Jump to content

detected pup.bundle and need to make sure it is gone

dertin

By dertin
in Resolved Malware Removal Logs

 Share

Recommended Posts

dertin

dertin

Posted
Posted

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/19/2011 4:04:22 PM

System Uptime: 8/29/2012 8:26:45 AM (2 hours ago)

.

Motherboard: Hewlett-Packard | | 30A1

Processor: Genuine Intel® CPU U2500 @ 1.20GHz | U10 | 1196/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 42.314 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom NetLink Gigabit Ethernet

Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_30A1103C&REV_03\4&2EC23395&0&00F0

Manufacturer: Broadcom

Name: Broadcom NetLink Gigabit Ethernet

PNP Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_30A1103C&REV_03\4&2EC23395&0&00F0

Service: b57w2k

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_104C&DEV_803D&SUBSYS_30A1103C&REV_00\4&2EC23395&0&4CF0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_104C&DEV_803D&SUBSYS_30A1103C&REV_00\4&2EC23395&0&4CF0

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\IFX0102\4&28738126&0

Manufacturer:

Name:

PNP Device ID: ACPI\IFX0102\4&28738126&0

Service:

.

==== System Restore Points ===================

.

RP542: 8/10/2012 2:28:12 AM - System Checkpoint

RP543: 8/10/2012 7:40:41 AM - Software Distribution Service 3.0

RP544: 8/10/2012 7:15:04 PM - Restore Operation

RP545: 8/10/2012 7:35:55 PM - Software Distribution Service 3.0

RP546: 8/10/2012 9:28:10 PM - Restore Operation

RP547: 8/10/2012 9:45:22 PM - Restore Operation

RP548: 8/10/2012 10:57:32 PM - Restore Operation

RP549: 8/10/2012 11:39:40 PM - Software Distribution Service 3.0

RP550: 8/12/2012 12:02:15 AM - Software Distribution Service 3.0

RP551: 8/12/2012 7:21:21 AM - Software Distribution Service 3.0

RP552: 8/13/2012 9:03:11 AM - Software Distribution Service 3.0

RP553: 8/14/2012 9:58:57 AM - System Checkpoint

RP554: 8/14/2012 12:18:58 PM - Software Distribution Service 3.0

RP555: 8/15/2012 4:09:34 AM - Software Distribution Service 3.0

RP556: 8/15/2012 8:08:22 PM - Software Distribution Service 3.0

RP557: 8/17/2012 4:52:24 AM - Software Distribution Service 3.0

RP558: 8/18/2012 3:42:07 AM - Removed Java 6 Update 31

RP559: 8/18/2012 8:11:31 AM - Software Distribution Service 3.0

RP560: 8/19/2012 7:21:02 AM - Software Distribution Service 3.0

RP561: 8/20/2012 7:22:26 AM - System Checkpoint

RP562: 8/20/2012 9:27:21 AM - Software Distribution Service 3.0

RP563: 8/20/2012 9:29:52 AM - Restore Operation

RP564: 8/20/2012 9:44:50 AM - Software Distribution Service 3.0

RP565: 8/20/2012 10:01:20 AM - Software Distribution Service 3.0

RP566: 8/21/2012 11:30:18 AM - System Checkpoint

RP567: 8/21/2012 12:42:06 PM - Software Distribution Service 3.0

RP568: 8/22/2012 1:11:38 PM - System Checkpoint

RP569: 8/22/2012 7:21:48 PM - Software Distribution Service 3.0

RP570: 8/24/2012 5:14:02 AM - Software Distribution Service 3.0

RP571: 8/25/2012 6:14:43 AM - System Checkpoint

RP572: 8/25/2012 9:16:02 AM - Software Distribution Service 3.0

RP573: 8/26/2012 7:03:22 AM - Software Distribution Service 3.0

RP574: 8/27/2012 7:07:22 AM - System Checkpoint

RP575: 8/27/2012 12:19:17 PM - Software Distribution Service 3.0

RP576: 8/28/2012 1:06:36 PM - Software Distribution Service 3.0

RP577: 8/28/2012 1:23:49 PM - Software Distribution Service 3.0

RP578: 8/28/2012 1:38:22 PM - Restore Operation

RP579: 8/28/2012 1:40:28 PM - Restore Operation

RP580: 8/28/2012 1:54:57 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

ArcSoft MediaImpression

Broadcom 802.11 Wireless LAN Adapter

Broadcom NetXtreme Ethernet Controller

CCleaner

Compatibility Pack for the 2007 Office system

Defraggler

Game Booster 3

Google Toolbar for Internet Explorer

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

HitmanPro 3.6

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

HP BIOS Configuration for ProtectTools 2.00 D1

HP Product Detection

HP ProtectTools Security Manager

HP Smart Card Security for ProtectTools 5.00 D4

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Application Error Reporting

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Pale Moon 15.0 (x86 en-US)

Perfect Uninstaller v6.3.3.9

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Sonic Data Module

SoundMAX

Speccy

swMSM

System Requirements Lab for Intel

Tweak UI

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

WebEx Support Manager for Internet Explorer

WebFldrs XP

Windows Internet Explorer 8

.

==== Event Viewer Messages From Past Week ========

.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Brett at 10:05:40 on 2012-08-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.252 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\HitmanPro\hmpsched.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Pale Moon\palemoon.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Road Runner High Speed Online

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [RunNarrator] Narrator.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: wgt.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1305857833387

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306178552125

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{171D3E61-6500-42E5-AB2A-3FCA42DA85B9} : DhcpNameServer = 192.168.0.1

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R1 MpKsl20f84d1a;MpKsl20f84d1a;c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c0f71f07-f70e-4464-986b-95e7abcdf4a8}\MpKsl20f84d1a.sys [2012-8-29 29904]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-8-14 105832]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-29 655944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-29 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-29 40776]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-5-23 6609920]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-8 250568]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-8-28 14416]

S3 WPC54GSv1;Linksys Wireless Notebook Adapter WPC54GSv1 Driver;c:\windows\system32\drivers\WPC54GSv1.SYS [2006-11-30 610816]

.

=============== Created Last 30 ================

.

2012-08-29 12:40:06 29904 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c0f71f07-f70e-4464-986b-95e7abcdf4a8}\MpKsl20f84d1a.sys

2012-08-29 12:28:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-28 17:56:08 7022536 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c0f71f07-f70e-4464-986b-95e7abcdf4a8}\mpengine.dll

2012-08-28 17:44:04 7023536 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-28 17:42:38 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-08-28 17:42:38 -------- d-----w- c:\windows\system32\wbem\Repository

2012-08-28 17:41:41 -------- d-----w- c:\program files\ffdshow

2012-08-28 17:36:03 -------- d-----w- c:\program files\IObit

2012-08-28 17:36:03 -------- d-----w- c:\documents and settings\all users.windows\application data\IObit

2012-08-28 17:36:02 -------- d-----w- c:\documents and settings\brett\local settings\application data\Zoom_Downloader

2012-08-28 17:24:14 -------- d-----w- C:\ca00d1c6117f5e18debd62

2012-08-28 17:24:04 -------- d-----w- C:\9b51133a67da6252d6ec4129

2012-08-28 11:02:03 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-08-28 11:02:03 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-08-28 11:02:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-08-28 11:02:01 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-08-26 19:57:32 -------- d-----w- c:\program files\Speccy

2012-08-14 20:24:44 -------- d-----w- c:\program files\HitmanPro

2012-08-14 20:07:21 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-08-14 19:59:20 -------- d-----w- c:\documents and settings\all users.windows\application data\HitmanPro

2012-07-31 12:58:57 266360 ----a-w- c:\windows\system32\TweakUI.exe

.

==================== Find3M ====================

.

2012-08-22 07:50:13 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-22 07:50:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-05 16:44:25 558133 ----a-w- c:\windows\system32\sqlite3.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

.

============= FINISH: 10:08:11.23 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites
dertin

dertin

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.31.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Brett :: PATRIOTS [administrator]

Protection: Enabled

8/31/2012 5:44:04 AM

mbam-log-2012-08-31 (05-44-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 290113

Time elapsed: 13 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

going to do rest now

Link to post
Share on other sites
dertin

dertin

Posted
  • Author
Posted

ComboFix 12-08-30.05 - Brett 08/31/2012 6:11.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]

Running from: c:\documents and settings\Brett\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

C:\install.exe

c:\windows\system32\Cache

c:\windows\system32\sqlite3.dll

c:\windows\system32\URTTemp

.

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))

.

.

2012-08-31 10:02 . 2012-08-31 10:02 29904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FDA6949-C924-4168-A1DB-30334A47633F}\MpKsl19e31ca4.sys

2012-08-31 08:38 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FDA6949-C924-4168-A1DB-30334A47633F}\mpengine.dll

2012-08-30 01:17 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-28 17:42 . 2012-08-28 17:42 -------- d-----w- c:\windows\system32\wbem\Repository

2012-08-28 17:41 . 2012-08-29 13:40 -------- d-----w- c:\program files\ffdshow

2012-08-28 17:36 . 2012-08-28 17:36 -------- d-----w- c:\program files\IObit

2012-08-28 17:36 . 2012-08-28 17:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit

2012-08-28 17:36 . 2012-08-28 17:36 -------- d-----w- c:\documents and settings\Brett\Local Settings\Application Data\Zoom_Downloader

2012-08-28 17:24 . 2012-08-28 17:41 -------- d-----w- C:\ca00d1c6117f5e18debd62

2012-08-28 17:24 . 2012-08-28 17:41 -------- d-----w- C:\9b51133a67da6252d6ec4129

2012-08-28 11:02 . 2011-11-08 14:18 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-08-28 11:02 . 2011-11-08 14:18 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-08-28 11:02 . 2011-11-08 14:18 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-08-28 11:02 . 2011-11-08 14:18 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-08-26 19:57 . 2012-08-26 19:57 -------- d-----w- c:\program files\Speccy

2012-08-14 20:24 . 2012-08-20 14:13 -------- d-----w- c:\program files\HitmanPro

2012-08-14 20:07 . 2012-08-14 20:07 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-08-14 19:59 . 2012-08-14 20:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-22 07:50 . 2012-07-08 10:52 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-22 07:50 . 2012-07-08 10:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2008-08-21 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2011-05-19 19:52 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 17:46 . 2012-05-30 00:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2008-08-21 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2008-08-21 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2008-08-21 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2008-08-21 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2008-08-21 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-06-05 15:50 . 2008-08-21 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-08-21 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-08-21 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2011-05-20 02:17 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2011-05-20 02:17 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2011-05-19 19:55 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2011-05-19 19:55 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2011-05-19 19:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2011-05-20 02:17 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2011-05-20 02:17 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2011-05-19 19:55 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2011-05-19 19:55 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2008-08-21 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2011-05-20 02:17 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2011-05-19 19:55 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2011-05-19 19:55 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2011-05-24 11:15 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2011-05-24 11:15 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-14 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-08-21 53760]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R1 MpKsl19e31ca4;MpKsl19e31ca4;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FDA6949-C924-4168-A1DB-30334A47633F}\MpKsl19e31ca4.sys [8/31/2012 6:02 AM 29904]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/29/2012 8:20 PM 655944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/29/2012 8:20 PM 22344]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [5/23/2011 1:06 PM 6609920]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:28 PM 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/8/2012 6:52 AM 250568]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:28 PM 135664]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [8/28/2012 7:01 AM 14416]

S3 WPC54GSv1;Linksys Wireless Notebook Adapter WPC54GSv1 Driver;c:\windows\system32\drivers\WPC54GSv1.SYS [11/30/2006 11:54 PM 610816]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL19E31CA4

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 07:50]

.

2012-08-30 c:\windows\Tasks\Game_Booster_AutoUpdate.job

- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-08-28 15:21]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:28]

.

2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:28]

.

2012-08-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]

.

.

------- Supplementary Scan -------

.

Trusted Zone: wgt.com\www

TCP: DhcpNameServer = 192.168.0.1

DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-31 06:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-08-31 06:23:18

ComboFix-quarantined-files.txt 2012-08-31 10:23

.

Pre-Run: 45,240,823,808 bytes free

Post-Run: 45,389,762,560 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 36F43513D99F86C122983EE7B2EF186E

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/19/2011 4:04:22 PM

System Uptime: 8/30/2012 10:16:54 PM (8 hours ago)

.

