WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


100k searches issue

3 posters

description100k searches issue - Page 1 EmptyRe: 100k searches issue18th August 2011, 8:28 pm

more_horiz
Hi,

Here is the ComboFix log:

ComboFix 11-08-18.02 - pscully 08/18/2011 16:12:29.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2616 [GMT -4:00]
Running from: c:\documents and settings\pscully\Desktop\Fixes\commy.exe
Command switches used :: c:\documents and settings\pscully\Desktop\Fixes\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\msiexec.exe --> c:\windows\system32\msiexec.exe
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 20:06 . 2011-08-18 20:06 -------- d-----w- c:\documents and settings\pscully\Application Data\smkits
2011-08-18 19:22 . 2011-08-18 19:22 -------- d-----w- c:\documents and settings\pscully\Local Settings\Application Data\BostonUniversity
2011-08-18 13:01 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-18 13:01 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-18 13:01 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-18 13:01 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-18 13:01 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-18 13:01 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-18 13:01 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-18 13:01 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-10 22:38 . 2011-08-10 22:38 -------- d-----w- c:\program files\VirusTotalUploader2
2011-08-08 13:40 . 2011-08-08 13:40 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-08 13:40 . 2011-08-08 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-08-08 13:34 . 2011-08-08 13:34 -------- d--h--w- c:\windows\PIF
2011-08-04 14:14 . 2011-08-04 14:14 -------- d-----w- c:\windows\system32\Wave Systems Corp
2011-08-04 13:25 . 2011-08-04 13:25 -------- d-----w- c:\documents and settings\pscully\Application Data\Malwarebytes
2011-08-04 13:25 . 2011-08-04 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-03 14:11 . 2011-08-03 14:32 -------- d-----w- c:\documents and settings\pscully\Application Data\InfraRecorder
2011-08-03 14:10 . 2011-08-03 14:10 -------- d-----w- c:\program files\InfraRecorder
2011-08-03 12:32 . 2011-08-03 12:32 -------- d-----w- C:\Downloads
2011-08-03 12:31 . 2011-08-15 18:01 -------- d-----w- c:\program files\FlashGet
2011-07-28 16:53 . 2011-07-28 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2011-07-28 16:53 . 2011-07-28 16:53 -------- d-----w- c:\program files\TechSmith
2011-07-28 16:53 . 2011-07-28 16:53 -------- d-----w- c:\documents and settings\pscully\Local Settings\Application Data\TechSmith
2011-07-28 16:51 . 2011-07-28 16:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-28 02:36 . 2011-07-28 02:36 -------- d-----w- c:\documents and settings\pscully\Local Settings\Application Data\PCHealth
2011-07-28 02:14 . 2011-07-28 02:22 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-28 01:17 . 2011-07-28 01:17 -------- d-----w- c:\program files\Common Files\L&H
2011-07-28 01:04 . 2011-07-28 01:04 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 19:58 . 2011-01-14 18:17 0 ----a-w- c:\documents and settings\pscully\Local Settings\Application Data\WavXMapDrive.bat
2011-08-15 00:08 . 2011-07-13 12:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-28 02:11 . 2011-02-24 16:52 2377696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-02 14:07 . 2010-11-16 09:37 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-12 05:57 . 2011-08-18 13:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-03_13.14.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-18 19:54 . 2011-08-18 19:54 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
+ 2010-11-16 09:37 . 2011-08-18 20:00 582036 c:\windows\system32\perfh009.dat
- 2010-11-16 09:37 . 2011-08-03 13:17 582036 c:\windows\system32\perfh009.dat
+ 2010-11-16 09:37 . 2011-08-18 20:00 116426 c:\windows\system32\perfc009.dat
- 2010-11-16 09:37 . 2011-08-03 13:17 116426 c:\windows\system32\perfc009.dat
+ 2011-08-15 00:08 . 2011-08-15 00:08 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe
+ 2011-01-14 21:46 . 2011-08-15 00:08 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-29 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-29 144920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-03-29 278528]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-09-15 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-14 158592]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-14 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"RightFAX Print-to-Fax Driver"="c:\program files\RightFax\Client\FaxCtrl.exe" [2007-03-22 98304]
"eCopy Scan Inbox Monitor"="c:\program files\eCopy\Desktop 9.0\Bin\InboxMonitor.exe" [2006-11-21 65536]
"eDP2eD"="c:\program files\eCopy\Desktop 9.0\Bin\eDP2eD.exe" [2006-11-21 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Asset Insight SUM"="c:\program files\Insight\Tools\AISOFTMN.EXE" [2002-04-23 8091]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2008-05-27 434176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2723623973-1505943458-2159161028-60746\Scripts\Logon\0\0]
"Script"=RAdminConfig.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RdcyHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\NmspHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\DaClient.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\VStudio.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Program Files\\Rockwell Software\\RSCommon\\rssql_xml.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_tmctrl.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_trnmgr.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_cfg_server.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_comp_storer.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_lnxcoll.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_rnacoll.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_rsvcoll.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_opccoll.exe"=
"c:\\Program Files\\Rockwell Software\\RSSql\\rssql_trx_csv.exe"=
"c:\\Program Files\\Schneider Electric\\ConneXium\\LANconfig\\lanconf.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:UDP"= 4899:UDP:RAdmin
"4899:TCP"= 4899:TCP:RAdmin
"135:TCP"= 135:TCP:Port 135 TCP
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"400:TCP"= 400:TCP:Port 400 TCP
"401:TCP"= 401:TCP:Port 401 TCP
