D COM Server NT Authority System problem

Started by jemellin, January 09, 2014, 04:04:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 ... 3 4 5
User actions

jemellin

#60
January 16, 2014, 08:01:36 PM
ComboFix 14-01-16.03 - USER 01/16/2014  13:50:53.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2138 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_100_percent.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_child.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_frame_helper.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_frame_helper.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_launcher.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_touch_100_percent.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\d3dcompiler_43.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\d3dcompiler_46.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\docs.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\drive.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\external_extensions.json
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\gmail.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\search.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\youtube.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\delegate_execute.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\Extensions\external_extensions.json
c:\program files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\icudt.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrome.7z
c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\libegl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\libpeerconnection.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\am.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\am.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ar.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ar.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bg.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bg.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bn.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bn.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ca.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ca.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\cs.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\cs.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\da.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\da.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\de.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\de.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\el.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\el.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-GB.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-GB.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-US.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-US.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es-419.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es-419.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\et.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\et.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fa.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fa.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fi.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fi.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fil.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fil.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\gu.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\gu.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\he.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\he.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hi.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hi.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hu.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hu.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\id.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\id.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\it.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\it.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ja.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ja.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\kn.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\kn.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ko.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ko.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lt.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lt.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lv.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lv.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ml.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ml.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\mr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\mr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ms.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ms.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nb.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nb.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nl.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pl.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-BR.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-BR.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-PT.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-PT.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ro.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ro.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ru.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ru.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sk.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sk.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sl.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sv.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sv.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sw.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sw.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ta.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ta.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\te.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\te.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\th.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\th.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\tr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\tr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\uk.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\uk.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\vi.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\vi.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-CN.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-CN.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-TW.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-TW.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\metro_driver.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\nacl_irt_x86_32.nexe
c:\program files\Google\Chrome\Application\31.0.1650.63\nacl_irt_x86_64.nexe
c:\program files\Google\Chrome\Application\31.0.1650.63\nacl64.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\npchrome_frame.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\pdf.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\PepperFlash\manifest.json
c:\program files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\resources.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\secondarytile.png
c:\program files\Google\Chrome\Application\31.0.1650.63\VisualElements\logo.png
c:\program files\Google\Chrome\Application\31.0.1650.63\VisualElements\smalllogo.png
c:\program files\Google\Chrome\Application\31.0.1650.63\VisualElements\splash-620x300.png
c:\program files\Google\Chrome\Application\31.0.1650.63\widevinecdmadapter.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\xinput1_3.dll
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\debug.log
c:\program files\Google\Chrome\Application\Dictionaries\en-US-3-0.bdic
c:\program files\Google\Chrome\Application\VisualElementsManifest.xml
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdate.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.22.3\goopdate.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_am.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ar.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_bg.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_bn.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ca.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_cs.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_da.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_de.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_el.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_en.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_es.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_et.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fa.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fi.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fil.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_gu.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_hi.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_hr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_hu.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_id.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_is.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_it.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_iw.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ja.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_kn.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ko.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_lt.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_lv.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ml.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_mr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ms.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_nl.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_no.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_pl.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ro.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ru.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sk.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sl.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sv.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sw.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ta.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_te.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_th.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_tr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_uk.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ur.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_vi.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.22.3\psmachine.dll
c:\program files\Google\Update\1.3.22.3\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\31.0.1650.63\31.0.1650.63_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 FullImagingService;FullImagingService;c:\documents and settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe [9/6/2013 12:24 PM 235848]
    S2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
    S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/22/2009 12:18 AM 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/22/2009 12:18 AM 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/23/2012 4:34 PM 13464]
    S3 TfNetMon;TfNetMon;

  • .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper   REG_MULTI_SZ      getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:42]
    .
    2014-01-15 c:\windows\Tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: bestbuy.com\www-ssl
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\
    FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-16 13:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2014-01-16  14:00:05
    ComboFix-quarantined-files.txt  2014-01-16 20:00
    ComboFix2.txt  2014-01-16 16:21
    ComboFix3.txt  2014-01-16 16:12
    ComboFix4.txt  2014-01-13 20:46
    ComboFix5.txt  2014-01-16 19:50
    .
    Pre-Run: 282,828,115,968 bytes free
    Post-Run: 282,670,821,376 bytes free
    .
    - - End Of File - - 72389692721C271576A5831081071ECF
    CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine

#61
January 17, 2014, 12:07:08 AM
Perfect, jemellin!  That is what I needed to see.  Now that I've (finally) found and obtained access to a better source for researching the MD5's in the failed sigcheck part of your log, we can get that fixed.  (I was beginning to question my search skills.)  This next step will replace the D COM files damaged by the malware with correct files. 

