Jump to content

Trojan.Ransom.Gen


Recommended Posts

I've got a Trojan.Ransom.Gen on my PC. I ran avast quick scan and boot scan and then Malwarebytes all three removed a virus. Everything worked fine for about a day, we could surf the net as normal. Yesterday after turning the PC back on the virus was back. I get the your computer is blocked unless you pay $200 message, only when I'm connected to the internet, if I pull the connection from my modem, then everything works fine.

However, now I run avast and it doesnt find anything. I use Malwarebytes and it detects the Trojan.Ransom.Gen and I removed it. However it immediately returns. I can run a Malwarebytes quick scan and remove the trojan and then run it again and it will detect the same thing again.

The file that it names is:

C:\Document and Settings\Owners\Startmenu\Programs\Start up\ctfmon.lnk

Any help on what I should or can do, before I go pay $95 for a tech specialist to remove it?

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

DDS LOG

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Owner at 13:22:05 on 2012-08-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1535 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DownloadHQ\downloadhq.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\program files\searchpredict\SearchPredict.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: BearSharePersonalization: {dd1849ea-8403-4441-8dff-7575aae1dc16} - c:\program files\bearshare applications\personalization\BearSharePersonalizationIE_v1047.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\speedbit video downloader\toolbar\grabber.dll

TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [downloadhq] "c:\program files\downloadhq\downloadhq.exe" -h

uRun: [DownloadAccelerator] "j:\program files\dap\DAP.exe" /STARTUP

uRun: [speedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: c:\program files\speedbit video accelerator\SBLSP.dll

Trusted Zone: google.com\www

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182133496453

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\vs4ln1ej.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-7 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-7 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-7 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-7 44808]

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-10-12 2560]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-5-26 131512]

R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-18 129976]

S3 TridVid;USB2.0 VIDBOX NM;c:\windows\system32\drivers\TridVid.sys [2011-12-26 201216]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-08 01:42:31 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-08 01:41:59 41224 ----a-w- c:\windows\avastSS.scr

2012-08-08 01:41:25 -------- d-----w- c:\program files\AVAST Software

2012-08-08 01:41:25 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-08-08 00:58:13 -------- d-s---w- C:\ComboFix

2012-07-19 03:17:17 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-19 03:17:03 19384 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2012-07-19 03:17:02 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-07-19 03:17:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-07-19 03:17:01 125880 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

.

==================== Find3M ====================

.

2012-08-10 13:14:49 1529 --sha-w- c:\windows\system32\mmf.sys

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-14 04:33:01 1409 ----a-w- c:\windows\QTFont.for

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-18 09:41:40 84480 ----a-w- c:\windows\system32\EasyHook32.dll

2012-05-18 09:41:40 109216 ----a-w- c:\windows\system32\EasyHook64.dll

2012-05-18 09:41:39 172032 ----a-w- c:\windows\system32\AniGIF.ocx

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 13:23:07.98 ===============

Attach LOG

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/26/2007 5:53:17 PM

System Uptime: 8/10/2012 7:58:31 AM (6 hours ago)

.

Motherboard: | |

Processor: Intel® Celeron® CPU 2.93GHz | J2E1 | 2926/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 145 GiB total, 10.238 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 1.672 GiB free.

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP140: 6/21/2012 11:11:54 PM - System Checkpoint

RP141: 6/23/2012 12:02:19 AM - System Checkpoint

RP142: 6/23/2012 3:00:20 AM - Software Distribution Service 3.0

RP143: 6/25/2012 12:31:58 AM - System Checkpoint

RP144: 6/28/2012 3:03:22 AM - System Checkpoint

RP145: 6/29/2012 8:10:06 AM - System Checkpoint

RP146: 7/1/2012 11:59:19 PM - System Checkpoint

RP147: 7/3/2012 7:53:39 AM - System Checkpoint

RP148: 7/8/2012 11:07:58 PM - System Checkpoint

RP149: 7/11/2012 3:00:29 AM - Software Distribution Service 3.0

RP150: 7/12/2012 3:28:04 AM - System Checkpoint

RP151: 7/13/2012 6:10:41 AM - System Checkpoint

RP152: 7/14/2012 7:45:15 PM - System Checkpoint

RP153: 7/18/2012 12:16:04 AM - System Checkpoint

RP154: 7/19/2012 12:47:53 AM - System Checkpoint

RP155: 7/20/2012 1:43:17 AM - System Checkpoint

RP156: 7/21/2012 2:43:20 AM - System Checkpoint

RP157: 7/22/2012 3:43:17 AM - System Checkpoint

RP158: 7/23/2012 4:27:49 AM - System Checkpoint

RP159: 7/24/2012 5:27:15 AM - System Checkpoint

RP160: 7/25/2012 5:27:49 AM - System Checkpoint

RP161: 7/26/2012 6:45:42 AM - System Checkpoint

RP162: 7/27/2012 7:27:49 AM - System Checkpoint

RP163: 7/28/2012 10:12:55 PM - System Checkpoint

RP164: 7/29/2012 10:53:09 PM - System Checkpoint

RP165: 7/30/2012 11:28:07 PM - System Checkpoint

RP166: 8/1/2012 7:27:19 AM - System Checkpoint

RP167: 8/2/2012 4:25:38 PM - System Checkpoint

RP168: 8/5/2012 11:37:28 PM - System Checkpoint

RP169: 8/7/2012 12:23:24 AM - System Checkpoint

RP170: 8/7/2012 8:36:33 PM - Removed MediaFire Toolbar.

RP171: 8/7/2012 9:41:25 PM - avast! Free Antivirus Setup

RP172: 8/7/2012 9:56:30 PM - Software Distribution Service 3.0

RP173: 8/9/2012 12:21:56 AM - System Checkpoint

RP174: 8/10/2012 12:48:03 AM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Adobe Shockwave Player 11.5

AIO_Scan

Any Video Converter 3.3.8

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

AVS Update Manager 1.0

AVS Video Converter 8

AVS4YOU Software Navigator 1.4

BearShare

Best Buy Digital Music Store

BigFix

bitRipper

Bitser Beta

Bonjour

BufferChm

Build-a-lot - On Vacation

Build-a-lot - Town of the Year

Command & Conquer Generals

Compatibility Pack for the 2007 Office system

Copy

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Digital Media Reader

DJ_AIO_ProductContext

DJ_AIO_Software

DJ_AIO_Software_min

Download Accelerator Plus (DAP)

DownloadHQ

DVD Flick 1.3.0.7

eSupportQFolder

F2100

F2100_doccd

F2100_Help

Fast Break College Basketball 2010 Demo

Free Video Joiner 1.1

GearDrvs

getPlus®_ocx

Google Chrome

Google Update Helper

honestech VHS to DVD 4.0 HD

Hotel Mogul

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB954550-v5)

HP Customer Participation Program 9.0

HP Deskjet All-In-One Software 9.0

HP Imaging Device Functions 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

Imikimi Plugin

Info Center 1.0.0.7

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

iTunes

Java 2 Runtime Environment, SE v1.4.2

Java Auto Updater

Java 6 Update 31

JDownloader 0.9

Law & Order II: Double or Nothing

Learn2 Player (Uninstall Only)

Mall-A-Palooza

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

MediaFireDownloader

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2005

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Nero BurnRights

Nero OEM

Norton PC Checkup

PowerDVD

PSSWCORE

QuickTime

RealPlayer Basic

Realtek AC'97 Audio

Rhapsody

Rhapsody Player Engine

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923689)

SendSpace Wizard

Shop for HP Supplies

Soft Data Fax Modem with SmartCP

SolutionCenter

SpeedBit Video Accelerator

SpeedBit Video Downloader

Spelling Dictionaries Support For Adobe Reader 9

Status

System Requirements Lab

System Requirements Lab CYRI

TEW2005

TEW2007

TEW2008

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

VideoToolkit01

Viewpoint Media Player

WebFldrs XP

WebReg

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

XML Paper Specification Shared Components Pack 1.0

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

8/7/2012 9:52:13 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer AMYSPRADLIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0636A51A-AB0C. The master browser is stopping or an election is being forced.

