Trojan.Agent, Stolen.Data, Malware.Trace

Travelbaron · 02-Sep-2012, 11:57 PM #1

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 501 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
Hard Drives: C: Total - 57223 MB, Free - 21471 MB;
Motherboard: FUJITSU, FJNB1B5
Antivirus: Symantec Endpoint Protection, Updated: No, On-Demand Scanner: Enabled

I run Malwarebytes and continually get the following:
Trojan.Agent File C:\Documents and Settings\1000ApplicationData\torrent.exe
Stolen.Data File C:\Documents and Settings\1000ApplicationData\key
Malware.Trace Registry Key HKCU\Software\VB and VBA Program Settings\SrvID

I clear them and they are back right away.
Here is the hijackthis.log information:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:01:09 PM, on 9/2/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\system32\EMSService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\System32\CMGShieldUI.exe
C:\WINDOWS\Dll32Agent.Exe
C:\WINDOWS\system32\EmsServiceHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\IdleProc.exe
C:\Documents and Settings\1000\Application Data\Verizon\UA_ar\UtilityApplication.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\reg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\1000\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
O4 - HKLM\..\Run: [WSPPurge] C:\Program Files\Aflac\Common\WSPPurge.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Aflac_Do_Not_Remove] C:\Aflac2000\WSPInfo.exe
O4 - HKLM\..\Run: [!SysInit] c:\windows\system32\mschksys.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [CmgShieldUI] C:\WINDOWS\System32\CMGShieldUI.exe
O4 - HKLM\..\Run: [EmsService] EmsServiceHelper.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VerifyAfariaDownload] C:\Program Files\Aflac\SNG\VerifyAfariadownload.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Afaria Client Event Monitor] C:\Program Files\AClient\Bin\XCMonitor.exe
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\AClient\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cvcss] C:\Documents and Settings\1000\Application Data\cvcss.exe
O4 - Startup: Launch Utility Application.lnk = C:\Documents and Settings\1000\Application Data\Verizon\UA_ar\UtilityApplication.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1345063325546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1345063305203
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/J...etupClient.cab
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CMGShield - Credant Technologies, Inc. - C:\WINDOWS\system32\CmgShieldSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EMS - CREDANT Technologies, Inc. - C:\WINDOWS\system32\EMSService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 13245 bytes

Here is the dds.txt information:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by 9V8X at 17:04:05 on 2012-09-02
.
============== Running Processes ===============
.
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\system32\EMSService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\System32\CMGShieldUI.exe
C:\WINDOWS\Dll32Agent.Exe
C:\WINDOWS\system32\EmsServiceHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\IdleProc.exe
C:\Documents and Settings\1000\Application Data\Verizon\UA_ar\UtilityApplication.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
C:\WINDOWS\system32\reg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\1000\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\1000\My Documents\Downloads\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo1.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo1.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cvcss] c:\documents and settings\1000\application data\cvcss.exe
mRun: [WSPPurge] c:\program files\aflac\common\WSPPurge.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Aflac_Do_Not_Remove] c:\aflac2000\WSPInfo.exe
mRun: [!SysInit] c:\windows\system32\mschksys.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe
mRun: [EmsService] EmsServiceHelper.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [VerifyAfariaDownload] c:\program files\aflac\sng\VerifyAfariadownload.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Afaria Client Event Monitor] c:\program files\aclient\bin\XCMonitor.exe
mRun: [Afaria Client File Differencing] c:\program files\aclient\bin\XCDiffCache.exe
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345063325546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345063305203
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D72EBCF1-5283-4765-BBCF-4B3E85E7D4E8} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\1000\application data\mozilla\firefox\profiles\uknh0onq.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/413
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=126&systemid=413&sr=0&q=
FF - component: c:\documents and settings\1000\application data\mozilla\firefox\profiles\uknh0onq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\program files\searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - plugin: c:\documents and settings\1000\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\1000\application data\mozilla\firefox\profiles\uknh0onq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_05.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\1000\application data\Move Networks
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\documents and settings\1000\application data\NetAssistant
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentControl2 Community Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - %profile%\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? CmgShieldNP;CmgShieldNP
R? COH_Mon;COH_Mon
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? PTDMBus;PANTECH USB Modem Composite Device Driver
R? PTDMMdm;PANTECH USB Modem Drivers
R? PTDMVsp;PANTECH USB Modem Serial Port
R? PTDMWFLT;PTDMWWAN Filter Driver
R? PTDMWWAN;PANTECH USB Modem WWAN Driver
R? TOPAZUSB;TopazUsb.Sys Topaz Tablet USB Driver
R? vsdatant;vsdatant
R? WMZuneComm;Zune Windows Mobile Connectivity Service
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? CMGShield;CMGShield
S? CmgShieldCEF;CmgShieldCEF
S? CMGShieldReg;CMGShieldReg
S? EMS;EMS
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? O2MDRDR;O2MDRDR
S? O2SDRDR;O2SDRDR
S? SafDskNT;SafDskNT
S? Symantec AntiVirus;Symantec Endpoint Protection
.
=============== Created Last 30 ================
.
2012-09-02 22:50:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-23 00:21:04 -------- d-----w- c:\documents and settings\1000\AppData
2012-08-22 17:27:13 -------- d-----w- c:\documents and settings\1000\application data\Malwarebytes
2012-08-22 17:26:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-22 17:26:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 17:26:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-22 00:28:10 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2012-08-22 00:27:56 -------- d-----w- c:\program files\Searchqu Toolbar
2012-08-22 00:27:34 360448 ----a-w- c:\windows\system32\TubeFinder.exe
2012-08-22 00:27:30 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-08-22 00:27:29 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2012-08-22 00:27:29 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2012-08-22 00:27:28 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2012-08-22 00:27:27 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-08-22 00:27:26 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-08-22 00:27:26 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2012-08-22 00:27:23 -------- d-----w- c:\program files\Free FLV Converter
2012-08-22 00:27:23 -------- d-----w- c:\documents and settings\1000\application data\FreeFLVConverter
2012-08-16 07:45:50 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-08-16 07:00:37 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-08-16 02:19:49 315904 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
2012-08-16 02:19:46 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
2012-08-16 02:12:19 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-08-16 02:11:44 589824 ----a-w- c:\windows\system32\hpost_d02d.dll
2012-08-16 02:11:43 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-08-16 02:11:43 315392 ----a-w- c:\windows\system32\hposc_d02a.dll
2012-08-16 02:11:42 713728 ----a-w- c:\windows\system32\hposwia_d02d.dll
2012-08-15 23:30:14 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-15 23:29:39 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-15 23:26:54 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-15 23:26:54 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-15 23:17:18 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-15 23:05:28 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-15 22:20:58 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-15 22:20:46 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-15 22:19:45 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-15 22:19:30 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-08-15 22:18:21 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-15 22:16:05 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-15 20:43:22 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-08-11 00:23:52 -------- d-----w- c:\program files\AClient
2012-08-11 00:22:47 -------- d-----w- c:\program files\common files\AfariaCommon
2012-08-10 21:39:46 -------- d-----w- c:\documents and settings\1000\local settings\application data\LogMeIn Rescue Applet
2012-08-08 23:42:31 -------- d-----w- c:\program files\VideoLAN
2012-08-08 23:39:41 -------- d-----w- c:\documents and settings\1000\local settings\application data\TNT2
2012-08-08 16:13:13 60304 ----a-w- c:\documents and settings\1000\g2mdlhlpx.exe
2012-08-05 06:43:23 -------- d-----w- c:\documents and settings\1000\application data\tiger-k
2012-08-05 06:43:22 -------- d-----w- c:\documents and settings\all users\application data\Leawo
2012-08-05 06:43:22 -------- d-----w- c:\documents and settings\1000\application data\Leawo
2012-08-05 06:41:13 175616 ----a-w- c:\windows\system32\unrar.dll
2012-08-05 06:41:08 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-08-05 06:39:41 606208 ----a-w- c:\windows\system32\xvidcore.dll
2012-08-05 06:39:41 139264 ----a-w- c:\windows\system32\xvid.ax
2012-08-05 06:39:23 -------- d-----w- c:\program files\Leawo
2012-08-05 06:35:05 -------- d-----w- c:\documents and settings\1000\application data\Xilisoft
2012-08-05 06:26:49 -------- d-----w- c:\documents and settings\1000\application data\GetRightToGo
.
==================== Find3M ====================
.
2012-08-15 00:28:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 00:28:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-19 16:27:47 467968 ----a-w- c:\documents and settings\1000\application data\cvcss.zgy
2012-07-19 16:27:47 467968 ----a-w- c:\documents and settings\1000\application data\cvcss.exe
2012-07-19 05:36:13 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2006-11-28 21:33:52 143360 --sha-r- c:\windows\IdleProc.exe
2006-11-28 21:33:52 200704 --sha-r- c:\windows\MsCae32.dll
2006-11-28 21:33:52 172032 --sha-r- c:\windows\system32\MsChkSys.dll
2006-11-28 21:33:52 339968 --sha-r- c:\windows\system32\MsChkSys.exe
2006-11-28 21:33:52 22528 --sha-r- c:\windows\system32\Optic32.dll
2006-11-28 21:33:52 176128 --sha-r- c:\windows\system32\SafPwd32.dll
2006-11-28 21:33:52 77824 --sha-r- c:\windows\system32\SdwChang.exe
2006-11-28 21:33:52 90112 --sha-r- c:\windows\system32\SdwCreat.exe
2006-11-28 21:33:52 77824 --sha-r- c:\windows\system32\SdwExpan.exe
2006-11-28 21:33:52 282624 --sha-r- c:\windows\system32\SdwLib.dll
2006-11-28 21:33:52 110592 --sha-r- c:\windows\system32\SdwMap32.exe
2006-11-28 21:33:52 77824 --sha-w- c:\windows\system32\drivers\SafDskNT.sys
.
============= FINISH: 17:05:50.90 ===============

I've attached the Attach.txt file

I received the following error message so I attached the ark.txt file. I hope that is acceptable.

Thank you in advance for your help. It's really appreciated.

Travelbaron · 13-Sep-2012, 08:29 PM #2

Is there any other information I need to supply?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Trojan.Agent, Stolen.Data, Malware.Trace

Find the solution to your computer problem!

Find the solution to your
computer problem!