Jump to content

dmend

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by dmend

  1. dmend
    I ran the programs. Below are the reports. When the computer rebooted, the PC Live program attempted to download again. Malwarebytes: 2012/07/18 10:25:41 -0500 POWERSPEC2 MESSAGE Starting protection 2012/07/18 10:25:59 -0500 POWERSPEC2 dm MESSAGE Protection started successfully 2012/07/18 10:26:03 -0500 POWERSPEC2 dm MESSAGE Starting IP protection 2012/07/18 10:26:47 -0500 POWERSPEC2 dm MESSAGE IP Protection started successfully 2012/07/18 10:26:47 -0500 POWERSPEC2 dm MESSAGE Stopping IP protection 2012/07/18 10:26:47 -0500 POWERSPEC2 dm MESSAGE IP Protection stopped 2012/07/18 10:29:27 -0500 POWERSPEC2 dm MESSAGE Starting database refresh 2012/07/18 10:29:46 -0500 POWERSPEC2 dm MESSAGE Database refreshed successfully 2012/07/18 13:12:57 -0500 POWERSPEC2 MESSAGE Starting protection 2012/07/18 13:13:18 -0500 POWERSPEC2 dm MESSAGE Protection started successfully 2012/07/18 13:13:21 -0500 POWERSPEC2 dm MESSAGE Starting IP protection 2012/07/18 13:13:52 -0500 POWERSPEC2 dm MESSAGE IP Protection started successfully 2012/07/18 13:13:52 -0500 POWERSPEC2 dm MESSAGE Stopping IP protection 2012/07/18 13:13:52 -0500 POWERSPEC2 dm MESSAGE IP Protection stopped Adwcleaner: # AdwCleaner v2.002 - Logfile created 09/17/2012 at 18:27:42 # Updated 16/09/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : dm - POWERSPEC2 # Boot Mode : Normal # Running from : C:\Documents and Settings\dm\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\user.js Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\wecarereminder Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\Software\Funmoods Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (en-GB) Profile name : default File : C:\Documents and Settings\dm\Application Data\Mozilla\Firefox\Profiles\7dx5m19g.default\prefs.js Found : user_pref("extensions.funmoods_i.aflt", "adknlg"); Found : user_pref("extensions.funmoods_i.dfltLng", ""); Found : user_pref("extensions.funmoods_i.excTlbr", false); Found : user_pref("extensions.funmoods_i.id", "20d761ca00000000000000e04cc9de7b"); Found : user_pref("extensions.funmoods_i.instlDay", "15451"); Found : user_pref("extensions.funmoods_i.instlRef", ""); Found : user_pref("extensions.funmoods_i.newTab", false); Found : user_pref("extensions.funmoods_i.prdct", "funmoods"); Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods"); Found : user_pref("extensions.funmoods_i.smplGrp", "none"); Found : user_pref("extensions.funmoods_i.tlbrId", "base"); Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q[...] Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16"); Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.168:50:37"); Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16"); -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\dm\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v11.60.1185.0 File : C:\Documents and Settings\dm\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [4465 octets] - [17/09/2012 18:27:42] ########## EOF - C:\AdwCleaner[R1].txt - [4525 octets] ########## ASWMBR: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-17 18:33:24 ----------------------------- 18:33:24.972 OS Version: Windows 5.1.2600 Service Pack 3 18:33:24.972 Number of processors: 1 586 0x209 18:33:24.972 ComputerName: POWERSPEC2 UserName: dm 18:33:32.953 Initialize success 18:34:16.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 18:34:16.245 Disk 0 Vendor: WDC_WD400EB-00JEF0 13.03G13 Size: 38166MB BusType: 3 18:34:16.245 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c 18:34:16.245 Disk 1 Vendor: HDS728040PLAT20 PF1OA21B Size: 32253MB BusType: 3 18:34:16.255 Disk 0 MBR read successfully 18:34:16.255 Disk 0 MBR scan 18:34:16.255 Disk 0 Windows XP default MBR code 18:34:16.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63 18:34:16.265 Disk 0 scanning sectors +78140160 18:34:16.336 Disk 0 scanning C:\WINDOWS\system32\drivers 18:34:23.936 Service scanning 18:34:38.718 Modules scanning 18:34:48.362 Disk 0 trace - called modules: 18:34:48.372 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS 18:34:48.392 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5daab8] 18:34:48.392 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005b[0x8a5fb0a0] 18:34:48.392 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a624d98] 18:34:48.392 Scan finished successfully 18:35:20.598 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dm\My Documents\MBR.dat" 18:35:20.598 The log file has been saved successfully to "C:\Documents and Settings\dm\My Documents\aswMBR.txt" DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1 Run by dm at 18:35:57 on 2012-09-17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1445 [GMT -5:00] . FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Conext\Conext Shutdown Manager\mainserv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Conext\Conext Shutdown Manager\conexttray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conext~1.lnk - c:\program files\conext\conext shutdown manager\Display.