Jump to content

Search the Community

Showing results for tags 'Trojan.MulDrop1'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. May the Elders of the Internet shine down upon you for your wonderful service! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Sue Bufkin at 12:48:47 on 2012-09-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2339 [GMT -7:00] . AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\svchost.exe -k LocalService c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\SFT\GuardedID\gidd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\ALCFDRTM.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3014000 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Constant Guard Protection Suite: {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\documents and settings\all users\application data\white sky, inc\id vault\iebho1.12.829.1\NativeBHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: adp.com DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1313294508265 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5C36588F-7B1E-438C-8B8D-F82762DBC115} : DhcpNameServer = 192.168.0.1 Notify: GIDLogonXP - GIDLogonXP.dll mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-17 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-17 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120919.001\BHDrvx86.sys [2012-9-22 995488] R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-11-25 25232] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-17 136312] R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-13 136176] R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-8-30 62064] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-17 130008] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-8-13 1756384] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120928.001\IDSXpx86.sys [2012-9-29 373728] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-8-13 57440] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-30 40776] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120929.018\NAVENG.SYS [2012-9-29 92704] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120929.018\NAVEX15.SYS [2012-9-29 1601184] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656] R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2004-1-12 1252474] RUnknown DwProt;DwProt; [x] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250288] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-13 136176] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\tp-link wireless configuration utility\wps\jswpsapi.exe [2011-8-13 360529] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-13 114144] S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2012-1-14 24880] . =============== Created Last 30 ================ . 2012-09-30 19:27:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-30 18:58:02 -------- d-----w- c:\documents and settings\sue bufkin\DoctorWeb 2012-09-30 18:47:01 -------- d-----w- c:\documents and settings\sue bufkin\application data\Malwarebytes 2012-09-30 18:43:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-09-30 18:43:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-30 18:43:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-30 18:24:32 -------- d-----w- c:\documents and settings\sue bufkin\application data\Tific 2012-09-30 16:31:26 -------- d-----w- c:\documents and settings\sue bufkin\application data\Auslogics 2012-09-30 16:30:28 -------- d-----w- c:\program files\Auslogics 2012-09-30 06:17:13 -------- d-----w- c:\documents and settings\sue bufkin\local settings\application data\Identities 2012-09-28 04:03:17 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-09-17 03:49:24 -------- d-----w- c:\program files\GUM12.tmp 2012-09-11 04:44:16 -------- d-----w- c:\documents and settings\sue bufkin\local settings\application data\White_Sky,_Inc . ==================== Find3M ==================== . 2012-09-22 17:16:42 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-22 17:16:42 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2000-06-08 14:12:30 463872 ----a-w- c:\program files\Convert.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A687AB8] 3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000075[0x8A61EF18] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A61CD98] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! . ============= FINISH: 12:49:08.46 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/12/2011 10:50:29 PM System Uptime: 9/30/2012 11:08:12 AM (1 hours ago) . Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R) Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2520/280mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 443.307 GiB free. D: is CDROM () E: is FIXED (NTFS) - 1397 GiB total, 1338.626 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&00F0 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&00F0 Service: RTL8023xp . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2 PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0 Service: RTL8023xp . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Device ID: ACPI\ABT2005\3&2411E6FE&0 Manufacturer: Name: PNP Device ID: ACPI\ABT2005\3&2411E6FE&0 Service: . ==== System Restore Points =================== . RP116: 7/4/2012 10:03:56 AM - System Checkpoint RP117: 7/5/2012 9:19:24 PM - System Checkpoint RP118: 7/7/2012 8:43:08 AM - System Checkpoint RP119: 7/8/2012 12:25:15 PM - System Checkpoint RP120: 7/11/2012 10:31:00 PM - Software Distribution Service 3.0 RP121: 7/14/2012 10:39:46 AM - System Checkpoint RP122: 7/15/2012 10:50:03 AM - System Checkpoint RP123: 7/17/2012 9:06:32 PM - System Checkpoint RP124: 7/20/2012 8:55:40 PM - System Checkpoint RP125: 8/5/2012 9:49:27 PM - System Checkpoint RP126: 8/7/2012 1:35:00 PM - System Checkpoint RP127: 8/8/2012 7:00:25 PM - System Checkpoint RP128: 8/11/2012 9:34:31 AM - System Checkpoint RP129: 8/17/2012 7:03:18 AM - Software Distribution Service 3.0 RP130: 8/20/2012 9:51:23 PM - System Checkpoint RP131: 8/25/2012 8:51:53 AM - System Checkpoint RP132: 8/26/2012 10:46:58 AM - System Checkpoint RP133: 9/11/2012 7:43:32 PM - System Checkpoint RP134: 9/11/2012 10:46:27 PM - Software Distribution Service 3.0 RP135: 9/14/2012 7:36:27 PM - System Checkpoint RP136: 9/15/2012 8:18:26 PM - System Checkpoint RP137: 9/16/2012 9:15:12 PM - System Checkpoint RP138: 9/17/2012 9:32:05 PM - System Checkpoint RP139: 9/22/2012 10:15:36 AM - System Checkpoint RP140: 9/22/2012 5:13:40 PM - Software Distribution Service 3.0 RP141: 9/29/2012 10:20:04 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Apple Application Support Apple Software Update Auslogics Registry Cleaner Bicycle Casino Compatibility Pack for the 2007 Office system Constant Guard Protection Suite CreataCard Plus 2 Creative WebCam NX Ultra Driver (1.01.03.0112) Google Earth Google Update Helper GuardedID High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) JMB36X Raid Configurer LightScribe 1.4.136.1 Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.65.0.1400 Mavis Beacon Teaches Typing 16 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office File Validation Add-In Microsoft Office Standard Edition 2003 Microsoft Silverlight Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 6.0 Parser (KB925673) Nero 7 Essentials Norton Security Suite NVIDIA Drivers QuickTime REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver Remote Control USB Driver RemoteComms External Disk Access Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Segoe UI TL-WN822N Driver TP-LINK Wireless Configuration Utility Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.11 WebFldrs XP Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format Runtime Windows Presentation Foundation Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 9/30/2012 8:59:32 AM, error: AR9271 [5001] - TP-LINK Wireless N Adapter : Could not allocate the resources necessary for operation. . ==== End Of File =========================== Here are the results. Norton Anti Virus stopped Rouge Killer from running the first time, had to disable it and download another copy, second time ran fine. At this point the exe files still do not run properly, I can only run programs from task manager --> file --> run. Most do not run at all, firefox still runs this way, and notepad. Thanks Again a.6 Results of screen317's Security Check version 0.99.51 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Please wait while WMIC is being installed.d i s p l a y N a m e ECHO is off. N o r t o n ECHO is off. S e c u r i t y ECHO is off. S u i t e ECHO is off. Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Auslogics Registry Cleaner Adobe Flash Player 11.4.402.278 Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 0% ````````````````````End of Log`````````````````````` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.003 - Logfile created 09/30/2012 at 19:16:47 # Updated 23/09/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Sue Bufkin - SUECOMPUTER # Boot Mode : Normal # Running from : C:\Documents and Settings\Sue Bufkin\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Sue Bufkin\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Sue Bufkin\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SmartBar Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3014000 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3014000 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Sue Bufkin\Application Data\Mozilla\Firefox\Profiles\y3xd4di1.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1793 octets] - [30/09/2012 19:16:06] AdwCleaner[R2].txt - [1853 octets] - [30/09/2012 19:16:20] AdwCleaner[s1].txt - [1971 octets] - [30/09/2012 19:16:47] ########## EOF - C:\AdwCleaner[s1].txt - [2031 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Sue Bufkin [Admin rights] Mode : Remove -- Date : 09/30/2012 21:17:20 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] ALCFDRTM.EXE -- C:\WINDOWS\ALCFDRTM.EXE -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A2D46F0) SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A1FDB80) SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89CA16D0) SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A3A52D0) SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A0F56F0) SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x8A072398) SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x8A037B88) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89DB3820) SSDT[57] : NtDebugActiveProcess @ 0x80643A1C -> HOOKED (Unknown @ 0x8A3AA598) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A37F978) SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A078DB8) SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A268980) SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A3216F8) SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A072CA8) SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A0E7760) SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x8A2566C8) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A36B948) SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A3B0C08) SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A1EE370) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A2616D0) SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8A3A7968) SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A214C70) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A2E4ED0) SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A034EB0) SSDT[240] : NtSetSystemInformation @ 0x8060FC04 -> HOOKED (Unknown @ 0x8A368A00) SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A1ECC50) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A6F32B8) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A291DB8) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A3D3120) SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A2DE350) SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A1CCF38) S_SSDT[307] : Unknown -> HOOKED (Unknown @ 0x8A2EB1F8) S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x8A266D88) S_SSDT[414] : Unknown -> HOOKED (Unknown @ 0x8A246970) S_SSDT[416] : Unknown -> HOOKED (Unknown @ 0x8A2A9998) S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x8A24F408) S_SSDT[460] : Unknown -> HOOKED (Unknown @ 0x894280A8) S_SSDT[475] : Unknown -> HOOKED (Unknown @ 0x8A03A248) S_SSDT[476] : Unknown -> HOOKED (Unknown @ 0x89D13788) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8A2D9C70) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x8A2EE3D8) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 +++++ --- User --- [MBR] 58a67bea6c8bbe5c706b92561839ea7c [bSP] 99ea167fd119c3be5ff9003914e7ea92 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.