Jump to content

is there a way to determine what program is sending data?


Recommended Posts

A few months ago my credit card company blocked a suspicious charge from France (I live in the USA and have never been to France). This seems to coincide with the installation of an anonymous IP program used to post on forums, which I quickly deinstalled. A few days ago I noticed that MBAM has been blocking access to 213.186.33.17 which is reported to be a malicious address hosted by OVH in France. These accesses occurred when both of us were sleeping. My wireless router is congifured not to broadcast the SSID and has a WEP password, so I don't think anyone is using my internet connection. I ran a full MBAM and ESET scan, but found nothing. Is there a way to easily determine what program is trying to send data to this address? If not, I'll probably do a fresh install of XP. Thanks.

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37

Run by lapuser at 11:34:50 on 2013-01-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2544 [GMT -6:00]

.

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Linksys\WUSBF54G\NICServ.exe

C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\sstray.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ClipCache\clipc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sync-It\syncit.exe

C:\Program Files\Sierra\Planner\PLNRnote.exe

C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ClipCache] c:\program files\clipcache\clipc.exe /wait 3

uRun: [Google Update] "c:\documents and settings\lapuser\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe

uRun: [sync-It] c:\program files\sync-it\syncit.exe -hide

mRun: [nForce Tray Options] sstray.exe /r

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [screenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup

mRun: [GhostStartTrayApp] c:\program files\norton systemworks\norton ghost\GhostStartTrayApp.exe

mRun: [PowerPanel Personal Edition User Interaction] c:\program files\cyberpower powerpanel personal edition\pppeuser.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\program files\sierra\planner\PLNRnote.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264260089984

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259980881330

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{23BC248E-6146-447B-8297-63ACBBB01694} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{647E3AFE-E0F8-4166-A493-CF28646BD326} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{65B24B72-1A91-4890-BAF8-865C18333F7B} : DHCPNameServer = 209.18.47.61 209.18.47.62

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: AtiExtEvent - Ati2evxx.dll

SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\qualcomm\eudora\EuShlExt.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\lapuser\application data\mozilla\firefox\profiles\pw90jd91.default\

FF - plugin: c:\documents and settings\lapuser\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\lapuser\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: !HIDDEN! 2009-07-15 20:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2007-7-28 54872]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]

R1 GhPciScan;GhostPciScanner;c:\program files\norton systemworks\norton ghost\GhPciScan.sys [2002-8-14 5632]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-19 21992]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-4 682344]

R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-4-11 530432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-4 21104]

R3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\drivers\ZD1211BU.sys [2009-4-11 402432]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-12-10 16:46:54 -------- d-----w- c:\program files\Hide My IP

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 18:31:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 18:31:14 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 09:50:57 33304 ----a-r- c:\windows\system32\drivers\tap0901.sys

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 11:35:01.05 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 4/10/2009 12:01:27 PM

System Uptime: 1/1/2013 10:18:44 AM (1 hours ago)

.

Motherboard: ASRock | | AOD790GX/128M

Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | CPUSocket | 2893/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 932 GiB total, 910.475 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 279 GiB total, 246.651 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 5.0 Limited Edition

Adobe Reader 9.5.2

Adobe Shockwave Player 11.5

AMD Processor Driver

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI Parental Control & Encoder

Belarc Advisor 7.2

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

ClipCache Plus 2.9 build 349

CPUID CPU-Z 1.57.1

CyberPower PowerPanel Personal Edition 1.2.4

DiscWizard for Windows

Easy Undelete 3.2

ESET NOD32 Antivirus

Eudora

Event Planner

Glary Undelete 1.2

Google Chrome

Hallmark Card Studio 2003

Hardware Doctor

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Java Auto Updater

Java 6 Update 37

Linksys Wireless Network Monitor

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Logitech Harmony Remote Software 7

Logitech MouseWare 9.79.1

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2000 SR-1 Standard

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton SystemWorks 2003

NVIDIA nForce Drivers

Opera 9.64

PhotoScape

Quicken WillMaker Plus 2005

QuickTime

RadarSync

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Remote Control USB Driver

ScreenPrint32 v3.5

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skins

Spelling Dictionaries Support For Adobe Reader 9

Sync-It with Atom 2.4

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows XP Service Pack 3

Yahoo! BrowserPlus 2.7.1

.

==== Event Viewer Messages From Past Week ========

.

12/29/2012 8:59:39 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : lapuser [Admin rights]

Mode : Scan -- Date : 01/01/2013 11:41:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A377C90)

SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x8A378200)

SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A3782F0)

SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A377590)

SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A377800)

SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8A377FD0)

SSDT[180] : NtQueueApcThread @ 0x805D2756 -> HOOKED (Unknown @ 0x8A3780E0)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A377EC0)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A377D90)

SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0x8A374DA0)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A377B90)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A377A80)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A3776E0)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A377A50)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A3786D0)

¤¤¤ Extern Hives: ¤¤¤

-> E:\windows\system32\config\SOFTWARE

-> E:\windows\system32\config\SYSTEM

-> E:\Documents and Settings\Default User\NTUSER.DAT

-> E:\Documents and Settings\lapuser\NTUSER.DAT

-> E:\Documents and Settings\LocalService\NTUSER.DAT

-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3300831AS +++++

--- User ---

[MBR] c8ceaa6ab5f66f71e5c31b97ef0fc295

[bSP] 02860470d975b30aea02ed2c216ba2a1 : Standard MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286168 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST1000DM003-9YN162 +++++

--- User ---

[MBR] b062596f42fd91b95c43a1e05382d5bc

[bSP] 0d17c3a6ae1fb8aca1211e7c013b48b2 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01012013_02d1141.txt >>

RKreport[1]_S_01012013_02d1141.txt

BTW I run with System Restore disabled. I have never used it and want to free up the disk space.

Link to post
Share on other sites

BTW I run with System Restore disabled. I have never used it and want to free up the disk space.

For now can you enable it and create new system restore point.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please read the directions carefully so you don't end up deleting something that is good!!

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.