Jump to content

windows updates fail after virus removed


Recommended Posts

Hello I hope I'm in right place -

Sent from PC help area .

Had Zero Access - Malwarebytes PRO found and removed it. I love Malwarebytes.

All scans since have been clean. ( AVG paid, too). and others.

However, since then -

Windows Updates Fail

Missing services - BITS and RPC ( for sure -maybe others).

FSS scan confirmed and is attatched. .

Chameleon scan attatched

MBAM quick scan also attatched

I don't know what I'm doing - and think I'm adding to the problems by trying to fix them.

Can you help ? Please. . .please I don't want to do clean install .. .

FSS.txt

protection-log-2012-08-26.txt

Link to post
Share on other sites

  • Replies 102
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RK report

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : jill [Admin rights]

Mode : Scan -- Date : 08/27/2012 17:14:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{7ec38d52-1255-baad-c5a0-2432000ede72}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{7ec38d52-1255-baad-c5a0-2432000ede72}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{7ec38d52-1255-baad-c5a0-2432000ede72}\L --> FOUND

[ZeroAccess][FILE] @ : C:\Documents and Settings\jill\Local Settings\Application Data\{7ec38d52-1255-baad-c5a0-2432000ede72}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Documents and Settings\jill\Local Settings\Application Data\{7ec38d52-1255-baad-c5a0-2432000ede72}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Documents and Settings\jill\Local Settings\Application Data\{7ec38d52-1255-baad-c5a0-2432000ede72}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250824AS +++++

--- User ---

[MBR] 778e7f63f7796c212b69e0fb6df5c717

[bSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 233609 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 478528155 | Size: 4753 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

As you can see you're still infected:

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{7ec38d52-1255-baad-c5a0-2432000ede72}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{7ec38d52-1255-baad-c5a0-2432000ede72}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{7ec38d52-1255-baad-c5a0-2432000ede72}\L --> FOUND

[ZeroAccess][FILE] @ : C:\Documents and Settings\jill\Local Settings\Application Data\{7ec38d52-1255-baad-c5a0-2432000ede72}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Documents and Settings\jill\Local Settings\Application Data\{7ec38d52-1255-baad-c5a0-2432000ede72}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Documents and Settings\jill\Local Settings\Application Data\{7ec38d52-1255-baad-c5a0-2432000ede72}\L --> FOUND

Now click Delete on the right hand column under Options

Reboot and.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-25.04 - jill 08/27/2012 18:28:33.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1332 [GMT -4:00]

Running from: c:\documents and settings\jill\Desktop\ComboFix.exe

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\1343683020.bdinstall.bin

c:\documents and settings\All Users\Application Data\1343827820.2980.bin

c:\documents and settings\All Users\Application Data\1343827820.4732.bin

c:\documents and settings\All Users\Application Data\1343827820.4888.bin

c:\documents and settings\All Users\Application Data\1343827820.5192.bin

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi

c:\documents and settings\All Users\Application Data\Z@!-2e32fcc2-58e3-4f35-9bba-872ca59cb07f.tmp

c:\documents and settings\jill\g2ax_customer_downloadhelper_win32_x86.exe

c:\documents and settings\jill\WINDOWS

c:\program files\Internet Explorer\msimg32.dll

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\desktop

c:\windows\desktop\Conventions.lnk

c:\windows\system32\ui

c:\windows\system32\ui\bdidntconp.ui

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))

.

.

2012-08-27 22:25 . 2012-08-27 22:25 -------- d-----w- c:\windows\LastGood

2012-08-26 21:22 . 2012-08-26 21:22 -------- d-----w- c:\windows\system32\wbem\Repository

2012-08-25 19:01 . 2012-08-25 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\inf

2012-08-25 19:01 . 2012-08-25 19:01 -------- d-----w- c:\program files\My Drivers

2012-08-25 01:35 . 2012-08-25 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate

2012-08-25 00:14 . 2012-08-25 00:14 -------- d-----w- c:\documents and settings\jill\Application Data\ElevatedDiagnostics

2012-08-24 13:05 . 2012-08-24 13:05 -------- d-sh--w- c:\documents and settings\jill\IECompatCache

2012-08-24 13:04 . 2012-08-24 13:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-08-24 13:04 . 2012-08-24 13:04 -------- d-sh--w- c:\documents and settings\jill\PrivacIE

2012-08-24 13:01 . 2012-08-24 13:01 -------- d-sh--w- c:\documents and settings\jill\IETldCache

2012-08-24 12:54 . 2012-08-24 12:55 -------- dc-h--w- c:\windows\ie8

2012-08-09 16:25 . 2012-08-09 16:25 -------- d-----w- c:\documents and settings\jill\Local Settings\Application Data\Sun

2012-08-09 16:13 . 2012-08-09 16:13 -------- d-----w- c:\program files\Oracle

2012-08-09 16:13 . 2012-08-09 16:13 -------- d-----w- c:\documents and settings\jill\Application Data\Oracle

2012-08-09 16:13 . 2012-07-06 02:07 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-09 16:13 . 2012-07-06 02:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-09 16:12 . 2012-08-09 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-08-09 16:09 . 2012-08-15 14:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 13:55 . 2012-08-27 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-08-05 13:32 . 2012-08-05 13:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-08-05 13:32 . 2012-08-05 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-08-05 13:25 . 2012-08-05 13:31 -------- d-----w- C:\f1ac9f06980545953529

2012-08-05 12:12 . 2012-08-05 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2012-08-04 08:58 . 2012-08-05 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-04 08:58 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 07:02 . 2012-08-05 13:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-03 19:38 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2012-08-03 19:38 . 2001-08-17 18:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys

2012-08-03 19:36 . 2004-08-10 10:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2012-08-03 19:35 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-08-03 19:35 . 2004-08-10 10:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll

2012-08-02 01:00 . 2012-08-02 01:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan

2012-08-02 01:00 . 2012-08-02 01:00 -------- d-----w- c:\program files\Bitdefender

2012-08-02 00:09 . 2004-08-10 10:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe

2012-08-02 00:09 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll

2012-08-02 00:09 . 2004-08-10 10:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll

2012-08-02 00:09 . 2004-08-10 10:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe

2012-08-02 00:09 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2012-08-01 21:55 . 2012-08-26 21:23 -------- d-----w- c:\documents and settings\Guest

2012-08-01 15:25 . 2012-08-01 15:25 -------- d-----w- C:\kleaner.tmp

2012-08-01 00:42 . 2012-08-01 00:42 -------- d-----w- c:\windows\ShellNew

2012-07-30 21:22 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-07-30 21:22 . 2012-07-30 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging

2012-07-30 21:22 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll

2012-07-30 21:11 . 2012-08-02 00:58 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-07-30 21:00 . 2012-07-30 21:07 -------- d-----w- c:\documents and settings\jill\Application Data\QuickScan

2012-07-30 17:35 . 2012-07-30 17:35 16522 ----a-w- C:\FixitRegBackup.reg

2012-07-30 15:36 . 2012-08-27 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-07-30 15:09 . 2012-07-30 15:10 -------- d-----w- C:\WINSSLog

2012-07-30 15:02 . 2012-07-30 15:02 -------- d-----w- c:\documents and settings\jill\Local Settings\Application Data\VS Revo Group

2012-07-30 15:02 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-07-30 15:02 . 2012-07-30 15:02 -------- d-----w- c:\program files\VS Revo Group

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 14:33 . 2011-06-13 21:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 02:06 . 2012-04-11 20:42 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:19 . 2005-08-16 09:18 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35 . 2005-08-16 09:40 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 21:35 . 2009-08-06 23:23 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2005-08-16 09:18 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2007-07-19 12:33 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2007-07-19 12:33 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2005-08-16 09:40 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2005-08-16 09:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2009-10-06 14:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2007-01-30 16:31 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2007-01-30 16:31 45080 ----a-w- c:\windows\system32\wups2(2).dll

2012-06-02 19:19 . 2005-08-16 09:40 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2005-08-16 09:40 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2005-08-16 09:18 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2007-07-19 12:33 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2005-08-16 09:40 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2005-08-16 09:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2012-06-28 21:27 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2012-05-09 11:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 16:25 . 2012-06-28 21:32 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32(2)(2).dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2006-12-12 19456]

"CTxfiHlp"="c:\windows\system32\CTXFIHLP.EXE" [2006-03-02 18944]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]

"NvMediaCenter"="NvMCTray.dll" [2007-09-17 81920]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^jill^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\jill\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

2012-07-13 01:30 384232 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2009 11:43 AM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/4/2012 4:58 AM 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/1/2011 3:46 PM 2214504]

R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 1:30 PM 40912]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 1:30 PM 10448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/4/2012 4:58 AM 22344]

R4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]

R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2010 7:04 PM 136176]

S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/24/2011 4:45 PM 10448]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/9/2012 12:09 PM 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2010 7:04 PM 136176]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/30/2012 11:02 AM 27064]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpndrv.sys --> c:\windows\system32\DRIVERS\covpndrv.sys [?]

