ejg593 Posted March 2, 2012 ID:532151 Share Posted March 2, 2012 New here & need help.Running Windows XP & things started acting up. Tried my Microsoft Essentials Scan & it kept freezing up. Ran Spybot S&D & found "Win32.Koobface" & cleared it. Still having issues, so ran Malwarebytes which found "Koobface.trace" & cleaned it. Still not running right, rescanned several times but everything says the system is clean. Something must be damaged, or not quite fixed- HELP!. This is the log after the Koobface Trace discovery & removal.Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.29.03Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Davinne Law :: DAVINNE [administrator]2/29/2012 7:24:57 AMmbam-log-2012-02-29 (07-24-57).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 226017Time elapsed: 58 minute(s), 2 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Maniac Posted March 3, 2012 ID:532372 Share Posted March 3, 2012 Hello ejg593 and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Your MBAM database was not up-to-date, so:Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 2Please follow the instructions here and post the log files from DDS:http://forums.malwarebytes.org/index.php?showtopic=9573In your next post, please include:Malwarebytes' Anti-Malware logDDS log with Attach.txt Link to post Share on other sites More sharing options...
ejg593 Posted March 3, 2012 Author ID:532428 Share Posted March 3, 2012 Updated & ran a MBAM Quick Scan. Downloaded DDS & scanned. Attached are the logs:Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.03.03.05Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Davinne Law :: DAVINNE [administrator]3/3/2012 9:18:42 AMmbam-log-2012-03-03 (09-18-42).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 227008Time elapsed: 47 minute(s), 41 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)---------------------------------------------------------------DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Davinne Law at 10:54:33 on 2012-03-03Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.480 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://www.dellnet.comuSearch Bar = hxxp://www.google.com/ieuInternet Settings,ProxyOverride = localhostuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dllTB: {8260C2B8-E0D1-448a-B062-33D12D468BF0} - No FileTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dllEB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MSKAgent.exeuRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [bCMSMMSG] BCMSMMSG.exemRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exemRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -umRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [smartSoft PDF Printer Agent] c:\program files\smart pdf creator pro\SmartSoft PDF Printer Agent.exemRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startupdRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\davinn~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dllIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLLIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLLIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CABDPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cabDPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exeDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cabDPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.vcrlter.virginia.edu/AxisCamControl.ocxDPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://vetcenter1.ourlinksys.com:1024/PlayerPT.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{BDA107D9-2C85-4F4F-8A1C-B5E02965C3FF} : DhcpNameServer = 192.168.2.1Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLLWinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLLWinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLLWinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLLWinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLLWinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLLWinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLLNotify: igfxcui - igfxsrvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]S1 DW;DW; [x]S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [2010-8-17 18088].=============== File Associations ===============.scrfile="%1" %*.=============== Created Last 30 ================.2012-03-02 14:40:44 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d07ee615-87b0-43dc-b236-5d9c88a1dca3}\mpengine.dll2012-02-29 20:21:22 -------- dc-h--w- c:\windows\ie82012-02-29 19:38:33 -------- d-----w- C:\06fd924e9b61d6463663ca7a5cf3612012-02-16 03:25:58 -------- d-----w- c:\windows\9013B37099D4404B9DB9779B51CEB5FF.TMP2012-02-16 03:21:51 -------- d-----w- c:\program files\LeapFrog2012-02-16 03:21:51 -------- d-----w- c:\documents and settings\all users\application data\Leapfrog2012-02-15 12:14:29 3072 ------w- c:\windows\system32\iacenc.dll2012-02-15 12:14:29 3072 ------w- c:\windows\system32\dllcache\iacenc.dll.