bitdefender
[2012/12/02 16:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/12/02 16:40:27 | 000,161,312 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
[2012/12/02 16:40:26 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2012/12/02 16:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/12/02 16:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/12/01 19:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Desktop\Old Firefox Data-1
[2012/12/01 19:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/11/29 18:09:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/27 10:14:40 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\annas\Desktop\tdsskiller.exe
[2012/11/26 18:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/26 17:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Desktop\Virus nov2012
[2012/11/26 17:40:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\annas\Desktop\OTL.exe
[2012/11/26 14:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/26 14:24:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/26 13:52:17 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\annas\Desktop\TFC.exe
[2012/11/26 10:46:22 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/11/26 10:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\ParetoLogic
[2012/11/26 10:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/11/25 23:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Local Settings\Application Data\FixItCenter
[2012/11/25 23:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/11/25 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/11/25 23:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/11/25 23:09:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/11/25 22:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\DriverCure
[2012/11/25 22:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\PC Utility Kit
[2012/11/25 22:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Start Menu\Programs\PC Utility Kit
[2012/11/25 22:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Utility Kit
[2012/11/25 22:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC Utility Kit
[2012/11/25 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/11/25 22:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\QuickScan
[2012/11/25 18:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/25 18:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/25 12:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Desktop\Old Firefox Data
[2012/11/24 20:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Local Settings\Application Data\PCHealth
[2012/11/24 20:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Start Menu\Programs\HomePlayer
[2012/11/24 20:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\HomePlayer
[2012/11/24 20:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2
[2012/11/24 17:40:42 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/11/23 23:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Local Settings\Application Data\uTorrentControl_v2
[2012/11/23 14:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\annas\Application Data\Malwarebytes
[2012/11/23 14:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/23 14:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/15 19:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\HomePlayer(2)

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/12/07 18:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/12/07 17:30:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/07 15:14:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/12/07 13:40:58 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/07 13:40:58 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/07 10:03:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-459166176-3624373595-3541044804-1006.job
[2012/12/07 10:03:15 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/12/07 10:03:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/07 09:09:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/06 17:41:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/06 17:22:16 | 000,000,353 | RHS- | M] () -- C:\boot.ini
[2012/12/06 15:27:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/06 15:27:54 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/12/06 15:27:39 | 000,575,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/06 15:27:39 | 000,118,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2012-12-07 23:19:54 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

[2012/11/30 20:26:35 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/26 18:24:11 | 000,001,623 | ---- | C] () -- C:\scu.dat
[2012/11/26 17:57:45 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\annas\Desktop\SecurityCheck.exe
[2012/11/26 14:25:07 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/25 23:14:40 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/11/25 23:14:39 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/11/25 23:11:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/11/25 23:11:00 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/11/25 22:36:36 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/11/25 22:36:19 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\annas\Desktop\PC Utility Kit.lnk
[2012/11/25 22:36:18 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/11/25 22:36:16 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/11/24 17:05:29 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/11/23 23:35:38 | 000,000,434 | ---- | C] () -- C:\Documents and Settings\annas\Desktop\Shortcut to Problems Nov 2012.lnk
[2012/10/26 16:38:26 | 094,065,368 | R--- | C] () -- C:\Documents and Settings\annas\firmware_archos_android_gen8.aos
[2012/10/16 08:19:46 | 000,023,145 | ---- | C] () -- C:\Documents and Settings\annas\config.cfg
[2012/10/13 17:10:25 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012/09/27 17:40:26 | 000,046,060 | ---- | C] () -- C:\Documents and Settings\annas\A Youtube Downloader Free.xpi
[2012/07/09 09:08:19 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\DriverCoInstaller.dll
[2012/07/09 09:08:05 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2012/02/14 22:15:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/30 16:36:29 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\annas\.recently-used.xbel
[2010/12/27 17:45:33 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\annas\.ufrawrc
[2010/02/17 15:24:53 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\annas\Local Settings\Application Data\PUTTY.RND
[2008/11/18 17:34:06 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\annas\Application Data\burnaware.ini
[2007/03/24 21:17:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/11 23:16:15 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\annas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/11 08:55:40 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\annas\Local Settings\Application Data\fusioncache.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2005/08/16 04:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 09:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2008/08/19 02:11:54 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ý??????????) -- C:\WINDOWS\System32\ᅵý粐۰粑￿￿۫粑퀣睏
[2008/08/19 02:11:54 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ý??????????) -- C:\WINDOWS\System32\ᅵý粐۰粑￿￿۫粑퀣睏

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2012-12-07 23:20:26 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to Carcassonne
Time to stop chasing rainbows. There is some underlying instability and possible corruption of Windows itself and the best course of action is to reformat and start over.

Back up all your important data first!

This is not an easy decision but the continuing issues and new problems warrant it. In the OTL mian log, Modules section, there is a constant presence of dll files in a temp folder. That is not normal. TDSS killer did not report on them which was surprising since they are normal indicative of a TDL infection.

Later in the process, Combofix removed them all, but they reappeared on the next run of OTL. None of the porgrams we ran detected rootkits.

This whole problem is baffling, but my main goal is remove exploits and leave you with a stable operating system. Since that is seem to no longer be possible, I'm left with reformat as the only option.

Thanks for all your cooperation....
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-12-08 10:40:36 ·

Carcassonne

join:2012-11-26
11000
1 edit


I will get on with backing up my data.

to forum · permalink · 2012-12-08 11:22:14 ·

Carcassonne

join:2012-11-26
11000

reply to LoPhatPhuud
All done - been a bit of a hair puller managed to mess up my mail but hey..
Thank you thankyou thank you for all your patient help.
Have a great Christmas!
Will give a donation!

to forum · permalink · 2012-12-12 13:33:18 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to Carcassonne
Glad to hear you have it up and running.

to forum · permalink · 2012-12-12 17:50:19 ·
Forums > Broadband Tech > Security > Security Cleanup
page: 1 · 2 · 3

Tuesday, 09-Apr 00:34:58 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics