1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved RegTask virus

Discussion in 'Malware and Virus Removal Archive' started by dudgorgon, 2011/08/15.

Page 1 of 2
  1. 2011/08/15
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    [Resolved] RegTask virus

    My neighbors computer appears to have been hit with the RegTask virus. The system would no longer access the internet but I was able to fix that after running a quick scan with MalwareBytes. The system still cannot access the page for Windows Updates. I also noticed Windows Security Center appears in the tray in red and I cannot enable/disable Windows Firewall. Still sounds like there is something wrong.

    The system is currently running a MalwareBytes full scan and I will check it tomorrow sometime.

    Any suggestions are greatly appreciated.

    BTW Here is the log file dump from the quick scan I initially ran:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 7474

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/15/2011 7:42:48 PM
    mbam-log-2011-08-15 (19-42-48).txt

    Scan type: Quick scan
    Objects scanned: 167524
    Time elapsed: 9 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Brian Murphy\Local Settings\Application Data\rkd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe ") Good: (iexplore.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    dudgorgon,
    #1
  2. 2011/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You visited this forum before, so you know the rules...

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/08/17
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    Requested logs

    MalwareByte log:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 7474

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/16/2011 9:04:02 PM
    mbam-log-2011-08-16 (21-04-02).txt

    Scan type: Full scan (C:\|F:\|)
    Objects scanned: 219884
    Time elapsed: 1 hour(s), 12 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3089668978 (Trojan.FakeAlert) -> Value: 3089668978 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ( "C:\Documents and Settings\Brian Murphy\Local Settings\Application Data\rkd.exe" -a "%1" %*) Good: ( "%1" %*) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    *********************************************************
    GMER log
    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-08-17 18:35:58
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 ST340016 rev.3.10
    Running: m9shuuvh.exe; Driver: C:\DOCUME~1\BRIANM~1\LOCALS~1\Temp\pwldqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8931B4D8 ZwAlertResumeThread
    SSDT 8936B478 ZwAlertThread
    SSDT 893232D0 ZwAllocateVirtualMemory
    SSDT 893C2090 ZwConnectPort
    SSDT 897863B0 ZwCreateKey
    SSDT 893416A8 ZwCreateMutant
    SSDT 89747180 ZwCreateProcess
    SSDT 89769258 ZwCreateProcessEx
    SSDT 8930E2D0 ZwCreateThread
    SSDT 897A0180 ZwDeleteKey
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB4A7DCB0]
    SSDT 893262E0 ZwFreeVirtualMemory
    SSDT 8931B358 ZwImpersonateAnonymousToken
    SSDT 8931B418 ZwImpersonateThread
    SSDT 89472160 ZwMapViewOfSection
    SSDT 893415E8 ZwOpenEvent
    SSDT 893132E0 ZwOpenProcessToken
    SSDT 89317258 ZwOpenThreadToken
    SSDT 8931D4F8 ZwQueryValueKey
    SSDT 89746F30 ZwQueueApcThread
    SSDT 89746DC8 ZwReadVirtualMemory
    SSDT 8972B910 ZwRenameKey
    SSDT 89472128 ZwResumeThread
    SSDT 89316258 ZwSetContextThread
    SSDT 8972B070 ZwSetInformationKey
    SSDT 89318258 ZwSetInformationProcess
    SSDT 89307258 ZwSetInformationThread
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB4A7DF10]
    SSDT 8931D438 ZwSuspendProcess
    SSDT 8931A480 ZwSuspendThread
    SSDT 8930EC58 ZwTerminateProcess
    SSDT 89306258 ZwTerminateThread
    SSDT 89325258 ZwUnmapViewOfSection
    SSDT 893222D0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 214 804E2880 4 Bytes CALL 33D75C9A
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB707F380, 0x5414D5, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[2068] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3676] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3676] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3676] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 89746C58
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 89746D50
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 89746D50
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 89746C58
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 89746C58
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 89746D50
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 89746D50
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 89746C58
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 89746D50
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 89746C58
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 89746D50
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 89746D50
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 89746C58

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    Device \Driver\Tcpip \Device\Ip 893D33F8
    Device \Driver\Tcpip \Device\Ip 89484020
    Device \Driver\Tcpip \Device\Ip 89518020

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\Tcp 893D33F8
    Device \Driver\Tcpip \Device\Tcp 89484020
    Device \Driver\Tcpip \Device\Tcp 89518020

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\Udp 893D33F8
    Device \Driver\Tcpip \Device\Udp 89484020
    Device \Driver\Tcpip \Device\Udp 89518020

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\RawIp 893D33F8
    Device \Driver\Tcpip \Device\RawIp 89484020
    Device \Driver\Tcpip \Device\RawIp 89518020

    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\IPMULTICAST 893D33F8
    Device \Driver\Tcpip \Device\IPMULTICAST 89484020
    Device \Driver\Tcpip \Device\IPMULTICAST 89518020

    AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    *********************************************************
    MBRCheck log
    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-17 18:41:16
    -----------------------------
    18:41:16.796 OS Version: Windows 5.1.2600 Service Pack 3
    18:41:16.796 Number of processors: 1 586 0x204
    18:41:16.796 ComputerName: BMURPHY UserName:
    18:41:18.468 Initialize success
    18:41:33.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
    18:41:33.640 Disk 0 Vendor: ST340016 3.10 Size: 38166MB BusType: 3
    18:41:33.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0
    18:41:33.640 Disk 1 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
    18:41:33.656 Disk 0 MBR read successfully
    18:41:33.656 Disk 0 MBR scan
    18:41:33.656 Disk 0 Windows XP default MBR code
    18:41:33.703 Disk 0 scanning sectors +78156225
    18:41:34.046 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:42:39.859 Service scanning
    18:42:41.593 Modules scanning
    18:44:10.656 Disk 0 trace - called modules:
    18:44:10.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IdeChnDr.sys
    18:44:10.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89797030]
    18:44:11.218 3 CLASSPNP.SYS[f7677fd7] -> nt!IofCallDriver -> \Device\00000062[0x89729f18]
    18:44:11.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x89729030]
    18:44:11.218 Scan finished successfully
    18:44:51.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brian Murphy\Desktop\Scan logs\2011-08-16\MBR.dat "
    18:44:51.625 The log file has been saved successfully to "C:\Documents and Settings\Brian Murphy\Desktop\Scan logs\2011-08-16\aswMBR.txt "

    *********************************************************
    DDS log - dds.txt
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Brian Murphy at 18:45:29.23 on Wed 08/17/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.546 [GMT -4:00]
    .
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Brian Murphy\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponsBar.dll
    TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe "
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [SmileboxTray] "c:\documents and settings\brian murphy\application data\smilebox\SmileboxTray.exe "
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe "
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NWEReboot]
    mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe "
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
    mRun: [Nikon Transfer Monitor] "c:\program files\common files\nikon\monitor\NkMonitor.exe "
    mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe "
    mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe "
    mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe "
    mRun: [<NO NAME>]
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe "
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [RegTask] "c:\program files\regtask\RegTask.exe "
    mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
    StartupFolder: c:\docume~1\brianm~1\startm~1\programs\startup\weprin~1.lnk - c:\program files\weprint\WePrint Server.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
    R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-3-17 92008]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-30 1201640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-30 105592]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110815.002\naveng.sys [2011-8-15 86136]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110815.002\navex15.sys [2011-8-15 1576312]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2009-10-25 57600]
    .
    =============== Created Last 30 ================
    .
    2011-08-15 23:30:55 -------- d-----w- c:\docume~1\brianm~1\applic~1\Malwarebytes
    2011-08-15 23:30:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-15 23:30:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-08-15 23:30:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-15 23:30:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-08-11 22:54:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 18:46:19.76 ===============


    *********************************************************
    DDS log - attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/17/2009 8:26:22 PM
    System Uptime: 8/16/2011 9:07:39 PM (21 hours ago)
    .
    Motherboard: Intel Corporation | | D845PT
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | J1E1 | 2392/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 12.988 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 233 GiB total, 193.856 GiB free.
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&268D196D&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&268D196D&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP477: 6/25/2011 11:44:13 PM - System Checkpoint
    RP478: 6/27/2011 12:05:47 AM - System Checkpoint
    RP479: 6/27/2011 9:53:35 PM - Removed Adobe Reader 9.4.4.
    RP480: 6/27/2011 9:55:12 PM - Installed Adobe Reader X (10.1.0).
    RP481: 6/28/2011 11:16:16 PM - System Checkpoint
    RP482: 6/29/2011 3:00:18 AM - Software Distribution Service 3.0
    RP483: 6/30/2011 3:17:45 AM - System Checkpoint
    RP484: 7/1/2011 3:18:02 AM - System Checkpoint
    RP485: 7/2/2011 3:20:50 AM - System Checkpoint
    RP486: 7/3/2011 3:25:38 AM - System Checkpoint
    RP487: 7/4/2011 3:30:50 AM - System Checkpoint
    RP488: 7/5/2011 4:27:08 AM - System Checkpoint
    RP489: 7/6/2011 4:29:39 AM - System Checkpoint
    RP490: 7/7/2011 5:51:58 AM - System Checkpoint
    RP491: 7/8/2011 5:54:40 AM - System Checkpoint
    RP492: 7/9/2011 6:19:38 AM - System Checkpoint
    RP493: 7/10/2011 6:57:41 AM - System Checkpoint
    RP494: 7/11/2011 7:58:00 AM - System Checkpoint
    RP495: 7/12/2011 9:05:23 AM - System Checkpoint
    RP496: 7/13/2011 3:00:29 AM - Software Distribution Service 3.0
    RP497: 7/14/2011 3:05:52 AM - System Checkpoint
    RP498: 7/15/2011 3:30:24 AM - System Checkpoint
    RP499: 7/16/2011 3:42:29 AM - System Checkpoint
    RP500: 7/16/2011 4:29:09 PM - Software Distribution Service 3.0
    RP501: 7/17/2011 5:29:59 PM - System Checkpoint
    RP502: 7/19/2011 4:56:15 PM - System Checkpoint
    RP503: 7/20/2011 5:52:42 PM - System Checkpoint
    RP504: 7/21/2011 6:42:38 PM - System Checkpoint
    RP505: 7/22/2011 8:07:16 PM - System Checkpoint
    RP506: 7/23/2011 8:29:29 PM - System Checkpoint
    RP507: 7/24/2011 8:53:51 PM - System Checkpoint
    RP508: 7/30/2011 3:36:44 PM - System Checkpoint
    RP509: 7/31/2011 4:22:16 PM - System Checkpoint
    RP510: 8/1/2011 4:53:54 PM - System Checkpoint
    RP511: 8/2/2011 5:49:25 PM - System Checkpoint
    RP512: 8/3/2011 6:02:20 PM - System Checkpoint
    RP513: 8/4/2011 6:45:46 PM - System Checkpoint
    RP514: 8/5/2011 7:11:16 PM - System Checkpoint
    RP515: 8/6/2011 8:24:45 PM - System Checkpoint
    RP516: 8/7/2011 8:58:51 PM - System Checkpoint
    RP517: 8/8/2011 9:18:33 PM - System Checkpoint
    RP518: 8/9/2011 9:44:07 PM - System Checkpoint
    RP519: 8/10/2011 9:48:04 PM - System Checkpoint
    RP520: 8/11/2011 11:32:04 PM - System Checkpoint
    RP521: 8/13/2011 1:41:55 AM - System Checkpoint
    RP522: 8/14/2011 2:26:48 AM - System Checkpoint
    RP523: 8/15/2011 2:31:25 AM - System Checkpoint
    RP524: 8/16/2011 3:25:00 AM - System Checkpoint
    RP525: 8/17/2011 3:28:39 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    ActivClient CAC x86
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0)
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    Ask Toolbar
    Bing Bar
    Bing Bar Platform
    Bonjour
    BufferChm
    C6100
    c6100_Help
    Coupon Printer for Windows
    CouponBar
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    CueTour
    CustomerResearchQFolder
    Dell ResourceCD
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    DVD Decrypter (Remove Only)
    eSupportQFolder
    Fax_CDA
    File Uploader
    FlipShare
    FullDPAppQFolder
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8500 A910 Product Improvement Study
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Product Assistant
    HP Solution Center 7.0
    HP Update
    HPPhotoSmartExpress
    HPProductAssistant
    I.R.I.S. OCR
    InstantShareAlert
    InstantShareDevices
    InstantShareDevicesMFC
    Intel Application Accelerator
    InterVideo WinDVD
    iTunes
    Java(TM) 6 Update 26
    Karen's Replicator
    LiveUpdate 3.0 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Marketsplash Shortcuts
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MobileMe Control Panel
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    Nero 7 Essentials
    NewCopy_CDA
    Nikon Message Center
    Nikon Transfer
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OCR Software by I.R.I.S 7.0
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PhotoGallery
    ProductContextNPI
    PRS-500 USB driver
    QuickTime
    RandMap
    Reader Library by Sony
    Readme
    Safari
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    SlideShow
    Smilebox
    SolutionCenter
    Sonic_PrimoSDK
    Spy Sweeper
    Spy Sweeper Core
    Status
    Symantec AntiVirus
    TomTom HOME 2.6.1.1549
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TrayApp
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2553975)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    W Photo Studio
    WebFldrs XP
    WebReg
    WePrint
    Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format Runtime
    Windows XP Service Pack 3
    .
    ==== End Of File ===========================
     
    dudgorgon,
    #3
  5. 2011/08/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2011/08/21
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    ComboFix would not run. In fact nothing would run on the system...for some reason. each time I attempted to run something, Windows wanted to know what program I wanted to run...similar to when Windows does not have a file association with something and prompts you to select a program to open it with. I even tried loading Windows in safe mode and had the same problem.

    I was able to run RKILL though and the log results were not much:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 08/21/2011 at 20:00:24.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 08/21/2011 at 20:00:31.
     
    dudgorgon,
    #5
  7. 2011/08/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download and run exeHelper.

    • Please download exeHelper from Raktor to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Better?
     
    broni,
    #6
  8. 2011/08/22
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    Comboxfix Log
    ComboFix 11-08-22.04 - Brian Murphy 08/22/2011 19:14:33.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.368 [GMT -4:00]
    Running from: c:\pnd\pd.exe
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-22 23:05 . 2011-08-22 23:09 -------- d-----w- C:\pnd
    2011-08-21 01:48 . 2011-08-21 01:48 -------- d-----w- c:\program files\Apple Software Update
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\documents and settings\Brian Murphy\Application Data\Malwarebytes
    2011-08-15 23:30 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-15 23:30 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-30 18:14 . 2011-07-30 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-11 22:54 . 2011-05-22 17:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-03 39408]
    "SmileboxTray "= "c:\documents and settings\Brian Murphy\Application Data\Smilebox\SmileboxTray.exe" [2010-11-06 312640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Nikon Transfer Monitor "= "c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Reader Library Launcher "= "c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "Bing Bar "= "c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
    "acevents "= "c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
    "accrdsub "= "c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
    "ApnUpdater "= "c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
    .
    c:\documents and settings\Brian Murphy\Start Menu\Programs\Startup\
    WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-11-24 2383360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001
    "FirewallOverride "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableNotifications "= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    .
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 4:16 PM 207400]
    R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 7:34 AM 115952]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/17/2009 8:03 PM 92008]
    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/30/2010 11:50 PM 1201640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 2:39 AM 105592]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 6:05 AM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 6:05 AM 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/25/2009 5:44 AM 57600]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WUAUSERV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-08-21 c:\windows\Tasks\At1.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-21 c:\windows\Tasks\At2.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-21 c:\windows\Tasks\At3.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-21 c:\windows\Tasks\At4.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:04]
    .
    2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:04]
    .
    2011-08-22 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
    .
    2011-08-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-05-17 17:29]
    .
    2011-08-21 c:\windows\Tasks\wrSpySweeper_LD3481E0C53CB4EEB9F794AE89BF03FC2.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-31 20:19]
    .
    2011-08-21 c:\windows\Tasks\wrSpySweeper_LD3481E0C53CB4EEB9F794AE89BF03FC2.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-31 20:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-nwiz - nwiz.exe
    HKLM-Run-NWEReboot - (no file)
    HKLM-Run-RegTask - c:\program files\RegTask\RegTask.exe
    AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files\Bing Bar Installer\InstallManager.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-22 19:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(568)
    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    c:\program files\ActivIdentity\ActivClient\aclog.dll
    c:\program files\ActivIdentity\ActivClient\accrypto.dll
    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
    c:\program files\ActivIdentity\ActivClient\acevtsub.dll
    c:\program files\ActivIdentity\ActivClient\asphat32.dll
    c:\program files\ActivIdentity\ActivClient\acerrmes.dll
    c:\program files\ActivIdentity\ActivClient\aiwinext.dll
    c:\program files\ActivIdentity\ActivClient\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\program files\ActivIdentity\ActivClient\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\aicext.dll
    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
    .
    - - - - - - - > 'explorer.exe'(1188)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
    c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
    c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
    c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2011-08-22 19:26:28
    ComboFix-quarantined-files.txt 2011-08-22 23:26
    .
    Pre-Run: 13,649,780,736 bytes free
    Post-Run: 15,714,512,896 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 399BC61B87119203C5DB2D941E1FAF4E


    ******************************************************************
    rkill log
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 08/22/2011 at 19:28:34.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 08/22/2011 at 19:28:48.
     
    dudgorgon,
    #7
  9. 2011/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is computer doing?

    Uninstall Ask Toolbar, typical foistware.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\Tasks\At4.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=dword:00000000
 "FirewallOverride "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring "=dword:00000000

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #8
  10. 2011/08/24
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    The system appear much healthier than before. I do not see the Windows Security Center icon in the tray and I can enable/disable the Windows Firewall w/o a problem.

    Here is the latest Combofix log:
    -------------------------------------------------------------------------------------
    ComboFix 11-08-20.01 - Brian Murphy 08/24/2011 18:33:18.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.359 [GMT -4:00]
    Running from: c:\documents and settings\Brian Murphy\Desktop\ComboFix.exe
    Command switches used :: g:\malware - spyware - popup blockers\CFScript\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-23 18:34 . 2011-08-23 18:34 -------- d-----w- c:\documents and settings\Brian Murphy\Application Data\Catalina Marketing Corp
    2011-08-22 23:05 . 2011-08-22 23:09 -------- d-----w- C:\pnd
    2011-08-21 01:48 . 2011-08-21 01:48 -------- d-----w- c:\program files\Apple Software Update
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\documents and settings\Brian Murphy\Application Data\Malwarebytes
    2011-08-15 23:30 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-15 23:30 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-10 08:51 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-10 08:50 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-07-30 18:14 . 2011-07-30 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-11 22:54 . 2011-05-22 17:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2009-12-18 01:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-22_23.22.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-08-24 14:41 . 2011-08-24 14:41 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat
    + 2009-12-18 02:11 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    - 2009-12-18 02:11 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    - 2006-03-04 03:33 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
    + 2006-03-04 03:33 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 09:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
    - 2004-08-04 10:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
    + 2009-12-18 03:03 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-12-18 03:03 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2006-03-04 03:33 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2006-03-04 03:33 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2009-12-18 03:03 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2009-12-18 03:03 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2004-08-04 10:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2004-08-04 10:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-12-18 01:29 . 2011-08-24 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-18 01:29 . 2011-08-22 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-12-18 01:29 . 2011-08-24 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-12-18 01:29 . 2011-08-22 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-12-18 01:29 . 2011-08-22 22:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-12-18 01:29 . 2011-08-24 14:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2010-01-11 02:17 . 2011-08-22 23:36 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-08-22 23:31 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
    - 2004-08-04 10:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
    - 2004-08-04 10:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
    + 2006-03-04 03:33 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
    - 2006-03-04 03:33 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
    - 2009-03-08 09:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
    + 2009-03-08 09:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
    + 2006-03-04 03:33 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
    - 2006-03-04 03:33 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-04 10:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
    + 2004-08-04 10:00 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
    - 2004-08-04 10:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
    + 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2006-03-04 03:33 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
    + 2006-03-04 03:33 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
    - 2004-08-04 10:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
    - 2004-08-04 10:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-03-04 03:33 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
    - 2006-03-04 03:33 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
    + 2009-12-18 03:03 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2009-12-18 03:03 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-12-18 02:11 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
    - 2009-12-18 02:11 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
    - 2009-12-18 03:03 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-12-18 03:03 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2006-03-04 03:33 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2006-03-04 03:33 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-08 22:44 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-08 22:44 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2004-08-04 10:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2004-08-04 10:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2004-08-04 10:00 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
    - 2004-08-04 10:00 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2011-08-22 23:31 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
    + 2011-08-22 23:31 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
    + 2011-08-22 23:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
    + 2011-08-22 23:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
    + 2011-08-22 23:31 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
    + 2011-08-22 23:31 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
    + 2009-12-18 02:11 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    - 2009-12-18 02:11 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2006-03-18 11:09 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
    + 2006-03-23 17:32 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
    - 2009-03-08 09:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
    + 2009-03-08 09:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
    + 2006-03-18 11:09 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2006-03-23 17:32 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
    - 2009-12-18 03:03 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2009-12-18 03:03 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2011-07-27 11:42 . 2011-07-27 11:42 4985856 c:\windows\Installer\24b30a.msp
    - 2010-01-11 02:17 . 2011-07-13 07:02 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2010-01-11 02:17 . 2011-07-13 07:02 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2010-01-11 02:17 . 2011-08-22 23:36 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2011-08-22 23:31 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
    + 2011-08-22 23:31 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
    + 2011-08-22 23:31 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
    + 2009-12-18 02:48 . 2011-08-22 23:32 52390856 c:\windows\system32\MRT.exe
    - 2009-03-08 09:39 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll
    + 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
    + 2009-12-18 03:03 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
    - 2009-12-18 03:03 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-08-22 23:31 . 2011-04-26 14:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-03 39408]
    "SmileboxTray "= "c:\documents and settings\Brian Murphy\Application Data\Smilebox\SmileboxTray.exe" [2010-11-06 312640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Nikon Transfer Monitor "= "c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Reader Library Launcher "= "c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "Bing Bar "= "c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
    "acevents "= "c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
    "accrdsub "= "c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
    "ApnUpdater "= "c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
    .
    c:\documents and settings\Brian Murphy\Start Menu\Programs\Startup\
    WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-11-24 2383360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001
    "FirewallOverride "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableNotifications "= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    .
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 4:16 PM 207400]
    R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 7:34 AM 115952]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/17/2009 8:03 PM 92008]
    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/30/2010 11:50 PM 1201640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 2:39 AM 105592]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 6:05 AM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 6:05 AM 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/25/2009 5:44 AM 57600]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-08-21 c:\windows\Tasks\At1.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-24 c:\windows\Tasks\At2.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-24 c:\windows\Tasks\At3.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-24 c:\windows\Tasks\At4.job
    - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]
    .
    2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:04]
    .
    2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:04]
    .
    2011-08-24 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
    .
    2011-08-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-05-17 17:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-24 18:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(568)
    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    c:\program files\ActivIdentity\ActivClient\aclog.dll
    c:\program files\ActivIdentity\ActivClient\accrypto.dll
    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
    c:\program files\ActivIdentity\ActivClient\acevtsub.dll
    c:\program files\ActivIdentity\ActivClient\asphat32.dll
    c:\program files\ActivIdentity\ActivClient\acerrmes.dll
    c:\program files\ActivIdentity\ActivClient\aiwinext.dll
    c:\program files\ActivIdentity\ActivClient\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\program files\ActivIdentity\ActivClient\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\aicext.dll
    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
    .
    - - - - - - - > 'explorer.exe'(5704)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
    c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
    c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
    c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2011-08-24 18:45:18
    ComboFix-quarantined-files.txt 2011-08-24 22:45
    ComboFix2.txt 2011-08-22 23:26
    .
    Pre-Run: 15,901,204,480 bytes free
    Post-Run: 15,882,137,600 bytes free
    .
    - - End Of File - - 6C9FAE3BDC3B9E17765423D76D76C798
     
    dudgorgon,
    #9
  11. 2011/08/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news, but...it doesn't look like you run my script in Combofix as all entries that supposed to be removed are still there.

    Please retry.
     
    broni,
    #10
  12. 2011/08/24
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    I will re-try and post the results again.

    Thanks
     
    dudgorgon,
    #11
  13. 2011/08/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)...
     
    broni,
    #12
  14. 2011/08/26
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    It looks like the system is infected with this: Trojan.ADH.2

    This is causing some strange behavior. For instance, I cannot run IE w/o being asked to select a program to run.

    I am currently running Malwarebytes.
     
    dudgorgon,
    #13
  15. 2011/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download and run exeHelper.

    • Please download exeHelper from Raktor to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    I still need correct Combofix log.
     
    broni,
    #14
  16. 2011/08/26
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    Ok, I'll get the exeHelper.com log file. I was trying to create a new Combifix log when I ran in to this new issue and hope to have one posted in my next reply.

    Thanks for your help.
     
    dudgorgon,
    #15
  17. 2011/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)....
     
    broni,
    #16
  18. 2011/08/28
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    Here's the exehelper log...the following reply has the Combofix log I owe you.

    -------------------------------------------------------------------------------------
    exeHelper by Raktor
    Build 20100414
    Run at 19:03:28 on 08/22/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 19:47:53 on 08/28/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
     
    dudgorgon,
    #17
  19. 2011/08/28
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    Combix fix log:

    ComboFix 11-08-25.05 - Brian Murphy 08/28/2011 20:20:36.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.429 [GMT -4:00]
    Running from: c:\documents and settings\Brian Murphy\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Brian Murphy\Desktop\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    FILE ::
    "c:\windows\Tasks\At1.job "
    "c:\windows\Tasks\At2.job "
    "c:\windows\Tasks\At3.job "
    "c:\windows\Tasks\At4.job "
    "c:\windows\Tasks\Scheduled Update for Ask Toolbar.job "
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\comct332.ocx
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-28 23:29 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2011-08-28 23:29 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2011-08-23 18:34 . 2011-08-23 18:34 -------- d-----w- c:\documents and settings\Brian Murphy\Application Data\Catalina Marketing Corp
    2011-08-22 23:05 . 2011-08-26 12:23 -------- d-----w- C:\pnd
    2011-08-21 01:48 . 2011-08-21 01:48 -------- d-----w- c:\program files\Apple Software Update
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\documents and settings\Brian Murphy\Application Data\Malwarebytes
    2011-08-15 23:30 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-15 23:30 . 2011-08-15 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-15 23:30 . 2011-08-26 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-15 23:30 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-10 08:51 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-10 08:50 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-07-30 18:14 . 2011-07-30 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-11 22:54 . 2011-05-22 17:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2009-12-18 01:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-08-24_22.42.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-08-29 00:08 . 2011-08-29 00:08 16384 c:\windows\Temp\Perflib_Perfdata_b24.dat
    + 2009-12-18 01:29 . 2011-08-29 00:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-18 01:29 . 2011-08-24 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-12-18 01:29 . 2011-08-29 00:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-12-18 01:29 . 2011-08-24 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-12-18 01:29 . 2011-08-29 00:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-12-18 01:29 . 2011-08-24 14:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-03 39408]
    "SmileboxTray "= "c:\documents and settings\Brian Murphy\Application Data\Smilebox\SmileboxTray.exe" [2010-11-06 312640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Nikon Transfer Monitor "= "c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Reader Library Launcher "= "c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "Bing Bar "= "c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
    "acevents "= "c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
    "accrdsub "= "c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
    "ApnUpdater "= "c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
    .
    c:\documents and settings\Brian Murphy\Start Menu\Programs\Startup\
    WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-11-24 2383360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2009-06-03 20:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2009-06-03 20:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications "= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    .
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 4:16 PM 207400]
    R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 7:34 AM 115952]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/17/2009 8:03 PM 92008]
    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/30/2010 11:50 PM 1201640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 2:39 AM 105592]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 6:05 AM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 6:05 AM 135664]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/25/2009 5:44 AM 57600]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:04]
    .
    2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:04]
    .
    2011-08-29 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-28 20:29
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(552)
    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    c:\program files\ActivIdentity\ActivClient\aclog.dll
    c:\program files\ActivIdentity\ActivClient\accrypto.dll
    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
    c:\program files\ActivIdentity\ActivClient\acevtsub.dll
    c:\program files\ActivIdentity\ActivClient\asphat32.dll
    c:\program files\ActivIdentity\ActivClient\acerrmes.dll
    c:\program files\ActivIdentity\ActivClient\aiwinext.dll
    c:\program files\ActivIdentity\ActivClient\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
    c:\windows\system32\WINSPOOL.DRV
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\program files\ActivIdentity\ActivClient\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\aicext.dll
    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
    .
    Completion time: 2011-08-28 20:32:24
    ComboFix-quarantined-files.txt 2011-08-29 00:32
    ComboFix2.txt 2011-08-24 22:45
    ComboFix3.txt 2011-08-22 23:26
    .
    Pre-Run: 15,350,005,760 bytes free
    Post-Run: 15,335,288,832 bytes free
    .
    - - End Of File - - F1AED4370D1A1F89E322ABE510FF5332
     
    dudgorgon,
    #18
  20. 2011/08/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Now you're talking :)

    How is machine doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #19
  21. 2011/08/28
    dudgorgon

    dudgorgon Inactive Thread Starter

    Joined:
    2011/04/01
    Messages:
    46
    Likes Received:
    0
    The system keeps reverting to a strange state...as if it loses the ability to do anything. Since the last exehelper scan it is much better. I am running OTL right now and will post the log shortly.
     
    dudgorgon,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...