S4 SACODiskOptimizer;SACODiskOptimizer;c:\program files\Softarama\Captain Optimizer\SACODefragSrv.exe [4/1/2012 12:48 PM 239936]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - Avgldx86

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 14:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://thundercloud.net/start/index.htm

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: microsoft.com\www.update

Trusted Zone: thundercloud.net

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe

SafeBoot-MsMpSvc

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-27 18:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(772)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2012-08-27 18:37:27

ComboFix-quarantined-files.txt 2012-08-27 22:37

.

Pre-Run: 193,299,791,872 bytes free

Post-Run: 193,535,098,880 bytes free

.

- - End Of File - - FBCBFC6058839BF68B9B981527B7A346

COMBO FIX LOG - How're we doing ? Whewie, MrCharlie - that was scary - AVG disabled per instructs . still seen by Combo Fix. So I uninstalled AVG.

Her'es the log . . .looks awful (to me)

Link to post
Share on other sites

OH Thank you so much - you won't believe this, but I just 'uninstalled Malwarebytes-

Long story - Cust Svc is working on 'unmerging' two different Subscriptions.

Thank You so much. . .BTW - had to reboot . and Win Patrol is asking if I want to accept changes to HOSTS files

I'm not sure which direction to go first or nest LOL

Your Patience is much appreciated

Link to post
Share on other sites

Malwarebytes - LOG -

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.27.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

jill :: JILLD [administrator]

Protection: Disabled

8/27/2012 7:18:33 PM

mbam-log-2012-08-27 (19-18-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 250648

Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I do not see AVG anywhere - not in Add/Remove or anywhere - I uninstalled it ? ?

COMBO LOG

ComboFix 12-08-25.04 - jill 08/27/2012 20:10:15.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1398 [GMT -4:00]

Running from: c:\documents and settings\jill\Desktop\ComboFix.exe

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))

.

.

2012-08-27 23:40 . 2012-08-27 23:40 -------- d-----w- c:\documents and settings\jill\Application Data\Malwarebytes

2012-08-27 23:40 . 2012-08-27 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-27 23:39 . 2012-08-27 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-27 23:39 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-26 21:22 . 2012-08-26 21:22 -------- d-----w- c:\windows\system32\wbem\Repository

2012-08-25 19:01 . 2012-08-25 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\inf

2012-08-25 19:01 . 2012-08-25 19:01 -------- d-----w- c:\program files\My Drivers

2012-08-25 01:35 . 2012-08-25 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate

2012-08-25 00:14 . 2012-08-25 00:14 -------- d-----w- c:\documents and settings\jill\Application Data\ElevatedDiagnostics

2012-08-24 13:05 . 2012-08-24 13:05 -------- d-sh--w- c:\documents and settings\jill\IECompatCache

2012-08-24 13:04 . 2012-08-24 13:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-08-24 13:04 . 2012-08-24 13:04 -------- d-sh--w- c:\documents and settings\jill\PrivacIE

2012-08-24 13:01 . 2012-08-24 13:01 -------- d-sh--w- c:\documents and settings\jill\IETldCache

2012-08-24 12:54 . 2012-08-24 12:55 -------- dc-h--w- c:\windows\ie8

2012-08-09 16:25 . 2012-08-09 16:25 -------- d-----w- c:\documents and settings\jill\Local Settings\Application Data\Sun

2012-08-09 16:13 . 2012-08-09 16:13 -------- d-----w- c:\program files\Oracle

2012-08-09 16:13 . 2012-08-09 16:13 -------- d-----w- c:\documents and settings\jill\Application Data\Oracle

2012-08-09 16:13 . 2012-07-06 02:07 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-09 16:13 . 2012-07-06 02:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-09 16:12 . 2012-08-09 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-08-09 16:09 . 2012-08-15 14:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 13:32 . 2012-08-05 13:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-08-05 13:32 . 2012-08-05 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-08-05 13:25 . 2012-08-05 13:31 -------- d-----w- C:\f1ac9f06980545953529

2012-08-05 12:12 . 2012-08-05 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2012-08-04 07:02 . 2012-08-05 13:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-03 19:38 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2012-08-03 19:38 . 2001-08-17 18:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys

2012-08-03 19:36 . 2004-08-10 10:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2012-08-03 19:35 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-08-03 19:35 . 2004-08-10 10:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll

2012-08-02 01:00 . 2012-08-02 01:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan

2012-08-02 01:00 . 2012-08-02 01:00 -------- d-----w- c:\program files\Bitdefender

2012-08-02 00:09 . 2004-08-10 10:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe

2012-08-02 00:09 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll

2012-08-02 00:09 . 2004-08-10 10:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll

2012-08-02 00:09 . 2004-08-10 10:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe

2012-08-02 00:09 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2012-08-01 21:55 . 2012-08-26 21:23 -------- d-----w- c:\documents and settings\Guest

2012-08-01 15:25 . 2012-08-01 15:25 -------- d-----w- C:\kleaner.tmp

2012-08-01 00:42 . 2012-08-01 00:42 -------- d-----w- c:\windows\ShellNew

2012-07-30 21:22 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-07-30 21:22 . 2012-07-30 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging

2012-07-30 21:22 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll

2012-07-30 21:11 . 2012-08-02 00:58 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-07-30 21:00 . 2012-07-30 21:07 -------- d-----w- c:\documents and settings\jill\Application Data\QuickScan

2012-07-30 17:35 . 2012-07-30 17:35 16522 ----a-w- C:\FixitRegBackup.reg

2012-07-30 15:36 . 2012-08-27 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-07-30 15:09 . 2012-07-30 15:10 -------- d-----w- C:\WINSSLog

2012-07-30 15:02 . 2012-07-30 15:02 -------- d-----w- c:\documents and settings\jill\Local Settings\Application Data\VS Revo Group

2012-07-30 15:02 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-07-30 15:02 . 2012-07-30 15:02 -------- d-----w- c:\program files\VS Revo Group

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 14:33 . 2011-06-13 21:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 02:06 . 2012-04-11 20:42 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:19 . 2005-08-16 09:18 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35 . 2005-08-16 09:40 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 21:35 . 2009-08-06 23:23 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2005-08-16 09:18 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2007-07-19 12:33 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2007-07-19 12:33 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2005-08-16 09:40 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2005-08-16 09:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2009-10-06 14:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2007-01-30 16:31 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2007-01-30 16:31 45080 ----a-w- c:\windows\system32\wups2(2).dll

2012-06-02 19:19 . 2005-08-16 09:40 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2005-08-16 09:40 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2005-08-16 09:18 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2007-07-19 12:33 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2005-08-16 09:40 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2005-08-16 09:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2012-06-28 21:27 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2012-05-09 11:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 16:25 . 2012-06-28 21:32 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32(2)(2).dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-27_22.35.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-27 23:36 . 2012-08-27 23:36 16384 c:\windows\Temp\Perflib_Perfdata_254.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2006-12-12 19456]

"CTxfiHlp"="c:\windows\system32\CTXFIHLP.EXE" [2006-03-02 18944]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]

"NvMediaCenter"="NvMCTray.dll" [2007-09-17 81920]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^jill^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\jill\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

2012-07-13 01:30 384232 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2009 11:43 AM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/24/2011 4:45 PM 10448]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/27/2012 7:39 PM 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/1/2011 3:46 PM 2214504]

R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 1:30 PM 40912]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 1:30 PM 10448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/27/2012 7:39 PM 22344]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2010 7:04 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/9/2012 12:09 PM 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2010 7:04 PM 136176]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/30/2012 11:02 AM 27064]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpndrv.sys --> c:\windows\system32\DRIVERS\covpndrv.sys [?]

S4 SACODiskOptimizer;SACODiskOptimizer;c:\program files\Softarama\Captain Optimizer\SACODefragSrv.exe [4/1/2012 12:48 PM 239936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 14:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://thundercloud.net/start/index.htm

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: microsoft.com\www.update

Trusted Zone: thundercloud.net

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-27 20:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(720)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

- - - - - - - > 'explorer.exe'(248)

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-08-27 20:19:36

ComboFix-quarantined-files.txt 2012-08-28 00:19

ComboFix2.txt 2012-08-27 22:37

.

Pre-Run: 193,510,432,768 bytes free

Post-Run: 193,488,633,856 bytes free

.

- - End Of File - - BB801BA8FF556BE9BED44B3316782924

RK LOGRogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : jill [Admin rights]

Mode : Remove -- Date : 08/27/2012 20:05:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250824AS +++++

--- User ---

[MBR] 778e7f63f7796c212b69e0fb6df5c717

[bSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 233609 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 478528155 | Size: 4753 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

oogle.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x06000000040000000300000008000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Fingers Crossed

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.