Motherboard: Hewlett-Packard | | 30A1

Processor: Genuine Intel® CPU U2500 @ 1.20GHz | U10 | 1196/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 42.3 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_104C&DEV_803D&SUBSYS_30A1103C&REV_00\4&2EC23395&0&4CF0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_104C&DEV_803D&SUBSYS_30A1103C&REV_00\4&2EC23395&0&4CF0

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom NetLink Gigabit Ethernet

Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_30A1103C&REV_03\4&2EC23395&0&00F0

Manufacturer: Broadcom

Name: Broadcom NetLink Gigabit Ethernet

PNP Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_30A1103C&REV_03\4&2EC23395&0&00F0

Service: b57w2k

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\IFX0102\4&28738126&0

Manufacturer:

Name:

PNP Device ID: ACPI\IFX0102\4&28738126&0

Service:

.

==== System Restore Points ===================

.

RP542: 8/10/2012 2:28:12 AM - System Checkpoint

RP543: 8/10/2012 7:40:41 AM - Software Distribution Service 3.0

RP544: 8/10/2012 7:15:04 PM - Restore Operation

RP545: 8/10/2012 7:35:55 PM - Software Distribution Service 3.0

RP546: 8/10/2012 9:28:10 PM - Restore Operation

RP547: 8/10/2012 9:45:22 PM - Restore Operation

RP548: 8/10/2012 10:57:32 PM - Restore Operation

RP549: 8/10/2012 11:39:40 PM - Software Distribution Service 3.0

RP550: 8/12/2012 12:02:15 AM - Software Distribution Service 3.0

RP551: 8/12/2012 7:21:21 AM - Software Distribution Service 3.0

RP552: 8/13/2012 9:03:11 AM - Software Distribution Service 3.0

RP553: 8/14/2012 9:58:57 AM - System Checkpoint

RP554: 8/14/2012 12:18:58 PM - Software Distribution Service 3.0

RP555: 8/15/2012 4:09:34 AM - Software Distribution Service 3.0

RP556: 8/15/2012 8:08:22 PM - Software Distribution Service 3.0

RP557: 8/17/2012 4:52:24 AM - Software Distribution Service 3.0

RP558: 8/18/2012 3:42:07 AM - Removed Java 6 Update 31

RP559: 8/18/2012 8:11:31 AM - Software Distribution Service 3.0

RP560: 8/19/2012 7:21:02 AM - Software Distribution Service 3.0

RP561: 8/20/2012 7:22:26 AM - System Checkpoint

RP562: 8/20/2012 9:27:21 AM - Software Distribution Service 3.0

RP563: 8/20/2012 9:29:52 AM - Restore Operation

RP564: 8/20/2012 9:44:50 AM - Software Distribution Service 3.0

RP565: 8/20/2012 10:01:20 AM - Software Distribution Service 3.0

RP566: 8/21/2012 11:30:18 AM - System Checkpoint

RP567: 8/21/2012 12:42:06 PM - Software Distribution Service 3.0

RP568: 8/22/2012 1:11:38 PM - System Checkpoint

RP569: 8/22/2012 7:21:48 PM - Software Distribution Service 3.0

RP570: 8/24/2012 5:14:02 AM - Software Distribution Service 3.0

RP571: 8/25/2012 6:14:43 AM - System Checkpoint

RP572: 8/25/2012 9:16:02 AM - Software Distribution Service 3.0

RP573: 8/26/2012 7:03:22 AM - Software Distribution Service 3.0

RP574: 8/27/2012 7:07:22 AM - System Checkpoint

RP575: 8/27/2012 12:19:17 PM - Software Distribution Service 3.0

RP576: 8/28/2012 1:06:36 PM - Software Distribution Service 3.0

RP577: 8/28/2012 1:23:49 PM - Software Distribution Service 3.0

RP578: 8/28/2012 1:38:22 PM - Restore Operation

RP579: 8/28/2012 1:40:28 PM - Restore Operation

RP580: 8/28/2012 1:54:57 PM - Software Distribution Service 3.0

RP581: 8/29/2012 9:16:59 PM - Software Distribution Service 3.0

RP582: 8/31/2012 4:38:13 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

ArcSoft MediaImpression

Broadcom 802.11 Wireless LAN Adapter

Broadcom NetXtreme Ethernet Controller

CCleaner

Compatibility Pack for the 2007 Office system

Defraggler

Game Booster 3

Google Toolbar for Internet Explorer

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

HitmanPro 3.6

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

HP BIOS Configuration for ProtectTools 2.00 D1

HP Product Detection

HP ProtectTools Security Manager

HP Smart Card Security for ProtectTools 5.00 D4

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Application Error Reporting

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Pale Moon 15.0 (x86 en-US)