"402:TCP"= 402:TCP:Port 402 TCP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\VirtualBackplane.sys [07/23/2008 4:07 PM 63544]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [11/20/2009 6:42 PM 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [12/17/2009 11:45 AM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [12/17/2009 11:45 AM 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [12/10/2009 2:09 PM 376608]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [01/17/2011 2:47 PM 49152]
R2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [06/25/2008 2:14 PM 218408]
R2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [06/25/2008 2:14 PM 218408]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [11/16/2010 5:31 AM 47616]
R2 rssql_cfg_server;FactoryTalk Transaction Manager Configuration Server;c:\program files\Rockwell Software\RSSql\rssql_cfg_server.exe [09/25/2007 8:46 PM 229444]
R2 rssql_comp_storer;FactoryTalk Transaction Manager Compression Server;c:\program files\Rockwell Software\RSSql\rssql_comp_storer.exe [09/25/2007 8:48 PM 114757]
R2 UsbConnect;Usb PLC;c:\windows\system32\UsbConnect.exe [01/17/2011 2:48 PM 77824]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [11/16/2010 5:30 AM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/16/2010 5:30 AM 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [11/16/2010 5:31 AM 33832]
R3 Duntlw;UNTLW device;c:\windows\system32\drivers\DuntlwNT.sys [01/17/2011 2:47 PM 53568]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [11/16/2010 5:30 AM 167080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/27/2011 4:00 AM 105592]
R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [06/25/2008 2:12 PM 222504]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [11/16/2010 5:31 AM 132352]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [11/16/2010 5:31 AM 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/2010 2:16 PM 130384]
S2 FTActivationBoost;FactoryTalk Activation Helper;"c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe" --> c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [?]
S2 r_server;Remote Administrator Service;c:\program files\RAdmin\r_server.exe [07/24/2001 12:15 PM 241664]
S3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;c:\program files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [07/23/2008 4:19 PM 106496]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [01/20/2011 3:01 PM 20160]
S3 ClmbxPnP;Cyberlogic MBX Driver (PnP);c:\windows\system32\Drivers\ClmbxPnP.sys --> c:\windows\system32\Drivers\ClmbxPnP.sys [?]
S3 CLMbxUsb;Cyberlogic MBX Driver (USB);c:\windows\system32\drivers\CLMbxUsb.sys [01/21/2011 4:54 PM 94608]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [09/15/2009 3:59 PM 23888]
S3 eMBX;Cyberlogic Ethernet MBX Driver;c:\program files\Cyberlogic\Ethernet MBX Driver\EMbxRpcS.exe [02/05/2008 3:51 PM 222480]
S3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [07/08/2005 8:21 AM 1425408]
S3 gMBX;Cyberlogic MBX Gateway Server;c:\program files\Common Files\Cyberlogic Shared\gMbxRpcS.exe [10/04/2007 11:00 AM 182544]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/25/2010 1:07 PM 35088]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [07/05/2008 7:19 PM 39067]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [07/05/2008 7:19 PM 155440]
S3 rssql_ddecoll;FactoryTalk Transaction Manager DDE Connector;c:\program files\Rockwell Software\RSSql\rssql_ddecoll.exe [09/25/2007 8:48 PM 118849]
S3 rssql_lnxcoll;FactoryTalk Transaction Manager RSlinx Connector;c:\program files\Rockwell Software\RSSql\rssql_lnxcoll.exe [09/25/2007 8:48 PM 315457]
S3 rssql_mts_storer;FactoryTalk Transaction Manager COM+ Enterprise Connector;c:\program files\Rockwell Software\RSSql\rssql_mts_storer.exe [09/25/2007 8:48 PM 65604]
S3 rssql_oci_storer;FactoryTalk Transaction Manager OCI Enterprise Connector ;c:\program files\Rockwell Software\RSSql\rssql_oci_storer.exe [09/25/2007 8:47 PM 73796]
S3 rssql_oledb_storer;FactoryTalk Transaction Manager OLE-DB Enterprise Connector ;c:\program files\Rockwell Software\RSSql\rssql_oledb_storer.exe [09/25/2007 8:47 PM 65606]
S3 rssql_opccoll;FactoryTalk Transaction Manager OPC Connector;c:\program files\Rockwell Software\RSSql\rssql_opccoll.exe [09/25/2007 8:48 PM 315457]
S3 rssql_rnacoll;FactoryTalk Transaction Manager FactoryTalk Connector;c:\program files\Rockwell Software\RSSql\rssql_rnacoll.exe [09/25/2007 8:49 PM 315457]
S3 rssql_rsvcoll;FactoryTalk Transaction Manager RSView Connector;c:\program files\Rockwell Software\RSSql\rssql_rsvcoll.exe [09/25/2007 8:48 PM 307265]
S3 rssql_storer;FactoryTalk Transaction Manager ODBC Enterprise Connector;c:\program files\Rockwell Software\RSSql\rssql_storer.exe [09/25/2007 8:47 PM 69696]
S3 rssql_tb;FactoryTalk Transaction Manager Transaction Manager Service;c:\program files\Rockwell Software\RSSql\rssql_trnmgr.exe [09/25/2007 8:47 PM 155712]
S3 rssql_tmctrl;FactoryTalk Transaction Manager Transaction and Control Manager ;c:\program files\Rockwell Software\RSSql\rssql_tmctrl.exe [09/25/2007 8:47 PM 176192]
S3 SimModuleService;1789-SIM Simulator Module;c:\program files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [07/23/2008 4:09 PM 98304]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/16/2010 5:37 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/2010 2:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [07/22/2009 11:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [03/30/2009 4:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [03/30/2009 4:23 AM 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://swebi.schneider-electric.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 139.158.8.4 10.171.189.88 139.160.64.155 157.198.12.10
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\pscully\Application Data\Mozilla\Firefox\Profiles\1bb1k3xt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 16:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe???????????Nj?w??????@???D????????|P?E????|???????????????|????P?E?????????8???????????????????>?@?????T???@????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4540)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-08-18 16:25:07
ComboFix-quarantined-files.txt 2011-08-18 20:25
ComboFix2.txt 2011-08-03 13:20
.
Pre-Run: 40,798,785,536 bytes free
Post-Run: 40,909,385,728 bytes free
.
- - End Of File - - AE5547FEF9477E2FF366DB2E68D0E251


Thanks,

description100k searches issue - Page 1 EmptyRe: 100k searches issue19th August 2011, 3:41 am

more_horiz
Hi,

100k searches issue - Page 1 Bf_new Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

............................................................................................

I'm livin' life in the fast lane.

description100k searches issue - Page 1 EmptyRe: 100k searches issue19th August 2011, 1:17 pm

more_horiz
Hi,

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7507

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/19/2011 9:16:03 AM
mbam-log-2011-08-19 (09-16-03).txt

Scan type: Quick scan
Objects scanned: 211163
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks,

description100k searches issue - Page 1 EmptyRe: 100k searches issue20th August 2011, 5:16 pm

more_horiz
What other signs of infection are there?

description100k searches issue - Page 1 EmptyRe: 100k searches issue21st August 2011, 12:35 pm

more_horiz
Hi,

My Windows installer is working now. The only thing that is out of the ordinary is my 'Symantic Endpoint Protection File System Auto-Protect is malfunctioning'

I ran Malwarebytes again after a reboot and got those same two hits:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Is this an issue?

Thanks,

description100k searches issue - Page 1 EmptyRe: 100k searches issue21st August 2011, 5:56 pm

more_horiz
Not much of an issue...

do you want to try to reinstall your Symantec Product?

description100k searches issue - Page 1 EmptyRe: 100k searches issue22nd August 2011, 6:06 pm

more_horiz
Hi,

I will try the reinstall.

Thank you guys so much. I'll let you know how it goes.

description100k searches issue - Page 1 EmptyRe: 100k searches issue22nd August 2011, 8:43 pm

more_horiz
OKAY

description100k searches issue - Page 1 EmptyRe: 100k searches issue

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum