Options

Nexplore Pop Ups! Please Help!

Unknown
edited July 2009 in Spyware & Virus Removal
Recently started having the pop ups from Nexplore, not sure where it got picked up but having a hard time figuring out how to remove it. Any that can help would be great!

Thank You!
-J

Comments

  • KatanaKatana
    edited July 2009
    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly laechel.gif

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe




    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
  • jsaintp45
    edited July 2009
    Well I have tried 4 times now to run RSIT.exe it starts, looks like it does the HiJackThis step then goes off the screen like it is stopping whatever it is doing.
  • KatanaKatana
    edited July 2009
    Have a look for C:\RSIT folder, if there are two files in there please post the contents.
    If not then do the following


    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.scr to run the tool.
    • When done, DDS.txt will open.
    • Click Yes at the next prompt for Optional Scan.
    • Save both reports to your desktop.

    Please include the contents of the following in your next reply:

    DDS.txt

    Attach the following report to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

    Attach.txt

    Please Download GMER to your desktop

    Download GMER and extract it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click Yes.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.
  • jsaintp45
    edited July 2009
    attached are the DSS.txt and Attach.txt
  • jsaintp45
    edited July 2009
    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-07-20 11:46:04
    Windows 6.0.6001 Service Pack 1


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- EOF - GMER 1.0.15 ----
  • KatanaKatana
    edited July 2009
    Information

    IMPORTANT
    I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire 5.1.2
    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
    Please note: you must NOT use any P2P whilst we are cleaning your machine.


    Step 1

    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If requested, please reboot
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



    Step 2


    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper
    For instructions on how to disable your security programs, please see this topic
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • MalwareBytes Log
    • Combofix Log
    • How are things running now ?






    Additional Notes



    Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Adobe Reader is a large program and uses unnecessary space.
    If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

    There is a newer version of Adobe Acrobat Reader available.
    • Please go to this link Adobe Acrobat Reader Download Link
    • Click Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts




    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
    • Scroll down to where it says "Java SE Runtime Environment (JRE)".
    • Click the "Download" button to the right.
      • Platform = Windows
      • Language = Multi Language
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    Now download JavaRa and unzip it to your desktop.

    ***Please close any instances of Internet Explorer (or other web browser) before continuing!***

    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.


    Now install the Java SE Runtime Environment (JRE) package you downloaded
    (it comes with a toolbar pre-selected, so make sure you uncheck the box)

    You can delete JavaRa (zip and exe)

    Remove Programs

    Older versions of some programs have vulnerabilities that malware can use to infect your system.

    Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) .
    If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
    • Adobe Reader 8.1.3
      Java(TM) 6 Update 13
      Java(TM) 6 Update 5
      Java(TM) 6 Update 7
    Now close the Control Panel.
  • jsaintp45
    edited July 2009
    Malwarebytes' Anti-Malware 1.39
    Database version: 2468
    Windows 6.0.6001 Service Pack 1

    7/20/2009 6:56:20 PM
    mbam-log-2009-07-20 (18-56-20).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 258780
    Time elapsed: 37 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 198

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\jen n justin\AppData\Local\Temp\temp1_photoshop cs4 crack (keygen is included).zip\setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Users\jen n justin\AppData\Local\Temp\temp1_photoshop cs4 crack (keygen is included).zip\keygen_by_ssg\keygen_by_SSG.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Users\jen n justin\AppData\Local\Temp\temp1_photoshop cs4 crack + crack.zip\CORE10k.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Users\jen n justin\AppData\Local\Temp\temp1_photoshop cs4 crack + crack.zip\CRACK_BY_CORE.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\els32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\els3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\encapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\clusapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\CRPPresentation32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\AuthFWGP32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\AuxiliaryDisplayCpl32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\avifile32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\batmeter32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\BFE32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\bitsigd32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\bitsprx332.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\bitsprx432.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\browser32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\bthci32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\bthserv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\btpanui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cabinet32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cabview32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\CardGames32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\CardGames3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cdosys32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\certcli32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\certenc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\CertEnroll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\certprop32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cewmdm32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cfgbkend32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cfgbkend3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\chsbrkr32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\clb32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\clbcatq32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\clfsw3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\clfsw323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cliconfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cliconfg3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\colbact32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\colbact3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\comcat32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\comdlg3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\COMMDLG32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\COMMDLG3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\compobj32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\comres32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\comsnap32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\comsnap3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\comsvcs32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\comsvcs3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\corpol32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\corpol3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\credui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cryptsvc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cryptui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cscapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\csrsrv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\ctl3dv232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d10core32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d10_132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d10_1core32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dataclen32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dataclen3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\davclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dbgeng32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dbgeng3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dbghelp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dbnmpntw32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\DDACLSys32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\DDEML32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\deskperf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\devenum32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\devenum3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\devenum323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\devenum32323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\devmgr32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dfrgifps32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dhcpcmonitor32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dhcpcsvc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dhcpcsvc3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dhcpcsvc632.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\DHCPQEC32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\DHCPQEC3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\diagperf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\difxapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmband32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmcompos32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmdlgs32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmdskmgr32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmdskres32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmdskres3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmusic32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmvdsitf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmvdsitf3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dnssd32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\docprop32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpnhpast32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpnhupnp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpnhupnp3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpnhupnp323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpnhupnp32323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpnlobby32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpnlobby3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpwsockx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dpwsockx3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\drmmgrtn32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dskquota32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dsuiext32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dsuiext3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dswave32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dtsh32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dtsh3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dwmapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dxdiagn32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\FDResPub32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\fdSSDP32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\fdSSDP3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\fdSSDP323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\fdWNet32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\findnetprinters32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\fmifs32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\framebuf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d832.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\gacinstall32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\GameUXLegacyGDFs32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\hccutils32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dxva232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\EncDump32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\eqossnap32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\es32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\escwiad32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\esent32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\esent3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\esentprf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dimsjob32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dimsroam32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dimsroam3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dimsroam323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dinput832.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dinput83232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\diskcopy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmintf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmintf3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmintf323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmintf32323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmloader32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmloader3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmocx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmocx3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmscript32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmstyle32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmsynth32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dmsynth3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\ddrawex32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\deploytk32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\deploytk3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\deskmon32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\deskmon3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\DfrgRes32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\DfrgRes3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dfshim32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dfshim3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dfshim323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dfsrres32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dfsrres3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\DfsShlEx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dot3api32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dot3cfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dot3dlg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dot3gpclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\dot3svc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d83232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d8323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d832323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d8thk32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3d932.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3dim32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3dim3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3dim323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3dim70032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3dim7003232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3dramp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\d3dxof32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cmcfg3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cmdial3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cmdial323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cmicryptinstall32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cmifw32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cmlua32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\CRPPresentation3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\crypt3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\crypt323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\crypt32323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cryptdll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\Windows\System32\cryptdll3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
  • jsaintp45
    edited July 2009
    ComboFix 09-07-20.01 - Jen n Justin 07/20/2009 19:17.1.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1151 [GMT -4:00]
    Running from: c:\users\Jen n Justin\Desktop\ComboFix.exe
    AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1839411324-4190511756-3834475105-1001
    c:\$recycle.bin\S-1-5-21-1839411324-4190511756-3834475105-500
    c:\users\Jen n Justin\AppData\Roaming\inst.exe
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\Downloaded Program Files\CpnMgr.dll
    c:\windows\Installer\1f56b.msi
    c:\windows\Installer\62c40.msi
    c:\windows\system32\ctl3d3232.dll
    c:\windows\system32\mJj3nBR.vbs
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
    .

    2009-07-20 22:09 . 2009-07-20 22:09
    d
    w- c:\users\Jen n Justin\AppData\Roaming\Malwarebytes
    2009-07-20 22:09 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-20 22:09 . 2009-07-20 22:09
    d
    w- c:\programdata\Malwarebytes
    2009-07-20 22:09 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-20 22:09 . 2009-07-20 22:09
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-20 22:05 . 2009-07-20 22:07
    d
    w- c:\users\Jen n Justin\.SunDownloadManager
    2009-07-20 03:00 . 2009-07-20 03:00
    d
    w- C:\rsit
    2009-07-15 22:53 . 2009-07-15 22:58
    d
    w- c:\programdata\FLEXnet
    2009-07-15 22:47 . 2009-07-15 22:47
    d
    w- c:\program files\Adobe Media Player
    2009-07-15 22:44 . 2009-07-15 22:44
    d
    w- c:\program files\Common Files\Adobe AIR
    2009-07-15 22:04 . 2009-07-15 22:21
    d
    w- c:\users\Jen n Justin\AppData\Roaming\Download Manager
    2009-07-15 10:42 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
    2009-07-15 10:42 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
    2009-07-15 10:42 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
    2009-07-14 20:13 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-14 20:13 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-14 20:13 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-14 20:13 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-07 16:14 . 2009-07-07 16:16
    d
    w- c:\program files\RescuePRO
    2009-06-29 04:39 . 2009-06-29 04:39
    d
    w- c:\program files\1964
    2009-06-29 04:18 . 2009-06-29 04:18 8854 ----a-r- c:\users\Jen n Justin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
    2009-06-29 04:18 . 2009-06-29 04:18 40960 ----a-r- c:\users\Jen n Justin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2009-06-29 04:18 . 2009-06-29 04:18 40960 ----a-r- c:\users\Jen n Justin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2009-06-29 04:18 . 2009-06-29 04:22
    d
    w- c:\program files\Project64 1.6
    2009-06-28 18:41 . 2009-06-28 18:41
    d
    w- c:\program files\Microsoft Xbox 360 Accessories
    2009-06-28 18:23 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-06-28 02:39 . 2009-06-28 02:39 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-06-23 13:59 . 2009-02-10 09:34 43872
    w- c:\windows\system32\drivers\PxHelp20.sys
    2009-06-23 13:59 . 2009-02-10 09:34 9200
    w- c:\windows\system32\drivers\cdralw2k.sys
    2009-06-23 13:59 . 2009-02-10 09:34 9072
    w- c:\windows\system32\drivers\cdr4_xp.sys
    2009-06-23 13:59 . 2009-06-23 13:59
    d
    w- c:\program files\Common Files\PX Storage Engine
    2009-06-22 16:29 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-06-22 16:29 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-06-22 16:29 . 2009-06-22 16:29
    d
    w- c:\program files\iPod
    2009-06-22 16:29 . 2009-06-22 16:29
    d
    w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-22 16:29 . 2009-06-22 16:29
    d
    w- c:\program files\iTunes
    2009-06-22 16:27 . 2009-06-22 16:27
    d
    w- c:\program files\Bonjour
    2009-06-22 16:26 . 2009-06-22 16:26
    d
    w- c:\program files\QuickTime
    2009-06-22 16:20 . 2009-06-22 16:20 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-20 21:54 . 2008-05-16 08:09
    d
    w- c:\program files\Common Files\Adobe
    2009-07-20 13:27 . 2008-12-25 05:09
    d
    w- c:\programdata\Google Updater
    2009-07-18 03:08 . 2008-11-28 17:22
    d
    w- c:\program files\Trend Micro
    2009-07-15 23:31 . 2008-10-03 23:19
    d
    w- c:\users\Jen n Justin\AppData\Roaming\LimeWire
    2009-07-15 22:53 . 2008-09-27 00:05 78888 ----a-w- c:\users\Jen n Justin\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-07-15 10:44 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2009-07-13 03:44 . 2008-10-10 03:44
    d
    w- c:\programdata\DVD Shrink
    2009-06-28 18:48 . 2009-06-28 18:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
    2009-06-22 16:37 . 2008-10-14 04:12
    d
    w- c:\programdata\Apple
    2009-06-22 16:29 . 2008-10-14 04:12
    d
    w- c:\program files\Common Files\Apple
    2009-06-17 04:31 . 2008-10-04 18:06 322 ----a-w- c:\users\Jen n Justin\AppData\Roaming\wklnhst.dat
    2009-06-12 20:47 . 2008-05-16 08:01
    d
    w- c:\program files\Microsoft Works
    2009-06-12 20:46 . 2008-05-16 08:12
    d
    w- c:\programdata\Microsoft Help
    2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-03 11:37 . 2009-06-03 11:37
    d
    w- c:\program files\MSXML 4.0
    2009-06-01 23:50 . 2008-05-16 07:58
    d--h--w- c:\program files\InstallShield Installation Information
    2009-06-01 23:48 . 2009-06-01 23:48 49152 ----a-r- c:\users\Jen n Justin\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
    2009-06-01 23:48 . 2009-06-01 23:44
    d
    w- c:\program files\Common Files\Nikon
    2009-06-01 23:47 . 2009-06-01 23:47 57344 ----a-r- c:\users\Jen n Justin\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2009-06-01 23:46 . 2009-06-01 23:44
    d
    w- c:\program files\Nikon
    2009-06-01 23:46 . 2009-06-01 23:46 20 ---h--w- c:\programdata\PKP_DLdw.DAT
    2009-06-01 23:46 . 2009-06-01 23:43
    d
    w- c:\programdata\Ultima_T15
    2009-06-01 23:46 . 2009-06-01 23:43
    d
    w- c:\programdata\EnterNHelp
    2009-06-01 23:44 . 2009-06-01 23:44
    d
    w- c:\program files\Common Files\muvee Technologies
    2009-06-01 23:44 . 2009-06-01 23:44
    d
    w- c:\programdata\Nikon
    2009-06-01 23:43 . 2009-06-01 23:43 20 ---h--w- c:\programdata\PKP_DLdu.DAT
    2009-06-01 23:43 . 2003-03-19 16:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
    2009-05-16 21:49 . 2009-05-16 21:49 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2009-04-30 12:37 . 2009-06-14 14:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2009-04-30 12:37 . 2009-06-14 14:34 428544 ----a-w- c:\windows\system32\EncDec.dll
    2009-04-24 16:05 . 2009-06-11 23:53 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-04-24 16:02 . 2009-06-11 23:53 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-24 13:44 . 2009-06-11 23:53 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-04-23 12:43 . 2009-06-11 23:53 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-11 23:53 636928 ----a-w- c:\windows\system32\localspl.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Upromise"="c:\program files\Upromise\Upromise.exe" [2008-08-18 536576]
    "Upromise Update"="c:\program files\Upromise\UpromiseUa.exe" [2008-08-18 172032]
    "Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2008-08-25 167936]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

    c:\users\Jen n Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-5-16 2342912]
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AutoUpdateDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{0AC07E3E-C499-4EB9-8DC3-AB4FE2A18EF4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{83BD11B7-D101-4046-AA8E-81CF7AEE2F35}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{009DE9D0-26FB-448E-BA5E-ADDE06C57FFD}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{807AD7F2-6ED6-421E-A7D4-7685635A51C4}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
    "{64B3FDFD-2B6A-4663-A7F8-3DB6923AE86C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{ADD12477-6483-48D2-A0F9-7F42B79378EC}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{B0C7C25E-AEE1-4C9C-8B74-B07085C93561}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{E7082A10-4332-40C6-AE49-F60A8B803919}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{0BE79526-D9B8-42DE-AF81-A1EBCA0DD6F2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{C821B51B-96A9-47B3-9B3A-1B9144EA8B9E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{7027A3FE-1BBD-4308-B799-2D04B7144F67}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{5ED44F0C-9192-437E-8059-052568C707E1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [12/24/2008 3:09 PM 145424]
    R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [7/15/2009 6:42 AM 36368]
    R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [12/24/2008 3:09 PM 256528]
    S2 gupdate1c9664f2851502f;Google Update Service (gupdate1c9664f2851502f);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2008 1:10 AM 133104]
    S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [12/24/2008 3:09 PM 50192]
    S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [12/24/2008 3:18 PM 497008]
    S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/24/2008 3:18 PM 677128]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 6:25 AM 2589184]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-20 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 03:40]

    2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-25 13:48]

    2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-25 13:48]

    2009-07-20 c:\windows\Tasks\User_Feed_Synchronization-{CA6E3A24-140F-462E-AE13-91A0C3A6488F}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.aol.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=ENG_US&Sys=DTP&M=T5274
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-20 19:22
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    LOCKED REGISTRY KEYS

    [HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #c%^*]
    @Class=&quot;Shell"

    [HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* #c%^*\OpenWithList]
    @Class=&quot;Shell"

    [HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.* #c%^*]
    "0"=hex:77,00,40,00,ed,00,e7,00,7e,00,3e,00,5b,25,52,25,2e,00,20,23,63,25,5e,
    00,00,00,76,00,36,00,00,00,00,00,00,00,00,00,00,00,77,00,40,00,ed,00,e7,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2009-07-20 19:24
    ComboFix-quarantined-files.txt 2009-07-20 23:24

    Pre-Run: 176,322,334,720 bytes free
    Post-Run: 176,546,717,696 bytes free

    253 --- E O F --- 2009-07-17 11:33
  • KatanaKatana
    edited July 2009
    Information
    c:\Users\jen n justin\AppData\Local\Temp\temp1_photoshop cs4 crack (keygen is included).zip
    c:\Users\jen n justin\AppData\Local\Temp\temp1_photoshop cs4 crack + crack.zip
    Do you know anything about these files ?



    Step 1

    Disable resident protections (Antivirus...); you'll re-enable them after the scan

    Download Lop S&D < here

    Double-click Lop S&D.exe
    Choose the language, then choose Option 1 (Search)
    Wait till the end of the scan
    Post the log which is created: (%SystemDrive%\lopR.txt)

    Step 2

    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • LOP S&D Log
    • Kaspersky Log
    • How are things running now ?
  • KatanaKatana
    edited July 2009
    Since you haven't replied for three days, I suspect that you do know what the cracked files are.



    Cracks/Kegens/Warez etc.

    As you have admitted to, or the log(s) you've posted indicate that, you've used one or more of the above, we can not provide you with any help.

    We do NOT knowingly provide help for anyone using any form of cracked software and/or Operating Systems.

    In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.
    The distribution and use of cracked software is illegal in almost every developed country.
    They are also one of the biggest causes of infection.

    This applies to Cracks, Keygens and Warez

    As most other forums have the same policy, your best option is to format and re-install your operating system and programs from legitimate sources.

    In the future I strongly suggest you stay away from using cracks and/or Keygens.

    This topic will be closed and archived.
Sign In or Register to comment.