News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
June 19, 2013, 11:36:18
linktree cexx.org - Support Forums  >  Spyware-Related Stuff  >  Spyware - Help!
linktree Topic: Catalyst control...
Pages: [1]   Go Down
« previous next »
  Print  
Topic: Catalyst control...  (Read 2571 times)
0 Members and 1 Guest are viewing this topic.
« on: November 20, 2011, 11:00:20 »
Cgolf1 Offline
Jr. Member

 **

Karma: 0
Posts: 89
It looks like I got a virus last night that I was able to take care of for the most part.  All my windows suddenly closed and I lost all my desktop icons.  I was getting messages that the host for catalyst control was no longer responding and several pop up windows wanting me to purchase phony remedies for the problem.  I was able to run malwarebytes which seemed to find and eliminate most of the virus.  I did a system restore to the last saved time before the virus and got back my desktop icons. What is still happening is that I am still getting a window saying that catalyst control is still not responding and although my favorites are still in my computer somewhere, I cannot see them under my favorite "star." I 've included a HJT and the log from the malware bytes i did last night.  Thanks for any help you can give me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:48 PM, on 11/20/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\IOI\ButtonMonitor.exe
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5692
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {5BCC24A7-7D3F-4CC9-AC86-4380FCD68D1E} (PCInfoOcxEN Control) - http://esupport.trendmicro.com/_layouts/1033/GetPCInfo.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c990531b60361d) (gupdate1c990531b60361d) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbx_device -   - C:\Windows\system32\lxbxcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 11758 bytes



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8198

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/20/2011 1:07:21 AM
mbam-log-2011-11-20 (01-07-21).txt

Scan type: Quick scan
Objects scanned: 185204
Time elapsed: 16 minute(s), 23 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\programdata\opujxukltoth.exe (Trojan.FakeAlert) -> 2664 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpUJxuKltOTh.exe (Trojan.FakeAlert) -> Value: OpUJxuKltOTh.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\opujxukltoth.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\chris\AppData\Local\temp\zjyz8vvu3uet7z.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\chris\AppData\Local\temp\0.6277832961700487.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
Logged
« Reply #1 on: November 20, 2011, 12:03:30 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note:  It is important that it is saved directly to your desktop  and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and  anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. 

Please tell us if it has cured the problems or if there are any outstanding issues
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
« Reply #2 on: November 20, 2011, 12:55:33 »
Cgolf1 Offline
Jr. Member

 **

Karma: 0
Posts: 89
Didn't get the Catalyst message when the system restarted.  Still don't have Favorites despite them being somewhere in the computer.  I'm sure this is an easy fix to make them visible but I don't know what to do.
 
Logged
« Reply #3 on: November 20, 2011, 17:24:11 »
Cgolf1 Offline
Jr. Member

 **

Karma: 0
Posts: 89
Despite having said that the catalyst control centre message didn't come up after the Combofix, it has come up again. I have to search to find many of my files also.  They are on my computer but it seems as if there is something checked that is making me search to find them.
Logged
« Reply #4 on: November 20, 2011, 23:29:16 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
when you get round to following my instructions , then I might be able to see something

where is the combofix log
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
« Reply #5 on: November 21, 2011, 14:17:33 »
Cgolf1 Offline
Jr. Member

 **

Karma: 0
Posts: 89
Sorry, honest mistake. I copied the log and forgot to paste it after writing the reply.  I have used you guys several times over the last few years and have always been nothing but appreciative.  No need for the sarcasm.  That being said I can no longer find the log.  I have a username123 file, would in be in there?  If not, would running it again help?  Sorry to create the extra work.
Logged
« Reply #6 on: November 22, 2011, 03:56:50 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
look for it in C:\qoobox
it might be inside the quarantine folder there
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
« Reply #7 on: November 22, 2011, 14:22:37 »
Cgolf1 Offline
Jr. Member

 **

Karma: 0
Posts: 89
Amazingly there is a combofix log from a few weeks before, but not the one from the 20th. What I do have from the 20th is the txt from what was quarantined.  I know that is not what you are looking for.  The big pain in the ass now is that the majority of my files and pictures are labeled hidden and I have to go into properties and uncheck the box for each individual file.  My folders options are set for 'show hidden files'  Anyway below is that quarantine log. 
 

2011-11-20 20:40:55 . 2011-11-20 20:40:55            1,054 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-StartNow Toolbar.reg.dat
2011-11-20 20:40:55 . 2011-11-20 20:40:55            1,380 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-11-20 20:40:25 . 2011-11-20 20:40:25              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B}.reg.dat
2011-11-20 20:40:25 . 2011-11-20 20:40:25              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2011-11-20 20:22:47 . 2011-11-20 20:22:47            4,464 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg.dat
2011-11-20 20:22:31 . 2011-11-20 20:22:31            3,645 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-11-20 20:12:46 . 2011-11-20 20:15:10              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
Logged
« Reply #8 on: November 22, 2011, 14:34:43 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
in that case combofix didn't complete its run

please run it again
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
« Reply #9 on: November 22, 2011, 18:22:56 »
Cgolf1 Offline
Jr. Member

 **

Karma: 0
Posts: 89
Combofix log:

ComboFix 11-11-22.03 - chris 11/22/2011  20:55:18.4.3 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.2239 [GMT -5:00]
Running from: c:\users\chris\Desktop\username123.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-23 to 2011-11-23  )))))))))))))))))))))))))))))))
.
.
2011-11-23 02:05 . 2011-11-23 02:05   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-22 21:18 . 2011-10-07 04:16   8570192   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{44289D10-46BA-4BEC-A40B-504E0838DCAB}\mpengine.dll   ERROR(0x00000005)
2011-11-13 02:37 . 2011-11-13 02:39   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-12 16:22 . 2011-11-12 16:22   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-11-09 12:00 . 2011-09-20 21:06   1426304   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:00 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 12:00 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 12:00 . 2011-09-30 16:16   893440   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 12:00 . 2011-09-30 16:16   50688   ----a-w-   c:\program files\Windows Mail\wabimp.dll
2011-11-09 12:00 . 2011-09-30 15:57   707584   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
2011-10-24 20:22 . 2011-10-24 20:22   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 20:21 . 2008-09-09 00:24   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2011-10-24 20:21 . 2008-09-09 00:24   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2011-10-16 14:43 . 2011-06-12 14:08   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 04:16 . 2008-07-08 04:13   8570192   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll   ERROR(0x00000005)
2011-09-06 13:56 . 2011-10-11 19:44   2764288   ----a-w-   c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-12 03:22   2309120   ----a-w-   c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 03:22   1389056   ----a-w-   c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 03:22   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 03:22   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 03:22   1126912   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 03:22   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2009-05-27 23:31   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05   96104   ----a-w-   c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   85864   ----a-w-   c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   212840   ----a-w-   c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05   83816   ----a-w-   c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   73064   ----a-w-   c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   178536   ----a-w-   c:\windows\SysWow64\dnssdX.dll
2011-08-25 16:20 . 2011-10-11 19:44   735744   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-11 19:44   847360   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-25 16:19 . 2011-10-11 19:44   332288   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-25 16:15 . 2011-10-11 19:44   555520   ----a-w-   c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-11 19:44   563712   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14 . 2011-10-11 19:44   238080   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-08-25 13:54 . 2011-10-11 19:44   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-11 19:44   4096   ----a-w-   c:\windows\SysWow64\oleaccrc.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-20_20.30.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-11-23 02:08   76726              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-23 02:08   89370              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 22:36 . 2011-11-23 02:08   16798              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968901160-2759726070-778273491-1000_UserData.bin
- 2008-07-07 22:31 . 2011-11-20 19:14   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-07 22:31 . 2011-11-23 01:50   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-07 22:31 . 2011-11-23 01:50   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-07 22:31 . 2011-11-20 19:14   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-07 22:31 . 2011-11-23 01:50   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-07 22:31 . 2011-11-20 19:14   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-20 20:29 . 2011-11-20 20:29   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-23 02:06 . 2011-11-23 02:06   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-20 20:29 . 2011-11-20 20:29   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-23 02:06 . 2011-11-23 02:06   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2011-11-20 16:55   689246              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-21 00:52   689246              c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-11-20 16:55   139876              c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-11-21 00:52   139876              c:\windows\system32\perfc009.dat
+ 2009-07-05 17:33 . 2011-11-21 22:18   262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-05 17:33 . 2011-11-20 15:26   262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-02-09 11:52 . 2011-11-20 20:28   340848              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-09 11:52 . 2011-11-23 02:05   340848              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-08 04:36 . 2011-11-23 02:05   5784244              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-8192.dat
+ 2011-05-08 04:36 . 2011-11-23 02:05   43100912              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-4096.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ButtonMonitor"="c:\program files (x86)\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-24 273528]
.
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2011-6-23 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c990531b60361d;Google Update Service (gupdate1c990531b60361d);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys
R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys
R3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 42768]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-10-08 917768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 23:55   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-07-03 20:50]
.
2011-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-16 00:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-22 28672]
"lxbxmon.exe"="c:\program files (x86)\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.espn.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5692
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
.
**************************************************************************
.
Completion time: 2011-11-22  21:20:09 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-23 02:20
ComboFix2.txt  2011-11-20 20:42
ComboFix3.txt  2011-11-13 02:20
.
Pre-Run: 191,919,788,032 bytes free
Post-Run: 191,761,608,704 bytes free
.
- - End Of File - - 18C44A358FA49FD23868E19644B0648A
Logged
« Reply #10 on: November 22, 2011, 23:50:16 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
now please go to C:\qoobox & find
ComboFix2.txt  and ComboFix3.txt

upload those 2 files so we can see what it fixed the first 2 times you ran it
they might be inside the quarantine folder inside qoobox 
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
« Reply #11 on: November 23, 2011, 15:11:57 »
Cgolf1 Offline
Jr. Member

 **

Karma: 0
Posts: 89
Here is the combofix2, followed by combofix3


ComboFix 11-11-20.01 - chris 11/20/2011  15:18:03.3.3 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.2384 [GMT -5:00]
Running from: c:\users\chris\Desktop\username123.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-20 to 2011-11-20  )))))))))))))))))))))))))))))))
.
.
2011-11-20 20:27 . 2011-11-20 20:30   --------   d-----w-   c:\users\chris\AppData\Local\temp
2011-11-20 20:27 . 2011-11-20 20:27   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-20 15:32 . 2011-10-07 04:16   8570192   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D6C69EE2-17B0-4BCC-9C97-45A7C5206673}\mpengine.dll   ERROR(0x00000005)
2011-11-13 02:37 . 2011-11-13 02:39   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-12 16:22 . 2011-11-12 16:22   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-11-09 12:00 . 2011-09-20 21:06   1426304   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:00 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 12:00 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 12:00 . 2011-09-30 16:16   893440   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 12:00 . 2011-09-30 16:16   50688   ----a-w-   c:\program files\Windows Mail\wabimp.dll
2011-11-09 12:00 . 2011-09-30 15:57   707584   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
2011-10-24 20:22 . 2011-10-24 20:22   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 20:21 . 2008-09-09 00:24   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2011-10-24 20:21 . 2008-09-09 00:24   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2011-10-16 14:43 . 2011-06-12 14:08   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 04:16 . 2008-07-08 04:13   8570192   ------w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll   ERROR(0x00000005)
2011-09-06 13:56 . 2011-10-11 19:44   2764288   ----a-w-   c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-12 03:22   2309120   ----a-w-   c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 03:22   1389056   ----a-w-   c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 03:22   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 03:22   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 03:22   1126912   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 03:22   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2009-05-27 23:31   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05   96104   ----a-w-   c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   85864   ----a-w-   c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   212840   ----a-w-   c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05   83816   ----a-w-   c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   73064   ----a-w-   c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   178536   ----a-w-   c:\windows\SysWow64\dnssdX.dll
2011-08-25 16:20 . 2011-10-11 19:44   735744   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-11 19:44   847360   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-25 16:19 . 2011-10-11 19:44   332288   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-25 16:15 . 2011-10-11 19:44   555520   ----a-w-   c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-11 19:44   563712   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14 . 2011-10-11 19:44   238080   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-08-25 13:54 . 2011-10-11 19:44   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-11 19:44   4096   ----a-w-   c:\windows\SysWow64\oleaccrc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ButtonMonitor"="c:\program files (x86)\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-24 273528]
.
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2011-6-23 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c990531b60361d;Google Update Service (gupdate1c990531b60361d);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys
R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys
R3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 42768]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-10-08 917768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 23:55   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-07-03 20:50]
.
2011-11-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-16 00:46]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-22 28672]
"lxbxmon.exe"="c:\program files (x86)\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
"combofix"="c:\username123\CF12432.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.espn.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5692
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
.
**************************************************************************
.
Completion time: 2011-11-20  15:42:08 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-20 20:42
ComboFix2.txt  2011-11-13 02:20
.
Pre-Run: 191,265,763,328 bytes free
Post-Run: 191,057,469,440 bytes free
.
- - End Of File - - 09D213BB138A62ABA87352C70512ED26




ComboFix 11-11-12.04 - chris 11/12/2011  20:55:37.2.3 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.2387 [GMT -5:00]
Running from: c:\users\chris\Downloads\ComboFix.exe
Command switches used :: c:\users\chris\Downloads\CFScript.txt
AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-13 to 2011-11-13  )))))))))))))))))))))))))))))))
.
.
2011-11-13 02:04 . 2011-11-13 02:04   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-12 16:22 . 2011-11-12 16:22   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-11-11 19:58 . 2011-10-07 04:16   8570192   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D2B54B0E-8E93-44E5-949E-658D70C95AEB}\mpengine.dll   ERROR(0x00000005)
2011-11-09 12:00 . 2011-09-20 21:06   1426304   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:00 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 12:00 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 12:00 . 2011-09-30 16:16   893440   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 12:00 . 2011-09-30 16:16   50688   ----a-w-   c:\program files\Windows Mail\wabimp.dll
2011-11-09 12:00 . 2011-09-30 15:57   707584   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 02:29 . 2011-11-09 02:29   --------   d-----w-   c:\program files (x86)\MSN Toolbar
2011-11-09 02:28 . 2011-11-09 02:29   --------   d-----w-   c:\program files (x86)\Ask.com
2011-11-09 02:28 . 2011-11-09 02:28   --------   d-----w-   C:\Firefox
2011-11-09 02:28 . 2011-11-09 02:29   --------   d-----w-   c:\program files (x86)\Bing Bar Installer
2011-10-24 20:22 . 2011-10-24 20:22   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2011-10-14 22:05 . 2011-10-14 22:05   --------   d-----w-   c:\program files\iPod
2011-10-14 22:04 . 2011-10-14 22:05   --------   d-----w-   c:\program files\iTunes
2011-10-14 22:00 . 2011-10-14 22:00   --------   d-----w-   c:\program files\Bonjour
2011-10-14 22:00 . 2011-10-14 22:00   --------   d-----w-   c:\program files (x86)\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 20:21 . 2008-09-09 00:24   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2011-10-24 20:21 . 2008-09-09 00:24   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2011-10-16 14:43 . 2011-06-12 14:08   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 04:16 . 2008-07-08 04:13   8570192   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll   ERROR(0x00000005)
2011-09-06 13:56 . 2011-10-11 19:44   2764288   ----a-w-   c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-12 03:22   2309120   ----a-w-   c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 03:22   1389056   ----a-w-   c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 03:22   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 03:22   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 03:22   1126912   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 03:22   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-08-31 03:05 . 2011-08-31 03:05   96104   ----a-w-   c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   85864   ----a-w-   c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   212840   ----a-w-   c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05   83816   ----a-w-   c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   73064   ----a-w-   c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   178536   ----a-w-   c:\windows\SysWow64\dnssdX.dll
2011-08-25 16:20 . 2011-10-11 19:44   735744   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-11 19:44   847360   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-25 16:19 . 2011-10-11 19:44   332288   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-25 16:15 . 2011-10-11 19:44   555520   ----a-w-   c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-11 19:44   563712   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14 . 2011-10-11 19:44   238080   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-08-25 13:54 . 2011-10-11 19:44   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-11 19:44   4096   ----a-w-   c:\windows\SysWow64\oleaccrc.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-12_19.24.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-11-13 02:08   75566              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-13 02:08   88934              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 22:36 . 2011-11-13 02:08   16212              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968901160-2759726070-778273491-1000_UserData.bin
- 2008-07-07 22:31 . 2011-11-12 18:49   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-07 22:31 . 2011-11-12 22:29   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-07 22:31 . 2011-11-12 22:29   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-07 22:31 . 2011-11-12 18:49   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-07 22:31 . 2011-11-12 22:29   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-07 22:31 . 2011-11-12 18:49   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-12 19:23 . 2011-11-12 19:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-13 02:06 . 2011-11-13 02:06   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-13 02:06 . 2011-11-13 02:06   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-12 19:23 . 2011-11-12 19:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2011-11-13 01:19   689246              c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-11-12 15:11   689246              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-13 01:19   139876              c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-11-12 15:11   139876              c:\windows\system32\perfc009.dat
+ 2011-02-09 11:52 . 2011-11-13 02:05   340848              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-09 11:52 . 2011-11-12 19:21   340848              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-08 04:36 . 2011-11-13 02:05   5750008              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-8192.dat
- 2011-05-08 04:36 . 2011-11-12 19:21   5750008              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-8192.dat
+ 2011-05-08 04:36 . 2011-11-13 02:05   42621480              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-4096.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-18 00:40   1492456   ----a-w-   c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-18 1492456]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ButtonMonitor"="c:\program files (x86)\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-24 273528]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-18 395240]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
.
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2011-6-23 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c990531b60361d;Google Update Service (gupdate1c990531b60361d);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys
R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys
R3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 42768]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-10-08 917768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 23:55   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-07-03 20:50]
.
2011-11-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-16 00:46]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-22 28672]
"lxbxmon.exe"="c:\program files (x86)\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.espn.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5692
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-11-12  21:20:32 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-13 02:20
ComboFix2.txt  2011-11-12 19:38
.
Pre-Run: 190,004,047,872 bytes free
Post-Run: 189,737,447,424 bytes free
.
- - End Of File - - B87934978D94E4E77D29BA8512406E28
Logged
« Reply #12 on: November 23, 2011, 23:59:28 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
combofix doesn't seem to have done anything at all
I really haven't got any ideas here and all I can suggest is reinstall your graphics drivers to get the catalyst control centre back

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
*  Click START then RUN
*  Now type Combofix /Uninstall in the runbox  and click OK.  Note the space between the X and the /U, it needs to be there.


and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated,  that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
 
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Page created in 0.456 seconds with 19 queries.