mmogan Posted January 22, 2012 ID:519229 Share Posted January 22, 2012 I had the same problem as another forum member, so I've copied an pasted his post:Recently, I got infected with a rogue virus. The virus was the one that installs a program called, "Windows XP Anti-virus 2012" << It was something along those lines. Well after a couple of hours, I got rid of the rogue virus. But then after I restarted my computer, on the bottom right of my screen (taskbar), my computer keeps showing a notification saying that Malwarebytes has successfully blocked access to a malicious website. It says that the type is outgoing, and it always shows ip addresses. Here are the ip addresses.83.133.119.15583.133.120.18683.133.124.19583.133.124.24583.133.121.14783.133.124.19683.133.120.187It constantly shows these notifications. It has already been a couple of days.-end of other user's post-So, I read some other instructions, ran that DSS and saved the reports to my desktop. Will someone review these reports to help me fix the problem?Mike Link to post Share on other sites More sharing options...
Larusso Posted January 22, 2012 ID:519236 Share Posted January 22, 2012 my name is Daniel and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please copy/paste the DDS.txt and attach.txt in your next replyNormally, MBAM shows also the filename which tries to connect to the malicious website. If possible, please let me know. Link to post Share on other sites More sharing options...
mmogan Posted January 24, 2012 Author ID:519963 Share Posted January 24, 2012 Thanks for your help! Here is the DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Michael at 20:31:31 on 2012-01-21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.457 [GMT -5:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Mozilla Firefox\firefox.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.comuDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023uWindow Title = Windows Internet Explorer provided by ComcastmWindow Title = Windows Internet Explorer provided by ComcastmSearch Bar = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=w7HqBpCwd0ynN5caqkI2ee56NNguInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dlluURLSearchHooks: H - No FileBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dllBHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No FileBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dllBHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllTB: {9D425283-D487-4337-BAB6-AB8354A81457} - No FileTB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startupuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startupmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\pci f5d700f\wireless utility\Belkinwcui.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeIE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllLSP: mswsock.dllDPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cabDPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{87F751F6-F027-45F7-8947-8656D586F50B} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{D74FFFF7-6217-4AAC-92D1-44095A22BCA9} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{EA4D8EAB-4480-4F9C-83C7-A0BB5DB5B036} : DhcpNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLAppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\GoogleDesktopNetwork3.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\9w90tvvl.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll.============= SERVICES / DRIVERS ===============.R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 67656]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-9 652872]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2011-8-12 1034240]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-9 20464]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.SYS [2007-1-15 303616]S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-23 29744]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872].=============== Created Last 30 ================.2012-01-20 00:42:09 -------- d-----w- c:\windows\system32\wbem\repository\FS2012-01-20 00:42:09 -------- d-----w- c:\windows\system32\wbem\Repository.==================== Find3M ====================.2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe.============= FINISH: 20:33:09.84 =============== Link to post Share on other sites More sharing options...
mmogan Posted January 24, 2012 Author ID:519964 Share Posted January 24, 2012 Here is the attach.txt:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 10/26/2006 1:40:49 AMSystem Uptime: 1/21/2012 8:15:40 PM (0 hours ago).Motherboard: Dell Inc. | | 0WG864Processor: Intel® Pentium® D CPU 2.66GHz | Microprocessor | 2660/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 144 GiB total, 34.075 GiB free.D: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Intel® 82562V 10/100 Network ConnectionDevice ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8Manufacturer: IntelName: Intel® 82562V 10/100 Network ConnectionPNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8Service: e1express.==== System Restore Points ===================.RP1607: 10/24/2011 1:01:07 PM - System CheckpointRP1608: 10/25/2011 1:29:38 PM - System CheckpointRP1609: 10/26/2011 2:29:37 PM - System CheckpointRP1610: 10/27/2011 3:29:38 PM - System CheckpointRP1611: 10/28/2011 4:29:37 PM - System CheckpointRP1612: 10/29/2011 5:15:46 PM - System CheckpointRP1613: 10/30/2011 5:16:52 PM - System CheckpointRP1614: 10/31/2011 6:15:49 PM - System CheckpointRP1615: 11/1/2011 7:15:51 PM - System CheckpointRP1616: 11/2/2011 8:15:53 PM - System CheckpointRP1617: 11/3/2011 9:43:03 PM - System CheckpointRP1618: 11/4/2011 10:15:57 PM - System CheckpointRP1619: 11/5/2011 10:15:57 PM - System CheckpointRP1620: 11/6/2011 11:16:01 PM - System CheckpointRP1621: 11/7/2011 11:17:06 PM - System CheckpointRP1622: 11/9/2011 12:16:03 AM - System CheckpointRP1623: 11/10/2011 1:16:04 AM - System CheckpointRP1624: 11/10/2011 3:00:15 AM - Software Distribution Service 3.0RP1625: 11/11/2011 3:00:14 AM - Software Distribution Service 3.0RP1626: 11/12/2011 3:21:25 AM - System CheckpointRP1627: 11/13/2011 4:21:27 AM - System CheckpointRP1628: 11/15/2011 7:54:31 AM - System CheckpointRP1629: 11/16/2011 8:23:19 AM - System CheckpointRP1630: 11/17/2011 9:23:21 AM - System CheckpointRP1631: 11/18/2011 10:23:23 AM - System CheckpointRP1632: 11/19/2011 11:23:25 AM - System CheckpointRP1633: 11/20/2011 11:24:32 AM - System CheckpointRP1634: 11/21/2011 1:04:17 PM - System CheckpointRP1635: 11/22/2011 1:23:29 PM - System CheckpointRP1636: 11/23/2011 2:47:36 PM - System CheckpointRP1637: 11/24/2011 3:45:11 PM - System CheckpointRP1638: 11/25/2011 4:23:35 PM - System CheckpointRP1639: 11/26/2011 5:55:43 PM - System CheckpointRP1640: 11/27/2011 6:23:41 PM - System CheckpointRP1641: 11/28/2011 7:26:09 PM - System CheckpointRP1642: 11/29/2011 8:23:41 PM - System CheckpointRP1643: 11/30/2011 9:53:57 PM - System CheckpointRP1644: 12/1/2011 10:23:44 PM - System CheckpointRP1645: 12/2/2011 11:23:46 PM - System CheckpointRP1646: 12/4/2011 12:23:48 AM - System CheckpointRP1647: 12/5/2011 1:23:49 AM - System CheckpointRP1648: 12/6/2011 2:23:51 AM - System CheckpointRP1649: 12/7/2011 3:23:52 AM - System CheckpointRP1650: 