==================== Find3M ====================.2012-02-16 03:29:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 10:58:07.43 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 5/15/2003 12:13:37 AMSystem Uptime: 3/3/2012 7:46:53 AM (3 hours ago).Motherboard: Dell Computer Corporation | | Processor: Intel® Pentium® 4 CPU 2.20GHz | Socket 478 | 2192/400mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 56 GiB total, 27.706 GiB free.D: is CDROM ()E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 2/27/2012 10:22:08 AM - System CheckpointRP2: 2/27/2012 10:34:44 AM - Software Distribution Service 3.0RP3: 2/27/2012 8:26:53 PM - Software Distribution Service 3.0RP4: 2/28/2012 11:39:38 PM - Software Distribution Service 3.0RP5: 2/29/2012 2:26:03 PM - Installed Windows Internet Explorer 8.RP6: 2/29/2012 2:30:15 PM - Software Distribution Service 3.0RP7: 2/29/2012 2:55:35 PM - Software Distribution Service 3.0RP8: 3/2/2012 8:40:34 AM - Software Distribution Service 3.0RP9: 3/3/2012 8:52:15 AM - System Checkpoint.==== Installed Programs ======================..Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop Elements 2.0Adobe Reader 9.1.3Adobe Reader 9.2Adobe Reader 9.3.1aspiBACSBanctec Service AgreementBCM V.92 56K ModemBelkin Setup and Router MonitorBroadcom Advanced Control SuiteBUMCamera WindowCanon Camera WIA DriverCanon Camera Window for ZoomBrowser EXCanon Easy-WebPrint EXCanon EOS Kiss REBEL 300D WIA DriverCanon MP Navigator EX 3.0Canon MP490 series MP DriversCanon MP490 series User RegistrationCanon PhotoRecordCanon S900Canon Utilities Easy-PhotoPrintCanon Utilities Easy-PhotoPrint EXCanon Utilities File Viewer Utility 1.3Canon Utilities My PrinterCanon Utilities PhotoStitch 3.1Canon Utilities RemoteCapture 2.7Canon Utilities Solution MenuCanon Utilities ZoomBrowser EXCardRecoveryCCH Small Firm Services (xulRunner)CCHelpCCScoreCreative Lettering Volume 4Critical Update for Windows Media Player 11 (KB959772)DAODell Digital Jukebox DriverDell Picture Studio - Dell Image ExpertDell Solution CenterDell Support 5.0.0 (766)DVC5.1 DriverEarthlink Installer - uninstall 'Earthlink 5.0' entry first if presentEasy CD-DA Extractor 6.1Easy CD Creator 5 BasicELNKInstESSAdptESSANUPESSBrwrESSCAMESSCDBKESScoreESSguiESShelpESSiniESSPCDESSstoreESSvpahtESSvpotFile Viewer Utility 1.3.1Garmin City Navigator North America NT 2009.11 UpdateGarmin Communicator PluginGarmin USB DriversGarmin WebUpdaterGoogle Toolbar for Internet ExplorerH&R Block Business 2009 (Remove Only)H&R Block Missouri 2009H&R Block Premium + Efile + State 2009Help and Support CustomizationHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Hoyle Word GamesHP Photo and Imaging 1.0 - Scanjet 3500c SeriesIntel® Extreme Graphics DriverJava Auto UpdaterJava 6 Update 18KODAK EASYSHARE Gallery Easy Upload, v2.0KODAK EASYSHARE Gallery Upload ActiveX ControlKodak EasyShare softwareKSUMalwarebytes Anti-Malware version 1.60.1.1000Microsoft .NET Framework (English)Microsoft .NET Framework (English) v1.0.3705Microsoft .NET Framework 1.0 Hotfix (KB928367)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft ActiveSync 3.7Microsoft AntimalwareMicrosoft Application Error ReportingMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Data Access Components KB870669Microsoft Encarta Encyclopedia Standard 2003Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Outlook 2002Microsoft Picture It! Photo 7.0Microsoft Picture It! Publishing Platinum 2002Microsoft Plus! for Windows XPMicrosoft PowerPoint Viewer 97Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Works 2003 Setup LauncherMicrosoft Works 7.0Microsoft Works Suite Add-in for Microsoft WordMove Networks Media Player for Internet ExplorerMP3 RocketMPIO Manager 2MPIO Plugins PackMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero OEMNotifierOTtBPPaint Shop Pro 7PCDLNCHPhotoParade PlayerPhotoStitchPowerDVDPremium QuoteQuickTimeRealPlayerRemoteCapture 2.7.4RollSamsung Video Codec 1.2.5009 UninstallSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB911565)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows Media Player 9 (KB936782)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)SFRSFR2ShareInsShockwaveSierra UtilitiesSmart PDF Creator Pro 5.1.0.397Spybot - Search & DestroySpybot - Search & Destroy 1.4SureThing CD Labeler - Stomper Edition 32 bitSwitch Sound File ConverterTurboTax 2010TurboTax 2010 WinPerFedFormsetTurboTax 2010 WinPerReleaseEngineTurboTax 2010 WinPerTaxSupportTurboTax 2010 wmoiperTurboTax 2010 wrapperTWC Client ActiveX ControlsUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596789) 32-Bit EditionUpdate for Microsoft Office Excel 2007 (KB2596596) 32-Bit EditionUpdate for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)WebFldrs XPWindows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Live OneCare safety scannerWindows Media Format 11 runtimeWindows Media Format SDK Hotfix - KB891122Windows Media Player 11Windows XP Service Pack 3Works Suite OS PackWunderPhoto ScreensaverYahoo! Mail Quick Select Tool (PhotoMail)Yahoo! Photos Print-at-Home Tool.