Jump to content

fullhouse

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. fullhouse
    Mr. C, Everything seems to be running fine, I can connect suf the internet using explorer, however firefox doesnt seem to have the files needed to run now. Do you think it would be okay to reinstall firefox? Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: YOUR-14B55A8A15 [administrator] 8/10/2012 8:04:46 PM mbam-log-2012-08-10 (20-04-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228500 Time elapsed: 6 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\Owner\Local Settings\temp\soap0_wsdl.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully. (end)
  2. fullhouse
    I'm not sure if ComboFix finished running I had it up for almost 2 hours, the progress bar across the top never did go all the way across it stopped half way. ComboFix 11-12-15.02 - Owner 12/15/2011 18:26:59.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.486 [GMT -5:00] Running from: c:\techtools\ComboFix.exe AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Owner\WINDOWS c:\documents and settings\Takeela\WINDOWS c:\windows\system32\config\systemprofile\WINDOWS D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE . . ((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 ))))))))))))))))))))))))))))))) . . 2011-12-15 22:46 . 2011-12-15 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks 2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-15 22:32 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-15 22:30 . 2011-12-15 22:31 -------- d-----w- C:\TechTools 2011-12-15 22:28 . 2011-12-15 22:28 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2011-12-15 22:24 . 2011-12-15 22:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-12-15 21:20 . 2011-12-15 21:21 -------- d-----w- c:\documents and settings\Administrator 2011-12-15 04:20 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-12-15 04:20 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-12-15 04:20 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-12-13 20:28 . 2011-12-13 20:28 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2011-12-13 15:00 . 2011-12-13 15:00 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2011-12-13 14:36 . 2011-12-13 14:38 -------- dc-h--w- c:\windows\ie8 2011-12-09 17:10 . 2011-12-13 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ETTB 2011-12-09 17:03 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-12-09 17:03 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-12-09 17:03 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-12-09 17:03 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-12-04 17:42 . 2011-12-15 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2011-12-04 17:42 . 2011-12-04 17:43 -------- d-----w- c:\program files\PCPitstop . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-15 23:13 . 2011-06-09 01:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:24 . 2011-11-04 11:24 1409 ----a-w- c:\windows\QTFont.for 2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2007-10-09 18:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2004-08-26 16:12 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2004-08-26 16:12 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-11-23 02:06 . 2011-10-13 11:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}] 2008-04-17 07:44 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}] 2008-04-29 23:50 650680 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1047.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED BigFix.lnk - c:\program files\BigFix\BigFix.exe [2007-4-26 2348584] run_startmenu.cmd [2004-10-11 45] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearSharePersonalization] 2008-04-29 23:50 1251768 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalization.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center] 2011-09-26 17:27 24216 ----a-w- c:\program files\PCPitstop\Info Center\InfoCenter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-03-30 14:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder] 2011-10-26 16:42 325280 ----a-w- c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PCPitstop Scheduling"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/13/2011 3:28 AM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/13/2011 3:28 AM 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 8:57 PM 819320] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/13/2011 3:28 AM 136312] R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/12/2008 10:51 PM 2560] R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [5/13/2011 3:28 AM 130008] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/9/2009 9:54 PM 123320] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/9/2009 9:54 PM 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/12/2011 6:27 AM 106104] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSXpx86.sys [12/14/2011 9:15 PM 356280] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:01 AM 135664] S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:01 AM 135664] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/4/2011 12:42 PM 91816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:54] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:54] . 