12/8/2011 4:23:53 AM - System CheckpointRP1651: 12/9/2011 5:23:56 AM - System CheckpointRP1652: 12/10/2011 6:23:57 AM - System CheckpointRP1653: 12/11/2011 7:23:59 AM - System CheckpointRP1654: 12/12/2011 8:24:00 AM - System CheckpointRP1655: 12/13/2011 9:24:02 AM - System CheckpointRP1656: 12/14/2011 10:24:04 AM - System CheckpointRP1657: 12/15/2011 11:24:05 AM - System CheckpointRP1658: 12/16/2011 3:00:15 AM - Software Distribution Service 3.0RP1659: 12/17/2011 3:29:21 AM - System CheckpointRP1660: 12/18/2011 4:29:23 AM - System CheckpointRP1661: 12/19/2011 5:29:25 AM - System CheckpointRP1662: 12/20/2011 6:29:26 AM - System CheckpointRP1663: 12/21/2011 7:29:28 AM - System CheckpointRP1664: 12/22/2011 8:29:30 AM - System CheckpointRP1665: 12/23/2011 9:29:31 AM - System CheckpointRP1666: 12/24/2011 10:29:35 AM - System CheckpointRP1667: 12/25/2011 11:29:35 AM - System CheckpointRP1668: 12/26/2011 12:29:38 PM - System CheckpointRP1669: 12/27/2011 1:29:40 PM - System CheckpointRP1670: 12/28/2011 2:29:40 PM - System CheckpointRP1671: 12/29/2011 3:29:42 PM - System CheckpointRP1672: 12/30/2011 4:29:45 PM - System CheckpointRP1673: 12/31/2011 5:30:49 PM - System CheckpointRP1674: 1/1/2012 6:29:47 PM - System CheckpointRP1675: 1/2/2012 7:29:49 PM - System CheckpointRP1676: 1/3/2012 7:50:40 PM - System CheckpointRP1677: 1/4/2012 8:29:52 PM - System CheckpointRP1678: 1/5/2012 9:29:53 PM - System CheckpointRP1679: 1/6/2012 10:29:57 PM - System CheckpointRP1680: 1/7/2012 11:29:58 PM - System CheckpointRP1681: 1/9/2012 12:29:57 AM - System CheckpointRP1682: 1/10/2012 1:30:00 AM - System CheckpointRP1683: 1/11/2012 2:30:01 AM - System CheckpointRP1684: 1/12/2012 3:00:14 AM - Software Distribution Service 3.0RP1685: 1/13/2012 3:26:22 AM - System CheckpointRP1686: 1/14/2012 4:26:24 AM - System CheckpointRP1687: 1/15/2012 4:28:37 AM - System CheckpointRP1688: 1/16/2012 5:28:39 AM - System CheckpointRP1689: 1/16/2012 10:16:57 PM - Restore OperationRP1690: 1/17/2012 11:59:31 PM - System CheckpointRP1691: 1/19/2012 7:40:03 PM - Restore OperationRP1692: 1/20/2012 3:00:20 AM - Software Distribution Service 3.0RP1693: 1/21/2012 1:29:24 PM - System Checkpoint.==== Installed Programs ======================.Adobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Photoshop v4.0Adobe Reader 7.1.0Adobe SVG Viewer 3.0AiO_Scan_CDAAiOSoftwareNPIAkram Audio Converter 3.1America Online (Choose which version to remove)Anapod CopyGear (remove only)Anapod Explorer (remove only)AOL Coach Version 1.0(Build:20040229.1 en)AOL Connectivity ServicesAOLIconApple Application SupportApple Mobile Device SupportApple Software UpdateAVS Update Manager 1.0AVS Video Converter 7AVS4YOU Software Navigator 1.4Belkin Wireless G Desktop Card Driver and UtilityBonjourBufferChmBUMC3100c3100_HelpComcast High-Speed Internet Install WizardCompatibility Pack for the 2007 Office systemConexant D850 56K V.9x DFVc ModemCritical Update for Windows Media Player 11 (KB959772)Dell CinePlayerDell Driver Reset ToolDell Resource CDDell Support 3.2Dell System RestoreDesignPro 5.0 Media EditionDesktop DoctorDestinationsDeviceManagementQFolderDigital Content PortalDigital Line DetectDocProcDocProcQFolderDocumentation & Support LauncherEarthLink Setup FilesEducateUESPNMotioneSupportQFolderFax_CDAGames, Music, & Photos LauncherGemMaster MysticGet High Speed Internet!Google ChromeGoogle DesktopGoogle Toolbar for Internet ExplorerGoogle Update HelperHigh Definition Audio Driver Package - KB835221HijackThis 2.0.2Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Imaging Device Functions 7.0HP Photosmart and Deskjet 7.0.AHP Photosmart EssentialHP Product AssistantHP Solution Center 7.0HP UpdateHPPhotoSmartExpressHPProductAssistantHPSSupplyInstantShareDevicesMFCIntel® Matrix Storage ManagerIntel® PRO Network ConnectionsInternet Service Offers LauncheriTunesJ2SE Runtime Environment 5.0 Update 6KODAK EASYSHARE Gallery Easy Upload, v2.1KODAK EASYSHARE Gallery Upload ActiveX ControlLearn2 Player (Uninstall Only)LimeWire 4.16.6Malwarebytes Anti-Malware version 1.60.0.1800McAfee Security Scan PlusMCUMicrosoft .NET Framework 1.0 Hotfix (KB2572066)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Office Professional Edition 2003Microsoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft WorksMobileMe Control PanelModem HelperMozilla Firefox 9.0.1 (x86 en-US)MSXML 4.0MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetWaitingNewCopy_CDANVIDIA DriversOCR Software by I.R.I.S 7.0OttoPanoStandAloneProductContextNPIQuickTimeReadmeRealPlayer BasicRoxio DLARoxio MyDVD LERoxio RecordNow AudioRoxio RecordNow CopyRoxio RecordNow DataSafariScanScannerCopySearchAssistSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Shop for HP SuppliesSkype™ 3.2SolutionCenterSonic Activation ModuleSonic EncodersSonic Update ManagerStatusSUPERAntiSpyware Free EditionToolboxTrayAppUlead VideoStudio 7 SE VCDUnloadUpdate for Windows Internet Explorer 8 (KB971930)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows Media Player 10 (KB910393)Update for Windows Media Player 10 (KB913800)Update for Windows Media Player 10 (KB926251)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005URL AssistantVideoLAN VLC media player 0.8.6fViewpoint Media PlayerVisual C++ 8.0 CRT (x86) WinSXS MSMVuzeVuze Remote ToolbarWeatherBugWeb Studio 4.0WebFldrs XPWebRegWinampWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Installer 3.1 (KB893803)Windows Internet Explorer 8Windows Live MessengerWindows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]Windows Media Player 11Windows XP Media Center Edition 2005 KB2502898Windows XP Media Center Edition 2005 KB2619340Windows XP Media Center Edition 2005 KB2628259Windows XP Media Center Edition 2005 KB908246Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3XviD MPEG-4 Video Codec.==== Event Viewer Messages From Past Week ========.1/19/2012 7:34:45 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).1/19/2012 7:34:45 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.1/19/2012 7:34:40 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).1/19/2012 7:34:32 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).1/19/2012 7:34:32 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.1/18/2012 12:31:39 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.1/17/2012 11:11:36 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.1/17/2012 11:11:36 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.1/16/2012 10:16:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/16/2012 10:15:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL1/16/2012 10:05:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}1/16/2012 10:04:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip1/16/2012 10:04:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.1/16/2012 10:04:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.1/16/2012 10:04:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/16/2012 10:04:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.1/16/2012 10:04:58 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/16/2012 10:04:58 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning..==== End Of File =========================== Link to post Share on other sites More sharing options...
mmogan Posted January 24, 2012 Author ID:519966 Share Posted January 24, 2012 The Maylwarebytes Anti-Malware message does not give a file name when the message pops up. It just says, "Successfully blocked access to a potentially malicious website: 83.133.124.245. Type: outgoing" Link to post Share on other sites More sharing options...
Larusso Posted January 25, 2012 ID:520379 Share Posted January 25, 2012 Sorry for the delay. I did not get a notification that you have replied.Please download Gmer from here and save it to your Desktop. Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*] Then click the Scan button & wait for it to finish.[*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.[*]Save it where you can easily find it, such as your desktop**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Please post in your next replyark.txt Link to post Share on other sites More sharing options...
Larusso Posted January 28, 2012 ID:521212 Share Posted January 28, 2012 Hello, are you still with us?If you do not reply within 24 hours this topic will be closed. Link to post Share on other sites More sharing options...
mmogan Posted January 29, 2012 Author ID:521586 Share Posted January 29, 2012 Here is the report from the ark.txt file:GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2012-01-29 10:50:01Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.ZM10Running: 1f13cylb.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\uxtyapod.sys---- Kernel code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF619D360, 0x21235D, 0xE8000020].text ipsec.sys!Ganwdxxgdy ECDF3000 19 Bytes [EC, FF, B5, 04, FF, FF, FF, ...].text ipsec.sys!Ganwdxxgdy ECDF3014 224 Bytes [00, 57, 1B, DB, 81, E3, C0, ...].text ipsec.sys!Ganwdxxgdy ECDF31A2 105 Bytes [4C, 00, 6F, 00, 67, 00, 49, ...].text ipsec.sys!Ganwdxxgdy ECDF320C 11 Bytes [45, 00, 78, 00, 65, 00, 6D, ...].text ipsec.sys!Ganwdxxgdy ECDF3219 30 Bytes [00, 45, 00, 6E, 00, 61, 00, ...].text ... .text ipsec.sys!IsAkpidxdwe + 4D ECDF3457 43 Bytes CALL ECE02575 \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation).text ipsec.sys!IsAkpidxdwe + 79 ECDF3483 14 Bytes [90, 90, 90, 90, 8B, FF, 55, ...].text ipsec.sys!IsAkpidxdwe + 88 ECDF3492 80 Bytes [A1, A8, 1B, E0, EC, 56, 57, ...].text ipsec.sys!Drqahmbbbg + 2F ECDF34E3 78 Bytes [F0, 3B, F7, 0F, 8D, A8, 0A, ...].text ipsec.sys!AddLrgvirwpmy + 36 ECDF3532 1 Byte [65].text ipsec.sys!AddLrgvirwpmy + 36 ECDF3532 45 Bytes [65, 00, 5C, 00, 53, 00, 79, ...].text ipsec.sys!AddLrgvirwpmy + 64 ECDF3560 9 Bytes [53, 00, 65, 00, 74, 00, 5C, ...].text ipsec.sys!AddLrgvirwpmy + 6E ECDF356A 9 Bytes [65, 00, 72, 00, 76, 00, 69, ...].text ipsec.sys!AddLrgvirwpmy + 78 ECDF3574 46 Bytes [65, 00, 73, 00, 5C, 00, 49, ...].text ... .text ipsec.sys!Ganwdxxgdy + 32 ECDF368D 5 Bytes [8B, FF, 55, 8B, EC] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}.text ipsec.sys!Ganwdxxgdy + 38 ECDF3693 156 Bytes [EC, 34, 53, 56, 8B, 35, B0, ...].text ipsec.sys!Ganwdxxgdy + D5 ECDF3730 35 Bytes [3B, C6, 75, F5, EB, D1, 5C, ...].text ipsec.sys!Ganwdxxgdy + F9 ECDF3754 57 Bytes [6E, 00, 65, 00, 5C, 00, 53, ...].text ipsec.sys!Ganwdxxgdy + 133 ECDF378E 133 Bytes [65, 00, 72, 00, 76, 00, 69, ...].text ... ? C:\WINDOWS\system32\DRIVERS\ipsec.sys suspicious PE modification---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0192000A.text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0193000A.text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0191000C.text C:\Program Files\Mozilla Firefox\firefox.exe[2616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0282000A.text C:\Program Files\Mozilla Firefox\firefox.exe[2616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0377000A.text C:\Program Files\Mozilla Firefox\firefox.exe[2616] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0281000C.text C:\WINDOWS\System32\ping.exe[4004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000A.text C:\WINDOWS\System32\ping.exe[4004] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BB000A.text C:\WINDOWS\System32\ping.exe[4004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A5000A.text C:\WINDOWS\System32\ping.exe[4004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A.text C:\WINDOWS\System32\ping.exe[4004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A4000C.text C:\WINDOWS\System32\ping.exe[4004] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BE000A.text C:\WINDOWS\System32\ping.exe[4004] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BF000A.text C:\WINDOWS\System32\ping.exe[4004] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C0000A.text C:\WINDOWS\System32\ping.exe[4004] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00BD000A---- Devices - GMER 1.0.15 ----Device \FileSystem\Fastfat \Fat B6470D20AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)---- Modules - GMER 1.0.15 ----Module (noname) (*** hidden *** ) F002F000-F0049000 (106496 bytes) ---- Processes - GMER 1.0.15 ----Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 4004 ---- Files - GMER 1.0.15 ----File C:\WINDOWS\$NtUninstallKB52979$\3433663781 0 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689 0 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\@ 2048 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\bckfg.tmp 854 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\cfg.ini 319 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\Desktop.ini 4608 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\keywords 160 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\kwrd.dll 223744 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\L 0 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\L\pdmzmplg 75264 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\lsflt7.ver 5176 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\oemid 22 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\U 0 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\U\00000001.@ 2048 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\U\00000002.@ 224768 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\U\00000004.@ 1024 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\U\80000000.@ 11264 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\U\80000004.@ 12800 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\U\80000032.@ 73216 bytesFile C:\WINDOWS\$NtUninstallKB52979$\3585743689\version 854 bytes---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
mmogan Posted January 29, 2012 Author ID:521588 Share Posted January 29, 2012 PS: sorry for the delay in responding. Link to post Share on other sites More sharing options...
Larusso Posted January 29, 2012 ID:521644 Share Posted January 29, 2012 Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.Please post in your next replyCombofix.txt Link to post Share on other sites More sharing options...
mmogan Posted January 31, 2012 Author ID:522237 Share Posted January 31, 2012 I ran the Combofix and it said I was infected with Rootkit.ZeroAccess. It eventually ran through all the stages after restarting my computer and provided a log report, which is posted below. However, after the log file was created, I could not get online. The icon in the lower right said I was connected to my wireless connection, but the internet wouldn't work. I tried restarting, disconnecting the connection and reconnecting, but that didn't work. I think the Combofix messed with my connection settings or something. Any thoughts?Also, one other thing I found odd that I thought I would mention. After I rebooting following the log report, the Malwarebytes icon in the bottom right said updates were available and I clicked on the icon and it downloaded the updates. Not sure why that was working and my internet wasn't.Here is the log file report:ComboFix 12-01-30.02 - Michael 01/30/2012 20:46:07.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.727 [GMT -5:00]Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Michael\WINDOWSc:\program files\Search Toolbarc:\program files\Search Toolbar\icon.icoc:\program files\Search Toolbar\SearchToolbarUninstall.exec:\program files\Search Toolbar\SearchToolbarUpdater.exec:\windows\$NtUninstallKB52979$\3433663781c:\windows\$NtUninstallKB52979$\3585743689\@c:\windows\$NtUninstallKB52979$\3585743689\bckfg.tmpc:\windows\$NtUninstallKB52979$\3585743689\cfg.inic:\windows\$NtUninstallKB52979$\3585743689\Desktop.inic:\windows\$NtUninstallKB52979$\3585743689\keywordsc:\windows\$NtUninstallKB52979$\3585743689\kwrd.dllc:\windows\$NtUninstallKB52979$\3585743689\L\pdmzmplgc:\windows\$NtUninstallKB52979$\3585743689\lsflt7.verc:\windows\$NtUninstallKB52979$\3585743689\oemidc:\windows\$NtUninstallKB52979$\3585743689\U\00000001.@c:\windows\$NtUninstallKB52979$\3585743689\U\00000002.@c:\windows\$NtUninstallKB52979$\3585743689\U\00000004.@c:\windows\$NtUninstallKB52979$\3585743689\U\80000000.@c:\windows\$NtUninstallKB52979$\3585743689\U\80000004.@c:\windows\$NtUninstallKB52979$\3585743689\U\80000032.@c:\windows\$NtUninstallKB52979$\3585743689\versionc:\windows\kb913800.exec:\windows\system32\drivers\npf.sysc:\windows\system32\Packet.dllc:\windows\system32\pthreadVC.dllc:\windows\system32\WanPacket.dllc:\windows\system32\wpcap.dllc:\windows\$NtUninstallKB52979$ . . . . Failed to delete..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_PODMENA-------\Legacy_PODMENADRV-------\Legacy_USNJSVC-------\Service_usnjsvc..((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))..2012-01-20 08:01 . 2012-01-20 08:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2012-01-20 00:42 . 2012-01-20 00:42 -------- d-----w- c:\windows\system32\wbem\Repository2012-01-18 12:42 . 2012-01-18 12:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer2012-01-17 02:52 . 2012-01-17 02:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-10 20:24 . 2009-06-09 23:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-25 21:57 . 2005-08-16 08:18 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 13:25 . 2005-08-16 08:18 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35 . 2005-08-16 08:18 60416 ----a-w- c:\windows\system32\packager.exe2011-11-04 19:20 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec2011-11-03 15:28 . 2005-08-16 08:18 386048 ----a-w- c:\windows\system32\qdvd.dll2011-11-03 15:28 . 2005-08-16 08:18 1292288 ----a-w- c:\windows\system32\quartz.dll2011-12-21 07:24 . 2012-01-20 03:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys[-] 2008-04-13 19:19 . CC1B819E974842F9E8AD2253C5CBFC84 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys.[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys[-] 2008-04-13 19:19 . CC1B819E974842F9E8AD2253C5CBFC84 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040].c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Desktop Card Client Utility.lnk - c:\program files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2007-1-15 1556480]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2011-04-01 10:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnkbackup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkbackup=c:\windows\pss\Digital Line Detect.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-09-29 18:01 67584 ----a-w- c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2008-08-26 16:19 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]2006-07-06 11:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]2006-07-24 14:20 282624 ----a-w- c:\windows\stsystra.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2007-08-02 01:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\MSN Messenger\\msnmsgr.exe"="c:\\Program Files\\MSN Messenger\\livecall.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="c:\\WINDOWS\\system32\\mmc.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [6/23/2009 10:01 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 67656]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/9/2009 6:13 PM 652872]R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [8/12/2011 2:53 PM 1034240]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/9/2009 6:13 PM 20464]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:17 AM 135664]S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.SYS [1/15/2007 6:08 PM 303616]S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/23/2006 3:32 PM 29744]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:17 AM 135664]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 12872].Contents of the 'Scheduled Tasks' folder.2012-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34].2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:17].2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:17]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/mWindow Title = Windows Internet Explorer provided by ComcastmSearch Bar = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=w7HqBpCwd0ynN5caqkI2ee56NNguInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.1.1DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cabFF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9w90tvvl.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-Cognac - c:\docume~1\Michael\LOCALS~1\Temp\b.exeMSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-01-30 21:09Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(560)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(532)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\HP\Digital Imaging\bin\hpqSTE08.exec:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\nvsvc32.exec:\windows\system32\HPZipm12.exec:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\dllhost.exe.**************************************************************************.Completion time: 2012-01-30 21:14:06 - machine was rebootedComboFix-quarantined-files.txt 2012-01-31 02:14.Pre-Run: 36,483,899,392 bytes freePost-Run: 37,570,174,976 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect.- - End Of File - - 59C8B152B81F52389D3B69F8AFA5F3B1 Link to post Share on other sites More sharing options...
Larusso Posted January 31, 2012 ID:522308 Share Posted January 31, 2012 Hy there,It is not Combofix which kills your connection. It is a common problem with the kind of infection which was present on your system.Please use an USB drive to transfer the script ( and tools we may later need ) to the infected one.Open notepad and copy/paste the text in the Code-box below into it:FCopy::c:\windows\ServicePackFiles\i386\ipsec.sys | c:\windows\system32\drivers\ipsec.sysFolder::c:\windows\$NtUninstallKB52979$ Save this as CFScript.txt, in the same location as ComboFix.exe. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Refering to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Please post in your next replyCombofix.txtLet me know if you are now able to connect Link to post Share on other sites More sharing options...
mmogan Posted February 2, 2012 Author ID:522770 Share Posted February 2, 2012 Internet is working again after I ran combofix by dragging the .txt file over the combofix icon. I believe everything is working okay again. Here is the report from the log flie:Does this mean my computer is clean again?ComboFix 12-01-30.02 - Michael 02/01/2012 19:09:25.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.728 [GMT -5:00]Running from: c:\documents and settings\Michael\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...--------------- FCopy ---------------.c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys.((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))..2012-01-31 02:31 . 2012-01-31 02:31 709968 ----a-w- c:\windows\is-CDA8D.exe2012-01-20 08:01 . 2012-01-20 08:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2012-01-20 00:42 . 2012-01-20 00:42 -------- d-----w- c:\windows\system32\wbem\Repository2012-01-18 12:42 . 2012-01-18 12:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer2012-01-17 02:52 . 2012-01-17 02:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-10 20:24 . 2009-06-09 23:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-25 21:57 . 2005-08-16 08:18 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 13:25 . 2005-08-16 08:18 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35 . 2005-08-16 08:18 60416 ----a-w- c:\windows\system32\packager.exe2011-11-04 19:20 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec2011-12-21 07:24 . 2012-01-20 03:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2012-01-31_02.08.06 ))))))))))))))))))))))))))))))))))))))))).+ 2005-08-16 08:18 . 2012-01-31 02:46 54280 c:\windows\system32\perfc009.dat- 2005-08-16 08:18 . 2012-01-31 01:49 54280 c:\windows\system32\perfc009.dat+ 2005-08-16 08:18 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys+ 2005-08-16 08:18 . 2012-01-31 02:46 384596 c:\windows\system32\perfh009.dat- 2005-08-16 08:18 . 2012-01-31 01:49 384596 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040].c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Desktop Card Client Utility.lnk - c:\program files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2007-1-15 1556480]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2011-04-01 10:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnkbackup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkbackup=c:\windows\pss\Digital Line Detect.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-09-29 18:01 67584 ----a-w- c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2008-08-26 16:19 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]2006-07-06 11:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]2006-07-24 14:20 282624 ----a-w- c:\windows\stsystra.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2007-08-02 01:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\MSN Messenger\\msnmsgr.exe"="c:\\Program Files\\MSN Messenger\\livecall.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="c:\\WINDOWS\\system32\\mmc.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [6/23/2009 10:01 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 67656]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/9/2009 6:13 PM 652360]R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [8/12/2011 2:53 PM 1034240]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/9/2009 6:13 PM 20464]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:17 AM 135664]S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.SYS [1/15/2007 6:08 PM 303616]S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/23/2006 3:32 PM 29744]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:17 AM 135664]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 12872].Contents of the 'Scheduled Tasks' folder.2012-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34].2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:17].2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:17]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/mWindow Title = Windows Internet Explorer provided by ComcastmSearch Bar = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=w7HqBpCwd0ynN5caqkI2ee56NNguInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.1.1DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cabFF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9w90tvvl.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-02-01 19:19Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(548)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.Completion time: 2012-02-01 19:21:29ComboFix-quarantined-files.txt 2012-02-02 00:21ComboFix2.txt 2012-01-31 02:14.Pre-Run: 37,560,410,112 bytes freePost-Run: 37,561,307,136 bytes free.- - End Of File - - 1C9EF78656E8A56D383C62B6F89342DF Link to post Share on other sites More sharing options...
Larusso Posted February 2, 2012 ID:522829 Share Posted February 2, 2012 Great I see you are using peer 2 peer software. In your case Vuze and LimeWireRefering to this sticky topic, I want you to uninstall this kind of software.I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform Quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Save it to your desktop.Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.There is a newer version of Adobe Acrobat Reader available.Please go to this link Adobe Acrobat Reader Download LinkUntick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.Click DownloadOn the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.Click the Continue buttonClick Run, and click Run againNext click the Install Now button and follow the on screen promptsWhen the installation is complete go to Add/Remove Programs and uninstall all previous versions.Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Enviroment 6 Update 30 and save it to your desktop. Scroll down to where it says Java SE 6 Update 30 Click the red Download JRE button on the right. Read the License Agreement then select Accept License Agreement Click on the link to download Windows x86 Offline and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u30-windows-i586 to install the newest version.After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are three options in the window to clear the cache - Make sure all are checkedClick OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.Click OK to leave the Temporary Files WindowClick OK to leave the Java Control Panel.Go here to run an online scanner from ESET.Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checkedClick StartWait for the scan to finishWhen the scan completes, push Push , and save the file to your desktop using a unique name.Push the Back button.Push FinishPlease post this logfile in your next replyPlease post in your next replyESET LogNote any open issues Link to post Share on other sites More sharing options...
mmogan Posted February 5, 2012 Author ID:523842 Share Posted February 5, 2012 I've downloaded updates to Malwarebytes and ran the quick scan. I've also uninstalled Vuze and Limewire. I still need to do everything else in you last post. I'll try to get that done later today. For now, here is the report log from the quick scan. Nothing was found.Malwarebytes Anti-Malware (PRO) 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.05.01Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Michael :: DDJ730C1 [administrator]Protection: Enabled2/5/2012 9:33:16 AMmbam-log-2012-02-05 (09-33-16).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 230120Time elapsed: 7 minute(s), 44 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Larusso Posted February 8, 2012 ID:524634 Share Posted February 8, 2012 Hy there,Any problems with my instructions ? Link to post Share on other sites More sharing options...
mmogan Posted February 8, 2012 Author ID:524647 Share Posted February 8, 2012 No, sorry for the delay. I've been super busy lately and haven't had a chance to finish your instructions. I'll get on it right now... Link to post Share on other sites More sharing options...
mmogan Posted February 8, 2012 Author ID:524677 Share Posted February 8, 2012 Okay, I've updated Adobe Reader and Java. I ran the ESET scanner and it produced the following log:C:\Documents and Settings\Michael\My Documents\Downloads\freeripmp3.exe Win32/AdInstaller applicationC:\Documents and Settings\Michael\Shared\01 Track 1.wma probably a variant of Win32/Agent.BZFASNN trojanC:\Documents and Settings\Michael\Shared\always be jimmy eat world.wma WMA/TrojanDownloader.Wimad.N trojanC:\Documents and Settings\Michael\Shared\Ben Harper - Glory And Consequence.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\frankies gun felice brothers - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\i was scared rivers cuomo.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\too many dicks on the dance fl-HQ.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\too many dicks on the dance fl.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\Top of Charts - 2005.wma WMA/TrojanDownloader.Wimad.D trojanC:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ipsec.sys.vir Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1688\A0109455.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1688\A0109468.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1689\A0109493.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1689\A0110493.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1689\A0110509.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1690\A0110542.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1690\A0110567.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1690\A0110590.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1691\A0110604.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1691\A0110944.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1691\A0111324.exe a variant of Win32/Adware.OneStep.T applicationC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1691\A0111327.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1691\A0111333.exe a variant of Win32/Adware.OneStep.AY applicationC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1691\A0111376.exe a variant of Win32/Adware.OneStep.AY applicationC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1691\A0111404.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1692\A0111633.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1692\A0111656.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1692\A0111690.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1692\A0111705.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1692\A0111716.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1693\A0111740.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1693\A0111759.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1693\A0111780.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1693\A0111795.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1695\A0111840.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1696\A0111885.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1697\A0111896.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1697\A0111912.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1698\A0112008.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1698\A0112016.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1698\A0112028.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1700\A0112072.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1701\A0112416.sys Win32/Sirefef.DA trojan Link to post Share on other sites More sharing options...
Larusso Posted February 10, 2012 ID:525444 Share Posted February 10, 2012 Hy there and sorry for the delay.I do not want to ask where you get those files, but I recommend to delete the followingC:\Documents and Settings\Michael\My Documents\Downloads\freeripmp3.exe Win32/AdInstaller applicationC:\Documents and Settings\Michael\Shared\01 Track 1.wma probably a variant of Win32/Agent.BZFASNN trojanC:\Documents and Settings\Michael\Shared\always be jimmy eat world.wma WMA/TrojanDownloader.Wimad.N trojanC:\Documents and Settings\Michael\Shared\Ben Harper - Glory And Consequence.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\frankies gun felice brothers - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\i was scared rivers cuomo.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\too many dicks on the dance fl-HQ.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\too many dicks on the dance fl.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojanC:\Documents and Settings\Michael\Shared\Top of Charts - 2005.wma WMA/TrojanDownloader.Wimad.D trojanI see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.Here are a few very good free Antivirus products which are available:Avast!Microsoft Security Essentials Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.Install, update definitions, and run a full system scan with the Anti-Virus of your choice.Please launch DDSWhen done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop and post both in your next replyPlease post in your next replydds.txtattach.txtNote any open issues Link to post Share on other sites More sharing options...
mmogan Posted February 12, 2012 Author ID:526196 Share Posted February 12, 2012 Thanks, I didn't know there was free antivirus software out there. I downloaded Avast!Here is the dds.text..DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30Run by Michael at 14:53:22 on 2012-02-12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.492 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\WINDOWS\system32\wscntfy.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/mWindow Title = Windows Internet Explorer provided by ComcastmSearch Bar = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=w7HqBpCwd0ynN5caqkI2ee56NNguInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No FileBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startupuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startupmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguidRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\pci f5d700f\wireless utility\Belkinwcui.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeIE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cabDPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{87F751F6-F027-45F7-8947-8656D586F50B} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{D74FFFF7-6217-4AAC-92D1-44095A22BCA9} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{EA4D8EAB-4480-4F9C-83C7-A0BB5DB5B036} : DhcpNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\9w90tvvl.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll.============= SERVICES / DRIVERS ===============.R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-12 314456]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 67656]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-12 20568]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-12 44768]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-9 652360]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2011-8-12 1034240]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-9 20464]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-12 435032]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.SYS [2007-1-15 303616]S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-23 29744]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872].=============== Created Last 30 ================.2012-02-12 19:29:14 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-02-12 19:29:00 41184 ----a-w- c:\windows\avastSS.scr2012-02-12 19:28:46 -------- d-----w- c:\program files\AVAST Software2012-02-12 19:28:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software2012-02-08 02:12:54 -------- d-----w- c:\program files\ESET2012-02-08 02:04:47 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-02-08 02:04:47 472808 ----a-w- c:\windows\system32\deployJava1.dll2012-01-31 02:31:49 709968 ----a-w- c:\windows\is-CDA8D.exe2012-01-31 01:31:03 -------- d-sha-r- C:\cmdcons2012-01-31 01:26:47 98816 ----a-w- c:\windows\sed.exe2012-01-31 01:26:47 518144 ----a-w- c:\windows\SWREG.exe2012-01-31 01:26:47 256000 ----a-w- c:\windows\PEV.exe2012-01-31 01:26:47 208896 ----a-w- c:\windows\MBR.exe2012-01-20 00:42:09 -------- d-----w- c:\windows\system32\wbem\repository\FS2012-01-20 00:42:09 -------- d-----w- c:\windows\system32\wbem\Repository.==================== Find3M ====================.2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll.============= FINISH: 14:54:36.89 =============== Link to post Share on other sites More sharing options...
mmogan Posted February 12, 2012 Author ID:526197 Share Posted February 12, 2012 Here is the attach.txt:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 10/26/2006 1:40:49 AMSystem Uptime: 2/12/2012 12:15:35 PM (2 hours ago).Motherboard: Dell Inc. | | 0WG864Processor: Intel® Pentium® D CPU 2.66GHz | Microprocessor | 2660/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 144 GiB total, 35.65 GiB free.D: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Intel® 82562V 10/100 Network ConnectionDevice ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8Manufacturer: IntelName: Intel® 82562V 10/100 Network ConnectionPNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8Service: e1express.==== System Restore Points ===================.RP1628: 11/15/2011 7:54:31 AM - System CheckpointRP1629: 11/16/2011 8:23:19 AM - System CheckpointRP1630: 11/17/2011 9:23:21 AM - System CheckpointRP1631: 11/18/2011 10:23:23 AM - System CheckpointRP1632: 11/19/2011 11:23:25 AM - System CheckpointRP1633: 11/20/2011 11:24:32 AM - System CheckpointRP1634: 11/21/2011 1:04:17 PM - System CheckpointRP1635: 11/22/2011 1:23:29 PM - System CheckpointRP1636: 11/23/2011 2:47:36 PM - System CheckpointRP1637: 11/24/2011 3:45:11 PM - System CheckpointRP1638: 11/25/2011 4:23:35 PM - System CheckpointRP1639: 11/26/2011 5:55:43 PM - System CheckpointRP1640: 11/27/2011 6:23:41 PM - System CheckpointRP1641: 11/28/2011 7:26:09 PM - System CheckpointRP1642: 11/29/2011 8:23:41 PM - System CheckpointRP1643: 11/30/2011 9:53:57 PM - System CheckpointRP1644: 12/1/2011 10:23:44 PM - System CheckpointRP1645: 12/2/2011 11:23:46 PM - System CheckpointRP1646: 12/4/2011 12:23:48 AM - System CheckpointRP1647: 12/5/2011 1:23:49 AM - System CheckpointRP1648: 12/6/2011 2:23:51 AM - System CheckpointRP1649: 12/7/2011 3:23:52 AM - System CheckpointRP1650: 12/8/2011 4:23:53 AM - System CheckpointRP1651: 12/9/2011 5:23:56 AM - System CheckpointRP1652: 12/10/2011 6:23:57 AM - System CheckpointRP1653: 12/11/2011 7:23:59 AM - System CheckpointRP1654: 12/12/2011 8:24:00 AM - System CheckpointRP1655: 12/13/2011 9:24:02 AM - System CheckpointRP1656: 12/14/2011 10:24:04 AM - System CheckpointRP1657: 12/15/2011 11:24:05 AM - System CheckpointRP1658: 12/16/2011 3:00:15 AM - Software Distribution Service 3.0RP1659: 12/17/2011 3:29:21 AM - System CheckpointRP1660: 12/18/2011 4:29:23 AM - System CheckpointRP1661: 12/19/2011 5:29:25 AM - System CheckpointRP1662: 12/20/2011 6:29:26 AM - System CheckpointRP1663: 12/21/2011 7:29:28 AM - System CheckpointRP1664: 12/22/2011 8:29:30 AM - System CheckpointRP1665: 12/23/2011 9:29:31 AM - System CheckpointRP1666: 12/24/2011 10:29:35 AM - System CheckpointRP1667: 12/25/2011 11:29:35 AM - System CheckpointRP1668: 12/26/2011 12:29:38 PM - System CheckpointRP1669: 12/27/2011 1:29:40 PM - System CheckpointRP1670: 12/28/2011 2:29:40 PM - System CheckpointRP1671: 12/29/2011 3:29:42 PM - System CheckpointRP1672: 12/30/2011 4:29:45 PM - System CheckpointRP1673: 12/31/2011 5:30:49 PM - System CheckpointRP1674: 1/1/2012 6:29:47 PM - System CheckpointRP1675: 1/2/2012 7:29:49 PM - System CheckpointRP1676: 1/3/2012 7:50:40 PM - System CheckpointRP1677: 1/4/2012 8:29:52 PM - System CheckpointRP1678: 1/5/2012 9:29:53 PM - System CheckpointRP1679: 1/6/2012 10:29:57 PM - System CheckpointRP1680: 1/7/2012 11:29:58 PM - System CheckpointRP1681: 1/9/2012 12:29:57 AM - System CheckpointRP1682: 1/10/2012 1:30:00 AM - System CheckpointRP1683: 1/11/2012 2:30:01 AM - System CheckpointRP1684: 1/12/2012 3:00:14 AM - Software Distribution Service 3.0RP1685: 1/13/2012 3:26:22 AM - System CheckpointRP1686: 1/14/2012 4:26:24 AM - System CheckpointRP1687: 1/15/2012 4:28:37 AM - System CheckpointRP1688: 1/16/2012 5:28:39 AM - System CheckpointRP1689: 1/16/2012 10:16:57 PM - Restore OperationRP1690: 1/17/2012 11:59:31 PM - System CheckpointRP1691: 1/19/2012 7:40:03 PM - Restore OperationRP1692: 1/20/2012 3:00:20 AM - Software Distribution Service 3.0RP1693: 1/21/2012 1:29:24 PM - System CheckpointRP1694: 1/22/2012 3:32:27 PM - System CheckpointRP1695: 1/23/2012 3:52:56 PM - System CheckpointRP1696: 1/24/2012 7:44:14 PM - System CheckpointRP1697: 1/25/2012 8:23:10 PM - System CheckpointRP1698: 1/27/2012 4:05:59 PM - System CheckpointRP1699: 1/28/2012 5:03:30 PM - System CheckpointRP1700: 1/29/2012 5:43:50 PM - System CheckpointRP1701: 2/1/2012 6:59:54 PM - ComboFix created restore pointRP1702: 2/1/2012 7:53:13 PM - Software Distribution Service 3.0RP1703: 2/2/2012 8:07:05 PM - System CheckpointRP1704: 2/5/2012 10:22:24 AM - System CheckpointRP1705: 2/6/2012 8:06:34 PM - System CheckpointRP1706: 2/7/2012 8:42:17 PM - Removed Adobe Reader 7.1.0RP1707: 2/7/2012 8:42:43 PM - Installed Adobe Reader X (10.1.2).RP1708: 2/7/2012 8:58:12 PM - Removed J2SE Runtime Environment 5.0 Update 6RP1709: 2/7/2012 9:04:27 PM - Installed Java 6 Update 30RP1710: 2/9/2012 7:36:29 AM - System CheckpointRP1711: 2/10/2012 10:57:50 AM - System CheckpointRP1712: 2/11/2012 11:08:17 AM - System CheckpointRP1713: 2/12/2012 12:32:09 PM - System CheckpointRP1714: 2/12/2012 2:28:46 PM - avast! Free Antivirus Setup.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Photoshop v4.0Adobe Reader X (10.1.2)Adobe SVG Viewer 3.0AiO_Scan_CDAAiOSoftwareNPIAkram Audio Converter 3.1America Online (Choose which version to remove)Anapod CopyGear (remove only)Anapod Explorer (remove only)AOL Coach Version 1.0(Build:20040229.1 en)AOL Connectivity ServicesAOLIconApple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusAVS Update Manager 1.0AVS Video Converter 7AVS4YOU Software Navigator 1.4Belkin Wireless G Desktop Card Driver and UtilityBonjourBufferChmBUMC3100c3100_HelpComcast High-Speed Internet Install WizardCompatibility Pack for the 2007 Office systemConexant D850 56K V.9x DFVc ModemCritical Update for Windows Media Player 11 (KB959772)Dell CinePlayerDell Driver Reset ToolDell Resource CDDell Support 3.2Dell System RestoreDesignPro 5.0 Media EditionDesktop DoctorDestinationsDeviceManagementQFolderDigital Content PortalDigital Line DetectDocProcDocProcQFolderDocumentation & Support LauncherEarthLink Setup FilesEducateUESET Online Scanner v3ESPNMotioneSupportQFolderFax_CDAGames, Music, & Photos LauncherGemMaster MysticGet High Speed Internet!Google ChromeGoogle DesktopGoogle Toolbar for Internet ExplorerGoogle Update HelperHigh Definition Audio Driver Package - KB835221HijackThis 2.0.2Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Imaging Device Functions 7.0HP Photosmart and Deskjet 7.0.AHP Photosmart EssentialHP Product AssistantHP Solution Center 7.0HP UpdateHPPhotoSmartExpressHPProductAssistantHPSSupplyInstantShareDevicesMFCIntel® Matrix Storage ManagerIntel® PRO Network ConnectionsInternet Service Offers LauncheriTunesJava Auto UpdaterJava 6 Update 30KODAK EASYSHARE Gallery Easy Upload, v2.1KODAK EASYSHARE Gallery Upload ActiveX ControlLearn2 Player (Uninstall Only)Malwarebytes Anti-Malware version 1.60.1.1000MCUMicrosoft .NET Framework 1.0 Hotfix (KB2572066)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Office Professional Edition 2003Microsoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft WorksMobileMe Control PanelModem HelperMozilla Firefox 9.0.1 (x86 en-US)MSXML 4.0MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetWaitingNewCopy_CDANVIDIA DriversOCR Software by I.R.I.S 7.0OttoPanoStandAloneProductContextNPIQuickTimeReadmeRealPlayer BasicRoxio DLARoxio MyDVD LERoxio RecordNow AudioRoxio RecordNow CopyRoxio RecordNow DataSafariScanScannerCopySearchAssistSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Shop for HP SuppliesSkype™ 3.2SolutionCenterSonic Activation ModuleSonic EncodersSonic Update ManagerStatusSUPERAntiSpyware Free EditionToolboxTrayAppUlead VideoStudio 7 SE VCDUnloadUpdate for Windows Internet Explorer 8 (KB971930)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows Media Player 10 (KB910393)Update for Windows Media Player 10 (KB913800)Update for Windows Media Player 10 (KB926251)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005URL AssistantVideoLAN VLC media player 0.8.6fViewpoint Media PlayerVisual C++ 8.0 CRT (x86) WinSXS MSMWeatherBugWeb Studio 4.0WebFldrs XPWebRegWinampWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Installer 3.1 (KB893803)Windows Internet Explorer 8Windows Live MessengerWindows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]Windows Media Player 11Windows XP Media Center Edition 2005 KB2502898Windows XP Media Center Edition 2005 KB2619340Windows XP Media Center Edition 2005 KB2628259Windows XP Media Center Edition 2005 KB908246Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3XviD MPEG-4 Video Codec.==== Event Viewer Messages From Past Week ========.2/8/2012 10:46:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)2/7/2012 8:29:56 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period..==== End Of File =========================== Link to post Share on other sites More sharing options...
Larusso Posted February 12, 2012 ID:526252 Share Posted February 12, 2012 Any open issues ? Logs appears clean Link to post Share on other sites More sharing options...
mmogan Posted February 12, 2012 Author ID:526279 Share Posted February 12, 2012 No, I think we are good to go. Thank you so much Daniel! You are the man! Link to post Share on other sites More sharing options...
Larusso Posted February 12, 2012 ID:526286 Share Posted February 12, 2012 You are welcome.Please follow these last few steps.Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OKcombofix /uninstallThis will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.Empty your Recycle Bin if it does not do so automatically.Now that you appear to be free from malware lets help you stay that way!It is vital that you keep your system up to datePlease enable Automatic Updates to keep your system up to date. Windows UpdatesWin XP: Start --> Control Panel and double- click on Automatic Updates.Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates[*] Software UpdatesYour installed Software also can have vulnerabilities that malware can use to infect your system.To keep your installed Software up to date I recommend File Hippo.Anti Virus Software Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.Additional Protection Malwarebytes Anti MalwareThe freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features. WinPatrolWinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. Safer Browsing Web of Trust ( WOT )This software helps you to stay away from sites that have malicious purposes. SpywareBlasterThis software helps prevent the installation of ActiveX-based spyware MVPS Hosts fileThis Hosts File will restrict known ad sites from serving you unsolicited advertisements.Use an alternate browserOther browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer. Opera FirefoxNote: If you use Firefox you may want to have a look on this Add Ons. AdblockPlus ( Blocks advertisments ) NoScript ( Blocks Java, Flash and JavaScript )Computer MaintenanceClean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).Thinking while surfingThere is no software which will protect your system from yourself.I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet. Staying Safe on the Internet ( by Glaswegian ) Making Internet Explorer Safer. Think Prevention!If you have any questions kindly ask.Please respond to this thread one more time so we can mark this thread as resolved. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 20, 2012 ID:528730 Share Posted February 20, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts