frogpants
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by frogpants
-
-
I deleted AdwCleaner and went to download it again but is something up with the Terms of Service? It says it's the English version but the I Accept and I Refuse buttons are in French. ?? They weren't like that when I downloaded it the first time.
-
Thanks for the info about Chrome.I downloaded and ran AdAware. It came up with no infected files or whatever and didn't create a log. I searched for AdwCleaner[R0].txt and the other one but nothing. Should I run it again? I probably clicked on the wrong thing. I've been at this all day and I'm tired.You guys are freakin life savers. I'm gonna get off here for awhile and maybe even feed my family then I'll be backMalwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.03.15.04Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702THE Administrator :: DESKTOP [administrator]3/15/2014 4:10:47 PMMBAM-log-2014-03-15 (16-18-07)post.txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 403619Time elapsed: 5 minute(s), 50 second(s)Memory Processes Detected: 1C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> 3880 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Search Protection (PUP.Optional.SearchProtection.A) -> Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> No action taken.(end)
-
Ok, will do.
Here's Combofix's log. I discovered with this one that saving to and running from the desktop is different than sending a shortcut to the desktop. I use Chrome and I don't know how to do it so I used IE for this one. I hope I didn't mess the other scans up. If this even makes sense.
ComboFix 14-03-13.01 - THE Administrator 03/15/2014 13:33:31.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2395 [GMT -5:00]Running from: c:\documents and settings\THE Administrator\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Admin\Application Data\Toolbar4c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\cache\7ada0fe3c0c81a1cea0a3ab5fa188623c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football News.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Rumors.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Scores.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Tickets.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Videos.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Joobers_20pxH.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Live Football TV.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Apparel.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Jersey.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Picks.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Players.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Predictions.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Schedule.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Search.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Settings.pngc:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Watch Live Football.pngc:\documents and settings\Administrator.KREIZENB-46F189\Application Data\Roamingc:\documents and settings\Administrator.KREIZENB-46F189\Application Data\Toolbar4c:\documents and settings\All Users.WINDOWS\Application Data\AMMYYc:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\hrc:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\settings.binc:\documents and settings\All Users.WINDOWS\Application Data\l_0_00_re.padc:\documents and settings\All Users\SPLDF.tmpc:\documents and settings\THE Administrator\Application Data\Toolbar4c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\cache\7ada0fe3c0c81a1cea0a3ab5fa188623c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football News.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Rumors.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Scores.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Tickets.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Videos.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Joobers_20pxH.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Live Football TV.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Apparel.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Jersey.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Picks.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Players.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Predictions.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Schedule.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Search.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Settings.pngc:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Watch Live Football.pngc:\program files\Internet Explorer\SETAD.tmpc:\program files\Internet Explorer\SETAE.tmpc:\windows\system32\SETB5.tmpc:\windows\system32\SETB6.tmpc:\windows\system32\SETB7.tmpc:\windows\system32\SETB8.tmpc:\windows\system32\SETB9.tmpc:\windows\system32\SETBA.tmpc:\windows\system32\SETBB.tmpc:\windows\system32\SETBC.tmpc:\windows\system32\SETBD.tmpc:\windows\system32\SETBE.tmpc:\windows\system32\SETBF.tmpc:\windows\system32\SETC0.tmpc:\windows\system32\SETC1.tmpc:\windows\system32\SETC2.tmpc:\windows\system32\SETC4.tmpc:\windows\system32\SETC5.tmpc:\windows\system32\SETC6.tmpc:\windows\system32\SETC7.tmpc:\windows\system32\SETC8.tmpc:\windows\system32\SETC9.tmpc:\windows\system32\SETCA.tmpc:\windows\system32\SETCB.tmpc:\windows\system32\SETCC.tmpc:\windows\system32\SETCD.tmpc:\windows\system32\SETCE.tmpc:\windows\system32\SETCF.tmpc:\windows\system32\SETD0.tmpc:\windows\system32\SETD1.tmpc:\windows\system32\SETD2.tmpc:\windows\system32\SETD3.tmpc:\windows\system32\SETD4.tmpc:\windows\system32\SETD5.tmpc:\windows\system32\SETD6.tmpc:\windows\system32\SETD7.tmpc:\windows\system32\SETD8.tmpc:\windows\system32\SETD9.tmp..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_PCCMSERVICE-------\Service_pcCMService..((((((((((((((((((((((((( Files Created from 2014-02-15 to 2014-03-15 )))))))))))))))))))))))))))))))..2014-03-15 16:29 . 2014-03-15 16:29 -------- d-----w- c:\program files\CCleaner2014-03-14 08:19 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe2014-03-14 08:19 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe2014-03-12 17:44 . 2014-03-12 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-03-12 17:44 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-12 15:38 . 2014-03-12 15:38 -------- d-----w- c:\documents and settings\Admin2014-03-04 01:30 . 2014-03-04 01:30 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJEGV...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-24 11:46 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll2014-02-24 11:45 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll2014-02-24 11:45 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2014-02-24 11:45 . 2008-04-13 23:00 18944 ------w- c:\windows\system32\corpol.dll2014-02-24 10:54 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec2014-02-07 02:01 . 2008-04-13 23:00 1879040 ----a-w- c:\windows\system32\win32k.sys2014-02-05 17:04 . 2013-03-28 03:32 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys2014-02-05 08:55 . 2008-04-13 23:00 562688 ----a-w- c:\windows\system32\qedit.dll2014-02-02 17:03 . 2013-03-28 03:32 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-02-02 17:03 . 2011-06-27 00:46 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-02-02 17:03 . 2010-12-08 23:52 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys2014-02-02 17:03 . 2010-12-08 23:52 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys2014-02-02 17:03 . 2013-03-28 03:32 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-02-02 17:03 . 2011-01-19 02:25 43152 ----a-w- c:\windows\avastSS.scr2014-02-02 17:03 . 2010-12-08 23:52 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys2014-02-02 17:03 . 2010-12-08 23:51 270240 ----a-w- c:\windows\system32\aswBoot.exe2014-01-04 03:13 . 2008-04-13 23:00 420864 ------w- c:\windows\system32\vbscript.dll2013-12-18 17:31 . 2012-06-30 18:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-12-18 17:31 . 2012-06-30 18:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2003-03-19 02:20 . 2014-01-10 04:41 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll2003-02-21 09:42 . 2014-01-10 04:41 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-02-02 17:03 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-02-20 4505368].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-02-02 3767096].c:\documents and settings\Kreizenbeck\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\documents and settings\THE Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 277920].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\WINDOWS\\system32\\dlcxcoms.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"135:TCP"= 135:TCP:TCP Port 135"5000:TCP"= 5000:TCP:TCP Port 5000"5001:TCP"= 5001:TCP:TCP Port 5001"5002:TCP"= 5002:TCP:TCP Port 5002"5003:TCP"= 5003:TCP:TCP Port 5003"5004:TCP"= 5004:TCP:TCP Port 5004"5005:TCP"= 5005:TCP:TCP Port 5005"5006:TCP"= 5006:TCP:TCP Port 5006"5007:TCP"= 5007:TCP:TCP Port 5007"5008:TCP"= 5008:TCP:TCP Port 5008"5009:TCP"= 5009:TCP:TCP Port 5009"5010:TCP"= 5010:TCP:TCP Port 5010"5011:TCP"= 5011:TCP:TCP Port 5011"5012:TCP"= 5012:TCP:TCP Port 5012"5013:TCP"= 5013:TCP:TCP Port 5013"5014:TCP"= 5014:TCP:TCP Port 5014"5015:TCP"= 5015:TCP:TCP Port 5015"5016:TCP"= 5016:TCP:TCP Port 5016"5017:TCP"= 5017:TCP:TCP Port 5017"5018:TCP"= 5018:TCP:TCP Port 5018"5019:TCP"= 5019:TCP:TCP Port 5019"5020:TCP"= 5020:TCP:TCP Port 5020"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009.R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/27/2013 10:32 PM 21576]R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/27/2013 10:32 PM 49944]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/27/2013 10:32 PM 180248]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/26/2011 7:46 PM 775952]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2010 6:52 PM 410784]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3/27/2013 10:32 PM 67824]R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [8/22/2011 10:16 PM 104880]S0 cerc6;cerc6; [x]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [1/15/2014 7:39 PM 235696].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 16:47 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 17:31].2014-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57].2014-03-15 c:\windows\Tasks\avast! Emergency Update.job- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-03-28 17:03].2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf2cc85af9d4fc.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 23:52].2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2cc85bc21a84.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 23:52].2014-03-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job- c:\windows\system32\xp_eos.exe [2014-03-14 01:59].2014-03-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]..------- Supplementary Scan -------.uStart Page = www.bing.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: $talisma_url$TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\THE Administrator\Application Data\Mozilla\Firefox\Profiles\3g0cs3i8.default\FF - prefs.js: browser.search.selectedEngine - SecureSearchFF - prefs.js: browser.startup.homepage - www.google.com.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{618413C5-0C8D-4D0F-9600-7CED876FA3DF} - (no file)HKCU-Run-ATT-SST - c:\program files\ATT-SST\pcBrowser.exec:\documents and settings\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrunSafeBoot-75627731.sysAddRemove-EpicPlay - c:\program files\EpicPlay\epicRemoval.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-03-15 13:44Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ....scanning hidden autostart entries ....HKLM\Software\Microsoft\Windows\CurrentVersion\RunDLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.scanning hidden files ....scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,7b,f3,c8,86,91,9a,4c,8a,71,fd,\"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,7b,f3,c8,86,91,9a,4c,8a,71,fd,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(928)c:\windows\system32\WININET.dllc:\progra~1\mcafee\SITEAD~1\saHook.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\program files\Alwil Software\Avast5\AvastSvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\dlcxcoms.exec:\program files\Canon\IJPLM\IJPLMSVC.EXEc:\program files\Java\jre7\bin\jqs.exec:\windows\system32\wdfmgr.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\rundll32.exec:\windows\system32\wscntfy.exec:\windows\system32\igfxsrvc.exec:\windows\RTHDCPL.EXEc:\program files\iPod\bin\iPodService.exec:\windows\system32\wbem\unsecapp.exec:\program files\Microsoft Office\Office12\ONENOTEM.EXE.**************************************************************************.Completion time: 2014-03-15 13:47:42 - machine was rebootedComboFix-quarantined-files.txt 2014-03-15 18:47.Pre-Run: 279,332,569,088 bytes freePost-Run: 279,864,668,160 bytes free.- - End Of File - - B8249419385BDC54D753F25DB73EBA2F8F558EB6672622401DA993E1E865C861 -
Ugh, I hope I'm not repeating this. I didn't get this window to attach and had to go out and come back in. Ok here are the logs....
11:43:52.0953 0x0ce0 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:0211:44:24.0968 0x0ce0 ============================================================11:44:24.0968 0x0ce0 Current date / time: 2014/03/15 11:44:24.096811:44:24.0968 0x0ce0 SystemInfo:11:44:24.0968 0x0ce011:44:24.0968 0x0ce0 OS Version: 5.1.2600 ServicePack: 3.011:44:24.0968 0x0ce0 Product type: Workstation11:44:24.0968 0x0ce0 ComputerName: DESKTOP11:44:24.0968 0x0ce0 UserName: THE Administrator11:44:24.0968 0x0ce0 Windows directory: C:\WINDOWS11:44:24.0968 0x0ce0 System windows directory: C:\WINDOWS11:44:24.0968 0x0ce0 Processor architecture: Intel x8611:44:24.0968 0x0ce0 Number of processors: 211:44:24.0968 0x0ce0 Page size: 0x100011:44:24.0968 0x0ce0 Boot type: Normal boot11:44:24.0968 0x0ce0 ============================================================11:44:27.0656 0x0ce0 KLMD registered as C:\WINDOWS\system32\drivers\51986175.sys11:44:27.0953 0x0ce0 System UUID: {54B00AF1-4765-2A95-C834-42642E288F07}11:44:28.0453 0x0ce0 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:44:28.0453 0x0ce0 ============================================================11:44:28.0453 0x0ce0 \Device\Harddisk0\DR0:11:44:28.0453 0x0ce0 MBR partitions:11:44:28.0453 0x0ce0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x240922A811:44:28.0453 0x0ce0 ============================================================11:44:28.0500 0x0ce0 C: <-> \Device\Harddisk0\DR0\Partition111:44:28.0500 0x0ce0 ============================================================11:44:28.0500 0x0ce0 Initialize success11:44:28.0500 0x0ce0 ============================================================11:46:11.0187 0x0c8c Deinitialize success11:46:27.0578 0x0ce0 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:0211:46:31.0781 0x0ce0 ============================================================11:46:31.0781 0x0ce0 Current date / time: 2014/03/15 11:46:31.078111:46:31.0781 0x0ce0 SystemInfo:11:46:31.0781 0x0ce011:46:31.0781 0x0ce0 OS Version: 5.1.2600 ServicePack: 3.011:46:31.0781 0x0ce0 Product type: Workstation11:46:31.0781 0x0ce0 ComputerName: DESKTOP11:46:31.0781 0x0ce0 UserName: THE Administrator11:46:31.0781 0x0ce0 Windows directory: C:\WINDOWS11:46:31.0781 0x0ce0 System windows directory: C:\WINDOWS11:46:31.0781 0x0ce0 Processor architecture: Intel x8611:46:31.0781 0x0ce0 Number of processors: 211:46:31.0781 0x0ce0 Page size: 0x100011:46:31.0781 0x0ce0 Boot type: Normal boot11:46:31.0781 0x0ce0 ============================================================11:46:35.0140 0x0ce0 KLMD registered as C:\WINDOWS\system32\drivers\16497572.sys11:46:35.0375 0x0ce0 System UUID: {54B00AF1-4765-2A95-C834-42642E288F07}11:46:35.0921 0x0ce0 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:46:35.0921 0x0ce0 ============================================================11:46:35.0921 0x0ce0 \Device\Harddisk0\DR0:11:46:35.0921 0x0ce0 MBR partitions:11:46:35.0921 0x0ce0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x240922A811:46:35.0921 0x0ce0 ============================================================11:46:35.0953 0x0ce0 C: <-> \Device\Harddisk0\DR0\Partition111:46:35.0953 0x0ce0 ============================================================11:46:35.0953 0x0ce0 Initialize success11:46:35.0953 0x0ce0 ============================================================12:02:12.0703 0x0d04 KLMD registered as C:\WINDOWS\system32\drivers\31147184.sys12:02:14.0265 0x0d04 Deinitialize success -
Hi, I guess you posted this last night but I didn't get an email. i did the first time. Did I accidentally unclick something in here??
-
Hopefully I did all that right. Also, I don't know if it matters but that one file I found, pccmservice.exe, I had stopped it in Services. Anyway thanks again
-
RogueKiller V8.8.11 [Mar 14 2014] by Adlice SoftwareFeedback : http://forum.adlice.comBlog : http://www.adlice.comOperating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : THE Administrator [Admin rights]Mode : Scan -- Date : 03/14/2014 19:00:40| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3320613AS +++++--- User ---[MBR] 05edda639f6e72a3e039701199aff3f5[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 295204 Mo2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 604670535 | Size: 9993 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_03142014_190040.txt >>
-
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 12/7/2010 5:20:26 PMSystem Uptime: 3/14/2014 3:16:40 AM (15 hours ago).Motherboard: Dell Inc. | | 0U880PProcessor: Intel Pentium III Xeon processor | CPU 1 | 2493/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 257.95 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP653: 12/15/2013 5:35:48 AM - System CheckpointRP654: 12/16/2013 6:35:48 AM - System CheckpointRP655: 12/17/2013 7:35:48 AM - System CheckpointRP656: 12/18/2013 8:35:49 AM - System CheckpointRP657: 12/19/2013 3:00:14 AM - Software Distribution Service 3.0RP658: 12/20/2013 3:35:48 AM - System CheckpointRP659: 12/21/2013 4:35:40 AM - System CheckpointRP660: 12/22/2013 5:35:40 AM - System CheckpointRP661: 12/23/2013 6:35:40 AM - System CheckpointRP662: 12/24/2013 7:35:40 AM - System CheckpointRP663: 12/25/2013 8:35:40 AM - System CheckpointRP664: 12/26/2013 9:35:40 AM - System CheckpointRP665: 12/27/2013 10:35:40 AM - System CheckpointRP666: 12/28/2013 11:35:40 AM - System CheckpointRP667: 12/29/2013 12:35:06 PM - System CheckpointRP668: 12/30/2013 12:35:40 PM - System CheckpointRP669: 12/31/2013 1:42:30 PM - System CheckpointRP670: 1/1/2014 2:35:30 PM - System CheckpointRP671: 1/2/2014 3:35:30 PM - System CheckpointRP672: 1/3/2014 4:35:30 PM - System CheckpointRP673: 1/4/2014 5:35:30 PM - System CheckpointRP674: 1/5/2014 6:35:30 PM - System CheckpointRP675: 1/6/2014 7:35:30 PM - System CheckpointRP676: 1/7/2014 8:35:24 PM - System CheckpointRP677: 1/8/2014 9:35:24 PM - System CheckpointRP678: 1/9/2014 10:35:27 PM - System CheckpointRP679: 1/10/2014 11:35:30 PM - System CheckpointRP680: 1/12/2014 12:35:26 AM - System CheckpointRP681: 1/13/2014 1:35:26 AM - System CheckpointRP682: 1/14/2014 2:35:26 AM - System CheckpointRP683: 1/15/2014 3:35:26 AM - System CheckpointRP684: 1/16/2014 3:00:19 AM - Software Distribution Service 3.0RP685: 1/17/2014 3:19:31 AM - System CheckpointRP686: 1/18/2014 4:18:19 AM - System CheckpointRP687: 1/19/2014 5:18:19 AM - System CheckpointRP688: 1/20/2014 6:18:19 AM - System CheckpointRP689: 1/21/2014 7:18:19 AM - System CheckpointRP690: 1/22/2014 8:18:19 AM - System CheckpointRP691: 1/23/2014 9:17:24 AM - System CheckpointRP692: 1/24/2014 10:17:24 AM - System CheckpointRP693: 1/25/2014 11:17:24 AM - System CheckpointRP694: 1/26/2014 12:17:24 PM - System CheckpointRP695: 1/27/2014 1:30:15 PM - System CheckpointRP696: 1/28/2014 6:38:44 PM - System CheckpointRP697: 1/29/2014 7:17:18 PM - System CheckpointRP698: 1/30/2014 7:43:42 PM - System CheckpointRP699: 1/31/2014 2:03:21 PM - Installed Windows XP KB942288-v3.RP700: 1/31/2014 2:03:49 PM - AA11RP701: 2/1/2014 2:29:18 PM - System CheckpointRP702: 2/2/2014 10:59:14 AM - avast! antivirus system restore pointRP703: 2/2/2014 12:30:40 PM - Removed ABBYY FineReader 6.0 SprintRP704: 2/2/2014 12:31:12 PM - AA11RP705: 2/3/2014 12:46:59 PM - System CheckpointRP706: 2/4/2014 1:11:25 PM - System CheckpointRP707: 2/5/2014 2:43:32 PM - System CheckpointRP708: 2/6/2014 3:24:49 PM - System CheckpointRP709: 2/7/2014 4:11:22 PM - System CheckpointRP710: 2/8/2014 7:39:09 PM - System CheckpointRP711: 2/9/2014 8:11:20 PM - System CheckpointRP712: 2/10/2014 8:30:29 PM - System CheckpointRP713: 2/11/2014 9:11:22 PM - System CheckpointRP714: 2/12/2014 10:11:13 PM - System CheckpointRP715: 2/13/2014 3:00:23 AM - Software Distribution Service 3.0RP716: 2/14/2014 3:41:57 AM - System CheckpointRP717: 2/15/2014 4:34:26 AM - System CheckpointRP718: 2/16/2014 5:46:26 AM - System CheckpointRP719: 2/17/2014 6:34:27 AM - System CheckpointRP720: 2/18/2014 6:46:27 AM - System CheckpointRP721: 2/19/2014 7:46:27 AM - System CheckpointRP722: 2/20/2014 8:33:58 AM - System CheckpointRP723: 2/21/2014 9:45:58 AM - System CheckpointRP724: 2/22/2014 10:33:58 AM - System CheckpointRP725: 2/23/2014 11:33:58 AM - System CheckpointRP726: 2/24/2014 1:51:43 PM - System CheckpointRP727: 2/25/2014 3:31:35 PM - System CheckpointRP728: 2/26/2014 3:57:50 PM - System CheckpointRP729: 2/27/2014 4:33:53 PM - System CheckpointRP730: 2/28/2014 4:45:53 PM - System CheckpointRP731: 3/1/2014 5:45:53 PM - System CheckpointRP732: 3/2/2014 6:33:53 PM - System CheckpointRP733: 3/3/2014 6:45:53 PM - System CheckpointRP734: 3/4/2014 7:45:53 PM - System CheckpointRP735: 3/5/2014 7:59:11 PM - System CheckpointRP736: 3/6/2014 8:45:47 PM - System CheckpointRP737: 3/7/2014 9:57:13 PM - System CheckpointRP738: 3/8/2014 11:45:47 PM - System CheckpointRP739: 3/10/2014 12:45:46 AM - System CheckpointRP740: 3/11/2014 1:33:49 AM - System CheckpointRP741: 3/12/2014 2:33:46 AM - System CheckpointRP742: 3/13/2014 3:00:19 AM - System CheckpointRP743: 3/14/2014 3:00:15 AM - Software Distribution Service 3.0.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.9)Apple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusBonjourCanon Easy-PhotoPrint EXCanon Easy-WebPrint EXCanon Inkjet Printer/Scanner/Fax Extended Survey ProgramCanon MP Navigator EX 4.0Canon MP495 series MP DriversCanon MP495 series User RegistrationCanon My PrinterCanon Solution Menu EXDell PC FaxDell Photo AIO Printer 926Dell Resource CDEpicPlayGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB942288-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)IBM Forms Viewer 4.0.0Intel® Graphics Media Accelerator DriveriTunesJava 7 Update 25Java Auto UpdaterJava 6 Update 26Malwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMcAfee SiteAdvisorMicrosoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Software Update for Web Folders (English) 12Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetAssistantQuickTimeREALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817641) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2837615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2837617) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB2862772)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB2879017)Security Update for Windows Internet Explorer 8 (KB2888505)Security Update for Windows Internet Explorer 8 (KB2898785)Security Update for Windows Internet Explorer 8 (KB2909210)Security Update for Windows Internet Explorer 8 (KB2909921)Security Update for Windows Internet Explorer 8 (KB2925418)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834902-v2)Security Update for Windows Media Player (KB2834902)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360131)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2416400)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2847311)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2862152)Security Update for Windows XP (KB2862330)Security Update for Windows XP (KB2862335)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2868626)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB2876331)Security Update for Windows XP (KB2883150)Security Update for Windows XP (KB2892075)Security Update for Windows XP (KB2893294)Security Update for Windows XP (KB2893984)Security Update for Windows XP (KB2898715)Security Update for Windows XP (KB2900986)Security Update for Windows XP (KB2914368)Security Update for Windows XP (KB2916036)Security Update for Windows XP (KB2929961)Security Update for Windows XP (KB2930275)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)SUPERAntiSpywareUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Windows Internet Explorer 8 (KB2447568)Update for Windows Internet Explorer 8 (KB976662)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)Update for Windows XP (KB2904266)Update for Windows XP (KB898461)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VLC media player 0.9.2WebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Internet Explorer 8Windows Media Format RuntimeYahoo! Install ManagerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.3/14/2014 3:18:22 AM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).3/13/2014 10:56:56 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.3/12/2014 12:15:54 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/12/2014 11:56:35 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/12/2014 11:10:18 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/12/2014 10:52:45 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 3 time(s).3/12/2014 10:52:30 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/12/2014 10:45:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/12/2014 10:42:12 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/12/2014 10:39:52 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/12/2014 10:39:30 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s).3/11/2014 2:24:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/10/2014 2:40:27 PM, error: Service Control Manager [7034] - The pcCMService service terminated unexpectedly. It has done this 1 time(s).3/10/2014 1:27:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.3/10/2014 1:04:14 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File ===========================
-
DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2Run by THE Administrator at 18:37:31 on 2014-03-14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2070 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus *Disabled*.============== Running Processes ================.C:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\dlcxcoms.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre7\bin\jqs.exec:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\McAfee\SiteAdvisor\McChHost.exec:\PROGRA~1\mcafee\SITEAD~1\saui.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = www.bing.comuWindow Title = Windows Internet Explorer provided by MSN & BinguSearch Bar = www.bing.comuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - c:\program files\ibm\lotus forms\viewer\4.0\PEhelper.dllBHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dllBHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MemoryCardManager] c:\program files\dell photo aio printer 926\memcard.exemRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -kmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /smRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logonmRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /noguiStartupFolder: c:\docume~1\theadm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTrusted Zone: $talisma_url$DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllNotify: igfxcui - igfxdev.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\the administrator\application data\mozilla\firefox\profiles\3g0cs3i8.default\FF - prefs.js: browser.search.selectedEngine - SecureSearchFF - prefs.js: browser.startup.homepage - www.google.comFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLLFF - plugin: c:\program files\common files\motive\npMotive.dllFF - plugin: c:\program files\epicplay\npEpicHost.dllFF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dllFF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npptools.dll.============= SERVICES / DRIVERS ===============.R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-27 21576]R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49944]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 180248]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-26 775952]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-8 410784]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-27 67824]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-31 50344]R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-22 104880]S0 cerc6;cerc6; [x]S2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-4-27 369152]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696].=============== Created Last 30 ================.2014-03-12 17:44:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-12 17:44:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-03-04 01:30:31 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJEGV.==================== Find3M ====================.2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll2014-02-24 11:45:58 43520 ------w- c:\windows\system32\licmgr10.dll2014-02-24 11:45:57 1469440 ------w- c:\windows\system32\inetcpl.cpl2014-02-24 11:45:42 18944 ------w- c:\windows\system32\corpol.dll2014-02-24 10:54:21 385024 ------w- c:\windows\system32\html.iec2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys2014-02-05 17:04:00 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll2014-02-02 17:03:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-02-02 17:03:41 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-02-02 17:03:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-02-02 17:03:40 43152 ----a-w- c:\windows\avastSS.scr2014-01-04 03:13:05 420864 ------w- c:\windows\system32\vbscript.dll2013-12-18 17:31:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-12-18 17:31:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl.============= FINISH: 18:38:06.39 ===============
-
Hi, thanks so much for the response! Hopefully this is what you meant...
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.03.14.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702THE Administrator :: DESKTOP [administrator]3/14/2014 3:36:57 PMmbam-log-2014-03-14 (15-36-57).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 407071Time elapsed: 9 minute(s), 14 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) -
I could barely access this forum for a few minutes and now I'm fine again. I had an issue with paypal and they said my account had been accessed all over the world and to change my password using my iphone. I'm on my desktop and it's the only pc I used to access my paypal.
I've run Malwarebytes a few times now, it removed around 20 pups. I guess that's what you call them. Anyway now it says I'm clean but I'm still intermittently super sluggish... like it slows down so much it's unusable.
I looked thru my task manager and the only thing I could come up with is pccmservice.exe. I guess it's a bug and hitched a ride on motive??
Our internet sucks and I was half joking that maybe somebody was jacking it so I tried to change the password but I can't. I type in the address and get nothing. Chrome and IE.
We went to buy new AV software yesterday but which of them even works well?? We've got avast on here but I'm not sure it's doing much.
I downloaded and ran the dds.scr but wasn't sure if I was supposed to post it here. I tried clicking on other threads to see if others are but they wouldn't load. They might now... *this* page finally loaded.
Anyway I've got work I need to get done online and this has taken out two days so far. I'm so thankful that I found you guys. I have no idea what's safe to download online anymore and AV software feels like a crapshoot.
Super sluggish, can't access router
in Resolved Malware Removal Logs
Posted
I'm not sure about some of these files. I just looked back over what you said to do and I forgot to reboot into safe mode. It seemed to run just fine this time. Should I redo it in safe mode? Also, I don't remember deleting that file from MB but it's not showing up now? Unless that's one of the ones that showed up in the AdwCleaner log.