2007-04-26 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] . 2007-04-26 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vs4ln1ej.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-15 18:41 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB] "1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a, c2 "2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd, 76,64,10,04,f0,92,77,f9,20 "3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83, 07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d . [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\0ECC3A43B9416605BEB3AE7E61B07718] "1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e, 1a,42,2c,55,e0,34,81,ae,ca "2"=hex:ff,46,a9,cd,53,d2,ef,98 "3"=hex:7a,df,d5,4c,57,ae,df,52,45,12,ef,74,0e,81,42,21,d4,1c,0f,64,a2,89,b4, 0d,9a,3d,ad,bd,91,54,13,86,71,a9,24,13,8f,26,dd,dc,3c,ad,c8,64,9e,27,1b,2b,\ "4"=hex:2f,ad,a2,e7,8a,bf,05,5e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e, 1a,a6,9a,22,80,3b,be,a2,ab,0f,c9,d8,50,26,f2,97,29,00,1d,dc,11,71,88,89,5e,\ "7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73, d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\ "8"=hex:63,5a,d7,1b,b1,d4,18,46,0a,a7,b3,1c,99,c8,a4,fc,b2,a0,c4,0f,9f,bf,5f, 2d,98,42,c1,23,08,65,81,7e,37,62,bf,dc,f3,71,e2,a0 "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:4b,72,8f,bc,6c,3f,e4,15 "10"=hex:81,20,8f,ab,28,6a,52,9c "11"=hex:81,20,8f,ab,28,6a,52,9c "12"=hex:ef,75,97,fd,82,af,ad,38,06,46,3e,0c,eb,80,ea,c5,cf,e8,34,1f,86,30,bb, 80,a7,73,39,43,0a,92,37,98,2c,8a,2d,c4,2b,32,ba,d2,27,d7,cc,cf,4d,ad,fe,0a,\ "13"=hex:a2,c8,03,1d,e8,4d,1d,93,50,ca,cf,49,25,90,fd,e0,7f,10,80,4a,52,41,7f, 8f "14"=hex:b9,fb,ea,14,55,b7,5a,f0 "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:56,47,2e,66,99,1b,a5,d3,fc,7b,e6,60,ef,99,e5,85 "22"=hex:81,20,8f,ab,28,6a,52,9c "15"=hex:6f,57,5e,0f,ea,60,68,3a,05,4b,2f,25,ac,de,6c,11,53,6c,8f,45,c5,1c,6c, 20,b3,52,3a,62,9d,12,59,4a,04,36,85,a4,07,60,c8,cb,f8,54,94,6a,49,45,ad,05,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(664) c:\windows\system32\sxs.dll . - - - - - - - > 'explorer.exe'(3412) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Completion time: 2011-12-15 18:46:15 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-15 23:46 . Pre-Run: 120,053,075,968 bytes free Post-Run: 120,299,216,896 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - D354E92F157A8E60DA3D5CDDEEAAE1E7
  3. fullhouse
    DDS LOG . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Owner at 13:22:05 on 2012-08-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1535 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DownloadHQ\downloadhq.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\program files\searchpredict\SearchPredict.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: BearSharePersonalization: {dd1849ea-8403-4441-8dff-7575aae1dc16} - c:\program files\bearshare applications\personalization\BearSharePersonalizationIE_v1047.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\speedbit video downloader\toolbar\grabber.dll TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [downloadhq] "c:\program files\downloadhq\downloadhq.exe" -h uRun: [DownloadAccelerator] "j:\program files\dap\DAP.exe" /STARTUP uRun: [speedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui StartupFolder: c:\docume~1\owner\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll LSP: c:\program files\speedbit video accelerator\SBLSP.dll Trusted Zone: google.com\www DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182133496453 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\vs4ln1ej.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-7 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-7 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-7 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-7 44808] R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-10-12 2560] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-5-26 131512] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-18 129976] S3 TridVid;USB2.0 VIDBOX NM;c:\windows\system32\drivers\TridVid.sys [2011-12-26 201216] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-08 01:42:31 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-08 01:41:59 41224 ----a-w- c:\windows\avastSS.scr 2012-08-08 01:41:25 -------- d-----w- c:\program files\AVAST Software 2012-08-08 01:41:25 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-08-08 00:58:13 -------- d-s---w- C:\ComboFix 2012-07-19 03:17:17 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-07-19 03:17:03 19384 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-07-19 03:17:02 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-07-19 03:17:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-07-19 03:17:01 125880 ----a-w- c:\program files\mozilla firefox\crashreporter.exe . ==================== Find3M ==================== . 2012-08-10 13:14:49 1529 --sha-w- c:\windows\system32\mmf.sys 2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-14 04:33:01 1409 ----a-w- c:\windows\QTFont.for 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-18 09:41:40 84480 ----a-w- c:\windows\system32\EasyHook32.dll 2012-05-18 09:41:40 109216 ----a-w- c:\windows\system32\EasyHook64.dll 2012-05-18 09:41:39 172032 ----a-w- c:\windows\system32\AniGIF.ocx 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll . ============= FINISH: 13:23:07.98 =============== Attach LOG . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 4/26/2007 5:53:17 PM System Uptime: 8/10/2012 7:58:31 AM (6 hours ago) . Motherboard: | | Processor: Intel® Celeron® CPU 2.93GHz | J2E1 | 2926/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 145 GiB total, 10.238 GiB free. D: is FIXED (FAT32) - 4 GiB total, 1.672 GiB free. E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP140: 6/21/2012 11:11:54 PM - System Checkpoint RP141: 6/23/2012 12:02:19 AM - System Checkpoint RP142: 6/23/2012 3:00:20 AM - Software Distribution Service 3.0 RP143: 6/25/2012 12:31:58 AM - System Checkpoint RP144: 6/28/2012 3:03:22 AM - System Checkpoint RP145: 6/29/2012 8:10:06 AM - System Checkpoint RP146: 7/1/2012 11:59:19 PM - System Checkpoint RP147: 7/3/2012 7:53:39 AM - System Checkpoint RP148: 7/8/2012 11:07:58 PM - System Checkpoint RP149: 7/11/2012 3:00:29 AM - Software Distribution Service 3.0 RP150: 7/12/2012 3:28:04 AM - System Checkpoint RP151: 7/13/2012 6:10:41 AM - System Checkpoint RP152: 7/14/2012 7:45:15 PM - System Checkpoint RP153: 7/18/2012 12:16:04 AM - System Checkpoint RP154: 7/19/2012 12:47:53 AM - System Checkpoint RP155: 7/20/2012 1:43:17 AM - System Checkpoint RP156: 7/21/2012 2:43:20 AM - System Checkpoint RP157: 7/22/2012 3:43:17 AM - System Checkpoint RP158: 7/23/2012 4:27:49 AM - System Checkpoint RP159: 7/24/2012 5:27:15 AM - System Checkpoint RP160: 7/25/2012 5:27:49 AM - System Checkpoint RP161: 7/26/2012 6:45:42 AM - System Checkpoint RP162: 7/27/2012 7:27:49 AM - System Checkpoint RP163: 7/28/2012 10:12:55 PM - System Checkpoint RP164: 7/29/2012 10:53:09 PM - System Checkpoint RP165: 7/30/2012 11:28:07 PM - System Checkpoint RP166: 8/1/2012 7:27:19 AM - System Checkpoint RP167: 8/2/2012 4:25:38 PM - System Checkpoint RP168: 8/5/2012 11:37:28 PM - System Checkpoint RP169: 8/7/2012 12:23:24 AM - System Checkpoint RP170: 8/7/2012 8:36:33 PM - Removed MediaFire Toolbar. RP171: 8/7/2012 9:41:25 PM - avast! Free Antivirus Setup RP172: 8/7/2012 9:56:30 PM - Software Distribution Service 3.0 RP173: 8/9/2012 12:21:56 AM - System Checkpoint RP174: 8/10/2012 12:48:03 AM - System Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.1 Adobe Shockwave Player 11.5 AIO_Scan Any Video Converter 3.3.8 Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus AVS Update Manager 1.0 AVS Video Converter 8 AVS4YOU Software Navigator 1.4 BearShare Best Buy Digital Music Store BigFix bitRipper Bitser Beta Bonjour BufferChm Build-a-lot - On Vacation Build-a-lot - Town of the Year Command & Conquer Generals Compatibility Pack for the 2007 Office system Copy CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder Digital Media Reader DJ_AIO_ProductContext DJ_AIO_Software DJ_AIO_Software_min Download Accelerator Plus (DAP) DownloadHQ DVD Flick 1.3.0.7 eSupportQFolder F2100 F2100_doccd F2100_Help Fast Break College Basketball 2010 Demo Free Video Joiner 1.1 GearDrvs getPlus®_ocx Google Chrome Google Update Helper honestech VHS to DVD 4.0 HD Hotel Mogul Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB954550-v5) HP Customer Participation Program 9.0 HP Deskjet All-In-One Software 9.0 HP Imaging Device Functions 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Smart Web Printing HP Solution Center 9.0 HP Update HPProductAssistant HPSSupply Imikimi Plugin Info Center 1.0.0.7 Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers iTunes Java 2 Runtime Environment, SE v1.4.2 Java Auto Updater Java 6 Update 31 JDownloader 0.9 Law & Order II: Double or Nothing Learn2 Player (Uninstall Only) Mall-A-Palooza Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch MediaFireDownloader Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2005 Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Standard Edition 2003 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Nero BurnRights Nero OEM Norton PC Checkup PowerDVD PSSWCORE QuickTime RealPlayer Basic Realtek AC'97 Audio Rhapsody Rhapsody Player Engine Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB923689) SendSpace Wizard Shop for HP Supplies Soft Data Fax Modem with SmartCP SolutionCenter SpeedBit Video Accelerator SpeedBit Video Downloader Spelling Dictionaries Support For Adobe Reader 9 Status System Requirements Lab System Requirements Lab CYRI TEW2005 TEW2007 TEW2008 Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) VideoToolkit01 Viewpoint Media Player WebFldrs XP WebReg Windows Backup Utility Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation XML Paper Specification Shared Components Pack 1.0 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 8/7/2012 9:52:13 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer AMYSPRADLIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0636A51A-AB0C. The master browser is stopping or an election is being forced. 8/7/2012 8:57:33 PM, error: Service Control Manager [7034] - The VideoAcceleratorService service terminated unexpectedly. It has done this 1 time(s). 8/7/2012 8:13:04 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 8/7/2012 8:12:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 8/7/2012 8:11:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 8/7/2012 8:11:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 8/7/2012 8:00:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI 8/7/2012 7:58:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/5/2012 11:19:50 PM, error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF). . ==== End Of File =========================== RKreport RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 08/10/2012 13:30:11 ¤¤¤ Bad processes: 3 ¤¤¤ [sUSP PATH] Runservice.exe -- C:\WINDOWS\runservice.exe -> KILLED [TermProc] [sUSP PATH] soap0_wsdl.exe -- C:\DOCUME~1\Owner\LOCALS~1\Temp\soap0_wsdl.exe -> KILLED [TermProc] [sUSP PATH] Runservice.exe -- C:\WINDOWS\runservice.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [sUSP PATH] ctfmon.lnk @Owner : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\Owner\LOCALS~1\Temp\soap0_wsdl.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1600JB-00REA0 +++++ --- User --- [MBR] d18c8c6e0630f96cb4dcb4fbb22da097 [bSP] 54f9e6ca60d01bfcbc4d84bacce4b7b4 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 7727265 | Size: 148852 Mo 1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3773 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  4. fullhouse
    I cant access the internet. When I'm connected to the modem, i get the message that my computer is block and it covers the whole screen. All I can do at that point is turn off the PC. Can I possible download RogueKiller to a flash drive from another computer and then install it to my desktop?
  5. fullhouse
    I've got a Trojan.Ransom.Gen on my PC. I ran avast quick scan and boot scan and then Malwarebytes all three removed a virus. Everything worked fine for about a day, we could surf the net as normal. Yesterday after turning the PC back on the virus was back. I get the your computer is blocked unless you pay $200 message, only when I'm connected to the internet, if I pull the connection from my modem, then everything works fine. However, now I run avast and it doesnt find anything. I use Malwarebytes and it detects the Trojan.Ransom.Gen and I removed it. However it immediately returns. I can run a Malwarebytes quick scan and remove the trojan and then run it again and it will detect the same thing again. The file that it names is: C:\Document and Settings\Owners\Startmenu\Programs\Start up\ctfmon.lnk Any help on what I should or can do, before I go pay $95 for a tech specialist to remove it?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.