Perfect Uninstaller v6.3.3.9

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Sonic Data Module

SoundMAX

Speccy

swMSM

System Requirements Lab for Intel

Tweak UI

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

WebEx Support Manager for Internet Explorer

WebFldrs XP

Windows Internet Explorer 8

.

==== Event Viewer Messages From Past Week ========

.

8/31/2012 6:13:37 AM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 2 time(s).

8/31/2012 6:13:37 AM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 2 time(s).

8/31/2012 6:13:37 AM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.

8/31/2012 6:11:09 AM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 1 time(s).

8/31/2012 6:11:09 AM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 1 time(s).

8/31/2012 6:11:09 AM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.

8/29/2012 9:02:59 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

8/29/2012 9:02:39 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).

8/29/2012 8:27:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde

8/29/2012 4:18:30 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

8/28/2012 1:44:04 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.133.458.0;1.133.458.0 Engine version: 1.1.8703.0

8/25/2012 3:05:48 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 0019D260A981 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Brett at 6:26:34 on 2012-08-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.271 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\IObit\Game Booster 3\gbtray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Pale Moon\palemoon.exe

C:\Program Files\Pale Moon\plugin-container.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [RunNarrator] Narrator.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: wgt.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1305857833387

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306178552125

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{171D3E61-6500-42E5-AB2A-3FCA42DA85B9} : DhcpNameServer = 192.168.0.1

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-29 655944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-29 22344]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-5-23 6609920]

RUnknown MpKsl5246e710;MpKsl5246e710; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-8 250568]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-8-28 14416]

S3 WPC54GSv1;Linksys Wireless Notebook Adapter WPC54GSv1 Driver;c:\windows\system32\drivers\WPC54GSv1.SYS [2006-11-30 610816]

.

=============== Created Last 30 ================

.

2012-08-31 10:24:21 7022536 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b57899b3-a2ac-448e-b0f6-a252a6fd86e6}\mpengine.dll

2012-08-31 10:09:20 -------- d-sha-r- C:\cmdcons

2012-08-31 10:05:48 98816 ----a-w- c:\windows\sed.exe

2012-08-31 10:05:48 518144 ----a-w- c:\windows\SWREG.exe

2012-08-31 10:05:48 256000 ----a-w- c:\windows\PEV.exe

2012-08-31 10:05:48 208896 ----a-w- c:\windows\MBR.exe

2012-08-30 01:17:12 7022536 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-28 17:42:38 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-08-28 17:42:38 -------- d-----w- c:\windows\system32\wbem\Repository

2012-08-28 17:41:41 -------- d-----w- c:\program files\ffdshow

2012-08-28 17:36:03 -------- d-----w- c:\program files\IObit

2012-08-28 17:36:03 -------- d-----w- c:\documents and settings\all users.windows\application data\IObit

2012-08-28 17:36:02 -------- d-----w- c:\documents and settings\brett\local settings\application data\Zoom_Downloader

2012-08-28 17:24:14 -------- d-----w- C:\ca00d1c6117f5e18debd62

2012-08-28 17:24:04 -------- d-----w- C:\9b51133a67da6252d6ec4129

2012-08-28 11:02:03 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-08-28 11:02:03 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-08-28 11:02:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-08-28 11:02:01 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-08-26 19:57:32 -------- d-----w- c:\program files\Speccy

2012-08-14 20:24:44 -------- d-----w- c:\program files\HitmanPro

2012-08-14 20:07:21 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-08-14 19:59:20 -------- d-----w- c:\documents and settings\all users.windows\application data\HitmanPro

.

==================== Find3M ====================

.

2012-08-22 07:50:13 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-22 07:50:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

.

============= FINISH: 6:27:04.51 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Great news!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.