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{1F6ED7F0-8C8E-4A14-B874-190D71475997} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Notify: SDWinLogon - SDWinLogon.dll AppInit_DLLs: c:\windows\system32\guard32.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dm\application data\mozilla\firefox\profiles\7dx5m19g.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q= FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-12-23 101720] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1983232] R2 Conext UPS Service;Conext UPS Service;c:\program files\conext\conext shutdown manager\mainserv.exe [2012-2-28 143482] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-17 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-12 676936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-12 22856] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120] S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-4-23 1181104] S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-4-23 1185704] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-17 13:52:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-17 13:52:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-17 13:52:04 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-07-12 03:57:46 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-28 21:33:05 667136 ----a-w- c:\windows\system32\wininet.dll 2012-06-28 21:33:05 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-06-28 21:33:04 81920 ------w- c:\windows\system32\ieencode.dll 2012-06-28 12:46:29 369664 ------w- c:\windows\system32\html.iec 2010-05-25 23:54:52 10455896 ----a-w- c:\program files\setup.exe . ============= FINISH: 18:37:45.60 =============== Thank you.
  2. dmend
    Hello, LivePC Support Manager Update Manager is trying to download to my PC. I cancel it and it stops, but retries with each boot-up. I can provide a screen shot of that if you like. Thank you, dmend Below are the dds.text and attach.text log files for your review. dds.tex: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1 Run by dm at 8:16:15 on 2012-09-15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1548 [GMT -5:00] . FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Conext\Conext Shutdown Manager\mainserv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Conext\Conext Shutdown Manager\conexttray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conext~1.lnk - c:\program files\conext\conext shutdown manager\Display.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{1F6ED7F0-8C8E-4A14-B874-190D71475997} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Notify: SDWinLogon - SDWinLogon.dll AppInit_DLLs: c:\windows\system32\guard32.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dm\application data\mozilla\firefox\profiles\7dx5m19g.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q= FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q= FF - user.js: extensions.funmoods_i.id - 20d761ca00000000000000e04cc9de7b FF - user.js: extensions.funmoods_i.instlDay - 15451 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.168:50:37 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - adknlg FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-12-23 101720] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1983232] R2 Conext UPS Service;Conext UPS Service;c:\program files\conext\conext shutdown manager\mainserv.exe [2012-2-28 143482] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-12 22344] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120] S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-4-23 1181104] S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-4-23 1185704] S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-12 655944] . =============== Created Last 30 ================ . 2012-08-17 13:52:04 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-08-17 12:37:42 -------- d-----w- c:\program files\CCleaner 2012-08-17 12:21:41 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-08-17 12:21:41 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-17 12:13:36 -------- d-----w- C:\sh4ldr 2012-08-17 09:20:05 -------- d-----w- c:\documents and settings\dm\local settings\application data\Identities 2012-08-17 09:18:01 -------- d-----w- c:\windows\system32\GroupPolicy 2012-08-17 09:18:01 -------- d-----w- c:\program files\Windows Desktop Search 2012-08-17 03:36:43 -------- d-----w- c:\documents and settings\all users\application data\Rising 2012-08-17 03:36:21 -------- d-----w- c:\program files\Rising 2012-08-17 00:13:58 -------- d-----w- c:\program files\PC Tools(2) 2012-08-17 00:10:36 -------- d-----w- c:\program files\common files\PC Tools 2012-08-17 00:09:37 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2012-08-17 00:09:36 -------- d-----w- c:\documents and settings\dm\application data\TestApp 2012-08-16 16:45:07 -------- d-----w- c:\program files\VS Revo Group . ==================== Find3M ==================== . 2012-08-17 13:52:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-17 13:52:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 03:57:46 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-28 21:33:05 667136 ----a-w- c:\windows\system32\wininet.dll 2012-06-28 21:33:05 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-06-28 21:33:04 81920 ------w- c:\windows\system32\ieencode.dll 2012-06-28 12:46:29 369664 ------w- c:\windows\system32\html.iec 2010-05-25 23:54:52 10455896 ----a-w- c:\program files\setup.exe . ============= FINISH: 8:18:31.08 =============== Attach.tex: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/21/2011 9:18:21 PM System Uptime: 9/15/2012 8:08:33 AM (0 hours ago) . Motherboard: | | P4M266A-8235 Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2587/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 37 GiB total, 6.418 GiB free. D: is CDROM () E: is FIXED (FAT32) - 38 GiB total, 31.257 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_32041565&REV_82\3&13C0B0C5&0&83 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_32041565&REV_82\3&13C0B0C5&0&83 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Audio Controller Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_F6141565&REV_50\3&13C0B0C5&0&8D Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_F6141565&REV_50\3&13C0B0C5&0&8D Service: . ==== System Restore Points =================== . RP188: 8/17/2012 7:36:57 AM - System Checkpoint RP189: 8/17/2012 12:37:08 PM - Software Distribution Service 3.0 RP190: 8/20/2012 6:21:49 PM - System Checkpoint RP191: 8/21/2012 6:58:14 PM - System Checkpoint RP192: 9/1/2012 3:13:37 PM - System Checkpoint . ==== Installed Programs ====================== . Ad-Aware Security Toolbar Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Apple Application Support Apple Software Update Belarc Advisor 8.2 CCleaner Comodo Dragon COMODO GeekBuddy COMODO Internet Security Conext Shutdown Manager EVGA Display Driver GIMP 2.6.12-2 Google Chrome Google Earth Plug-in Google Update Helper Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB981793) Inkscape 0.48.2 Java Auto Updater Java 6 Update 22 Java 6 Update 31 Java 7 Update 5 JavaFX 2.1.1 MailWasher Pro Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Office XP Professional Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mihov Image Resizer 1.2 (remove only) Mozilla Firefox 14.0.1 (x86 en-GB) Mozilla Maintenance Service OpenOffice.org 3.3 Opera 11.60 PCI Audio Driver QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Security Update for Microsoft Windows (KB2564958) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2124261) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2290570) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2699988) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2722913) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975254) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976323) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Spybot - Search & Destroy Spybot - Search & Destroy 2 Update for Windows XP (KB2345886) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 ZipWiz 2005 by Synaptek Software . ==== Event Viewer Messages From Past Week ======== . 9/8/2012 10:55:38 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00E04CC9DE7B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
  3. dmend
    Hello everyone, This is my first post on your forum. On my desktop PC I picked-up that PC Live infection. However, I don't think it has been able to become active on the PC. Everytime I boot-up, PC Live comes on screen and starts to down load its program. I've always been able to cancel it and it stops down loading. I have no other PC Live symptoms on the PC. I've searched for the various files that on-line sites say are created by PC Live and can't find any (that could be my ineptness, though). I've used Malwarebytes (free) and other programs but can't pick up the file that starts the downloads. Is my only option to let PC Live download and become active on the PC, then start removal procedures? Thank you for your comments. Dmend
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.