Please do the following. 

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

FCopy::
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll | c:\windows\system32\rpcss.dll
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll | c:\windows\system32\dllcache\rpcss.dll


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#62
January 17, 2014, 03:56:57 PM
ComboFix 14-01-16.03 - USER 01/17/2014   9:43.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2083 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll --> c:\windows\system32\rpcss.dll
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll --> c:\windows\system32\dllcache\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-17 to 2014-01-17  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 FullImagingService;FullImagingService;c:\documents and settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe [9/6/2013 12:24 PM 235848]
    S2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
    S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/22/2009 12:18 AM 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/22/2009 12:18 AM 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/23/2012 4:34 PM 13464]
    S3 TfNetMon;TfNetMon;

  • .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper   REG_MULTI_SZ      getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:42]
    .
    2014-01-16 c:\windows\Tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: bestbuy.com\www-ssl
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com
    FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-17 09:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3896)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2014-01-17  09:54:28
    ComboFix-quarantined-files.txt  2014-01-17 15:54
    ComboFix2.txt  2014-01-16 20:00
    ComboFix3.txt  2014-01-16 16:21
    ComboFix4.txt  2014-01-16 16:12
    ComboFix5.txt  2014-01-17 15:42
    .
    Pre-Run: 282,671,099,904 bytes free
    Post-Run: 282,689,937,408 bytes free
    .
    - - End Of File - - 34A6A37642A54E96B414759729820234
    CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine

#63
January 17, 2014, 05:56:36 PM
:dance:  Ok, jemellin, that did it!  Now to clean up the tools we used and set a path forward.

1.  Right-click on the following on your desktop and select Delete:

SecurityCheck
TDSSKiller
RogueKiller
SystemLook

2.  Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
3.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


4.  As I mentioned earlier, Windows XP will soon be reaching its end of life.  That means that Microsoft will not be releasing any additional security updates for Windows XP, regardless of any new vulnerabilities.  My best advice is to start saving for a new computer so that you will be in a position to replace this one sooner rather than later.  In the meantime, it will be more important than ever to keep Adobe products (Adobe Acrobat, Adobe AIR, Adobe Reader and Adobe Flash Player) as well as Oracle Java updated. 

Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?" and let me know if you have any questions.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#64
January 17, 2014, 06:58:58 PM
tried to update Adobe  Acrobat says cannot connect the server make sure I have connection to the internet......which I do!

jemellin

#65
January 17, 2014, 07:25:15 PM
A quick question please I last backed up my computer about Jan. 5th 2014 Using the click free C6. If I now backup the computer will I still have all the old bad files on it ? Wondering in case I would ever want to tranfer files to a new computer!
Thanks

Corrine

#66
January 17, 2014, 07:43:46 PM
I was listing all of the Adobe products when I wrote that.  However, I checked the list of installed programs and see it shows Acrobat 5.0, which is from ~2003.  There are no updates for that as Acrobat is at v11 and is a licensed program.  You can uninstall Adobe Acrobat from your computer.  You can also find information on the latest updates for the other programs in the General Software News, Updates & Discussions forum.

Uninstalling AdwCleaner and deleting RogueCleaner would have removed any of those quarantined files.  More importantly, the uninstall of ComboFix cleared old restore points that may have been infected and removed the quarantined files. 

Since you have Windows Live installed, I would guess you have a Hotmail/Outlook.com e-mail account.  It wouldn't hurt to also back up pictures and documents that you want to keep to SkyDrive.  If you haven't used SkyDrive before, my blog post from last year and the references at the bottom should help you get started:  Moving to SkyDrive.  For sensitive documents, see SkyDrive Security.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#67
January 26, 2014, 10:52:48 PM
Corrine thanks for all your help and time helping me with my problem...................I really appreciate it! :mitch:

Corrine

#68
January 26, 2014, 11:14:01 PM
You are very welcome, jemellin.  I was happy to do so.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages 1 ... 3 4 5
User actions