8/7/2012 8:57:33 PM, error: Service Control Manager [7034] - The VideoAcceleratorService service terminated unexpectedly. It has done this 1 time(s).

8/7/2012 8:13:04 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

8/7/2012 8:12:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/7/2012 8:11:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/7/2012 8:11:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/7/2012 8:00:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI

8/7/2012 7:58:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/5/2012 11:19:50 PM, error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

.

==== End Of File ===========================

RKreport

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 08/10/2012 13:30:11

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] Runservice.exe -- C:\WINDOWS\runservice.exe -> KILLED [TermProc]

[sUSP PATH] soap0_wsdl.exe -- C:\DOCUME~1\Owner\LOCALS~1\Temp\soap0_wsdl.exe -> KILLED [TermProc]

[sUSP PATH] Runservice.exe -- C:\WINDOWS\runservice.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[sUSP PATH] ctfmon.lnk @Owner : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\Owner\LOCALS~1\Temp\soap0_wsdl.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JB-00REA0 +++++

--- User ---

[MBR] d18c8c6e0630f96cb4dcb4fbb22da097

[bSP] 54f9e6ca60d01bfcbc4d84bacce4b7b4 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 7727265 | Size: 148852 Mo

1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3773 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I'm not sure if ComboFix finished running I had it up for almost 2 hours, the progress bar across the top never did go all the way across it stopped half way.

ComboFix 11-12-15.02 - Owner 12/15/2011 18:26:59.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.486 [GMT -5:00]

Running from: c:\techtools\ComboFix.exe

AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\WINDOWS

c:\documents and settings\Takeela\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

D:\Autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))

.

.

2011-12-15 22:46 . 2011-12-15 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-15 22:32 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-15 22:30 . 2011-12-15 22:31 -------- d-----w- C:\TechTools

2011-12-15 22:28 . 2011-12-15 22:28 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache

2011-12-15 22:24 . 2011-12-15 22:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-12-15 21:20 . 2011-12-15 21:21 -------- d-----w- c:\documents and settings\Administrator

2011-12-15 04:20 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-12-15 04:20 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-12-15 04:20 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-12-13 20:28 . 2011-12-13 20:28 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE

2011-12-13 15:00 . 2011-12-13 15:00 -------- d-sh--w- c:\documents and settings\Owner\IETldCache

2011-12-13 14:36 . 2011-12-13 14:38 -------- dc-h--w- c:\windows\ie8

2011-12-09 17:10 . 2011-12-13 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ETTB

2011-12-09 17:03 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2011-12-09 17:03 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-12-09 17:03 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-12-09 17:03 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-12-04 17:42 . 2011-12-15 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2011-12-04 17:42 . 2011-12-04 17:43 -------- d-----w- c:\program files\PCPitstop

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-15 23:13 . 2011-06-09 01:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:24 . 2011-11-04 11:24 1409 ----a-w- c:\windows\QTFont.for

2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2007-10-09 18:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2004-08-26 16:12 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2004-08-26 16:12 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-11-23 02:06 . 2011-10-13 11:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

2008-04-17 07:44 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]

2008-04-29 23:50 650680 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1047.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED

BigFix.lnk - c:\program files\BigFix\BigFix.exe [2007-4-26 2348584]

run_startmenu.cmd [2004-10-11 45]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearSharePersonalization]

2008-04-29 23:50 1251768 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalization.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center]

2011-09-26 17:27 24216 ----a-w- c:\program files\PCPitstop\Info Center\InfoCenter.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-03-30 14:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder]

2011-10-26 16:42 325280 ----a-w- c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PCPitstop Scheduling"=3 (0x3)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/13/2011 3:28 AM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/13/2011 3:28 AM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 8:57 PM 819320]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/13/2011 3:28 AM 136312]

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/12/2008 10:51 PM 2560]

R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [5/13/2011 3:28 AM 130008]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/9/2009 9:54 PM 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/9/2009 9:54 PM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/12/2011 6:27 AM 106104]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSXpx86.sys [12/14/2011 9:15 PM 356280]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:01 AM 135664]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:01 AM 135664]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/4/2011 12:42 PM 91816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

.

2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:54]

.

2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:54]

.

2007-04-26 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

.

2007-04-26 c:\windows\Tasks\ISP signup reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vs4ln1ej.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-15 18:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]

"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,

c2

"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,

76,64,10,04,f0,92,77,f9,20

"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,

07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d

.

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\0ECC3A43B9416605BEB3AE7E61B07718]

"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,

1a,42,2c,55,e0,34,81,ae,ca

"2"=hex:ff,46,a9,cd,53,d2,ef,98

"3"=hex:7a,df,d5,4c,57,ae,df,52,45,12,ef,74,0e,81,42,21,d4,1c,0f,64,a2,89,b4,

0d,9a,3d,ad,bd,91,54,13,86,71,a9,24,13,8f,26,dd,dc,3c,ad,c8,64,9e,27,1b,2b,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,

1a,a6,9a,22,80,3b,be,a2,ab,0f,c9,d8,50,26,f2,97,29,00,1d,dc,11,71,88,89,5e,\

"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,

d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\

"8"=hex:63,5a,d7,1b,b1,d4,18,46,0a,a7,b3,1c,99,c8,a4,fc,b2,a0,c4,0f,9f,bf,5f,

2d,98,42,c1,23,08,65,81,7e,37,62,bf,dc,f3,71,e2,a0

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:4b,72,8f,bc,6c,3f,e4,15

"10"=hex:81,20,8f,ab,28,6a,52,9c

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:ef,75,97,fd,82,af,ad,38,06,46,3e,0c,eb,80,ea,c5,cf,e8,34,1f,86,30,bb,

80,a7,73,39,43,0a,92,37,98,2c,8a,2d,c4,2b,32,ba,d2,27,d7,cc,cf,4d,ad,fe,0a,\

"13"=hex:a2,c8,03,1d,e8,4d,1d,93,50,ca,cf,49,25,90,fd,e0,7f,10,80,4a,52,41,7f,

8f

"14"=hex:b9,fb,ea,14,55,b7,5a,f0

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:56,47,2e,66,99,1b,a5,d3,fc,7b,e6,60,ef,99,e5,85

"22"=hex:81,20,8f,ab,28,6a,52,9c

"15"=hex:6f,57,5e,0f,ea,60,68,3a,05,4b,2f,25,ac,de,6c,11,53,6c,8f,45,c5,1c,6c,

20,b3,52,3a,62,9d,12,59,4a,04,36,85,a4,07,60,c8,cb,f8,54,94,6a,49,45,ad,05,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\sxs.dll

.

- - - - - - - > 'explorer.exe'(3412)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2011-12-15 18:46:15 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-15 23:46

.

Pre-Run: 120,053,075,968 bytes free

Post-Run: 120,299,216,896 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - D354E92F157A8E60DA3D5CDDEEAAE1E7

Link to post
Share on other sites

Mr. C,

Everything seems to be running fine, I can connect suf the internet using explorer, however firefox doesnt seem to have the files needed to run now. Do you think it would be okay to reinstall firefox?

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: YOUR-14B55A8A15 [administrator]

8/10/2012 8:04:46 PM

mbam-log-2012-08-10 (20-04-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228500

Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Documents and Settings\Owner\Local Settings\temp\soap0_wsdl.exe (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Yes reinstall it.

If everything else is OK.........

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.