==== Event Viewer Messages From Past Week ========.2/28/2012 3:30:34 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 000874C53C5F has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).2/27/2012 9:47:51 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.332.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode2/27/2012 9:47:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}2/27/2012 9:37:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}2/27/2012 9:33:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL2/27/2012 9:33:41 AM, error: Service Control Manager [7022] - The System Restore Service service hung on starting.2/27/2012 9:33:41 AM, error: Service Control Manager [7022] - The Help and Support service hung on starting.2/27/2012 9:33:41 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.2/27/2012 9:33:40 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.2/27/2012 9:33:40 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.2/27/2012 9:33:40 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.2/27/2012 9:32:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}2/27/2012 9:16:38 AM, error: Service Control Manager [7000] - The SupportSoft RemoteAssist service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.2/27/2012 9:16:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SupportSoft RemoteAssist service to connect..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted March 4, 2012 ID:532606 Share Posted March 4, 2012 Step 1I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.exe to your desktop. Then run ResetTeaTimer.exe.This will only take a few seconds.Step 2Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
ejg593 Posted March 4, 2012 Author ID:532646 Share Posted March 4, 2012 Disabled Teatimer & Antivirus & ran Combofix as instructed. Here's the report:ComboFix 12-03-04.01 - Davinne Law 03/04/2012 11:30:08.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.658 [GMT -6:00]Running from: c:\documents and settings\Davinne Law\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\DirectCDUserNameD.txtc:\windows\dasetup.logc:\windows\iun6002.exec:\windows\system32\dllcache\dlimport.exec:\windows\system32\drivers\etc\lmhostsc:\windows\system32\drivers\fad.sysc:\windows\system32\rnaph.dllc:\windows\system32\SET3EF.tmpc:\windows\system32\SET3FB.tmpc:\windows\system32\SET44F.tmp..((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))..2012-03-04 16:46 . 2012-03-04 16:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4363AAC-8B16-43C5-A7C7-F44DD2FD4674}\MpKsl74e0ea52.sys2012-03-04 13:56 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4363AAC-8B16-43C5-A7C7-F44DD2FD4674}\mpengine.dll2012-02-29 20:21 . 2012-02-29 20:29 -------- dc-h--w- c:\windows\ie82012-02-29 19:38 . 2012-02-29 19:45 -------- d-----w- C:\06fd924e9b61d6463663ca7a5cf3612012-02-27 15:28 . 2012-02-27 15:28 -------- d-----w- c:\documents and settings\Administrator2012-02-16 03:25 . 2012-02-24 16:45 -------- d-----w- c:\windows\9013B37099D4404B9DB9779B51CEB5FF.TMP2012-02-16 03:21 . 2012-02-16 03:21 -------- d-----w- c:\program files\LeapFrog2012-02-16 03:21 . 2012-02-16 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog2012-02-15 12:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll2012-02-15 12:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-16 03:29 . 2011-06-15 12:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-08 06:03 . 2011-11-10 14:29 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-01-31 12:44 . 2010-05-18 16:20 237072 ------w- c:\windows\system32\MpSigStub.exe2012-01-12 16:53 . 2002-08-29 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys2011-12-17 19:46 . 2004-02-06 23:05 916992 ----a-w- c:\windows\system32\wininet.dll2011-12-17 19:46 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll2011-12-17 19:46 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec2011-12-10 21:24 . 2009-08-18 18:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-22 180269]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-05-26 77824]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [2010-10-15 62856]"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].c:\documents and settings\Davinne Law\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkbackup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnkbackup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Davinne Law^Start Menu^Programs^Startup^Skyscape smARTupdate.lnk]path=c:\documents and settings\Davinne Law\Start Menu\Programs\Startup\Skyscape smARTupdate.lnkbackup=c:\windows\pss\Skyscape smARTupdate.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2001-07-09 16:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2003-05-26 18:12 77824 ----a-w- c:\program files\QuickTime\qttask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]2003-11-01 01:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]2002-04-11 09:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]2005-12-22 04:16 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=.R1 MpKsl74e0ea52;MpKsl74e0ea52;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4363AAC-8B16-43C5-A7C7-F44DD2FD4674}\MpKsl74e0ea52.sys [3/4/2012 10:46 AM 29904]S1 DW;DW; [x].Contents of the 'Scheduled Tasks' folder.2011-11-28 c:\windows\Tasks\Disk Cleanup.job- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12].2012-03-04 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39].2010-05-15 c:\windows\Tasks\switchDowngrade.job- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-07-31 16:39].2010-08-02 c:\windows\Tasks\switchShakeIcon.job- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-07-31 16:39]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = localhostuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000Trusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comTCP: DhcpNameServer = 192.168.2.1DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.- - - - ORPHANS REMOVED - - - -.WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)HKCU-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exeHKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exeMSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exeAddRemove-Easy CD-DA Extractor 6.1 - c:\windows\iun6002.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-03-04 12:16Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Completion time: 2012-03-04 12:32:23ComboFix-quarantined-files.txt 2012-03-04 18:32.Pre-Run: 29,503,643,648 bytes freePost-Run: 29,943,099,392 bytes free.- - End Of File - - EA17722389CA71766A1F2B75231ABBAC Link to post Share on other sites More sharing options...
Maniac Posted March 4, 2012 ID:532665 Share Posted March 4, 2012 Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
ejg593 Posted March 5, 2012 Author ID:532753 Share Posted March 5, 2012 Downloaded & ran ESET Scanner.ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=4c5623d4a35a9c45ba0d7a91abb2ae15# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=false# utc_time=2012-03-05 01:58:35# local_time=2012-03-04 07:58:35 (-0600, Central Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5891 16776533 42 87 0 26869183 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=80683# found=0# cleaned=0# scan_time=20501 Link to post Share on other sites More sharing options...
Maniac Posted March 5, 2012 ID:532917 Share Posted March 5, 2012 How are things running now? Link to post Share on other sites More sharing options...
ejg593 Posted March 5, 2012 Author ID:532920 Share Posted March 5, 2012 To be honest- I don't know. Since it became infected & we've been doing all these scans & reports, I've left the desktop alone to not mess anything up that we're trying to fix. From what little navagating I've done, it seems good. I've noticed the scans aren't finding anything newly infected, so am I to assume all should be well & fixed?If so, do I need to uninstall all these scanners, or just tuck them away in the back files somplace on the computer? Link to post Share on other sites More sharing options...
ejg593 Posted March 5, 2012 Author ID:532921 Share Posted March 5, 2012 Another thought- I didn't realize Teatimer was constantly running in the background in conjunction w/my anti-vrus software. It had been years since I used SpyBot & maybe that has been an upgrade since then. Anyway, after the virus was removed, could the 2 programs working on top of one another been the cause for my sluggish issues? Link to post Share on other sites More sharing options...
Maniac Posted March 5, 2012 ID:532922 Share Posted March 5, 2012 We will remove such tools, but it is important to know that your system is already clean. The results of the checks are good. Please change all of your passwords.Uninstall ComboFix:www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstallNext, uninstall ESET Online Scanner and manually delete DDS.Malware prevention tips:http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983Safe surfing! Link to post Share on other sites More sharing options...
ejg593 Posted March 5, 2012 Author ID:532927 Share Posted March 5, 2012 I uninstalled ComboFix & ESET. Thanks a ton for all of your help. I assume I can delete the saved logs & the Reset Teatimer program too? Link to post Share on other sites More sharing options...
Maniac Posted March 6, 2012 ID:533054 Share Posted March 6, 2012 You are free to delete them. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 9, 2012 ID:533584 Share Posted March 9, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts