Jump to content

Malwarebytes

Trojan.Ransom.Gen

- - - - -
Started by fullhouse, Aug 10 2012 09:14 AM


10 replies to this topic

#1
fullhouse
Posted 10 August 2012 - 09:14 AM

    New Member

  • Members
  • Pip
  • 5 posts
I've got a Trojan.Ransom.Gen on my PC. I ran avast quick scan and boot scan and then Malwarebytes all three removed a virus. Everything worked fine for about a day, we could surf the net as normal. Yesterday after turning the PC back on the virus was back. I get the your computer is blocked unless you pay $200 message, only when I'm connected to the internet, if I pull the connection from my modem, then everything works fine.

However, now I run avast and it doesnt find anything. I use Malwarebytes and it detects the Trojan.Ransom.Gen and I removed it. However it immediately returns. I can run a Malwarebytes quick scan and remove the trojan and then run it again and it will detect the same thing again.

The file that it names is:
C:\Document and Settings\Owners\Startmenu\Programs\Start up\ctfmon.lnk

Any help on what I should or can do, before I go pay $95 for a tech specialist to remove it?

#2
MrCharlie
Posted 10 August 2012 - 09:20 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,328 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3
fullhouse
Posted 10 August 2012 - 09:42 AM

    New Member

  • Members
  • Pip
  • 5 posts
I cant access the internet. When I'm connected to the modem, i get the message that my computer is block and it covers the whole screen. All I can do at that point is turn off the PC. Can I possible download RogueKiller to a flash drive from another computer and then install it to my desktop?

#4
MrCharlie
Posted 10 August 2012 - 09:50 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,328 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Yes, please do that....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5
fullhouse
Posted 10 August 2012 - 01:32 PM

    New Member

  • Members
  • Pip
  • 5 posts
DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Owner at 13:22:05 on 2012-08-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1535 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DownloadHQ\downloadhq.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\program files\searchpredict\SearchPredict.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BearSharePersonalization: {dd1849ea-8403-4441-8dff-7575aae1dc16} - c:\program files\bearshare applications\personalization\BearSharePersonalizationIE_v1047.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\speedbit video downloader\toolbar\grabber.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [downloadhq] "c:\program files\downloadhq\downloadhq.exe" -h
uRun: [DownloadAccelerator] "j:\program files\dap\DAP.exe" /STARTUP
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
Trusted Zone: google.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182133496453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\vs4ln1ej.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-7 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-7 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-7 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-7 44808]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-10-12 2560]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-5-26 131512]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-18 129976]
S3 TridVid;USB2.0 VIDBOX NM;c:\windows\system32\drivers\TridVid.sys [2011-12-26 201216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-08 01:42:31 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-08 01:41:59 41224 ----a-w- c:\windows\avastSS.scr
2012-08-08 01:41:25 -------- d-----w- c:\program files\AVAST Software
2012-08-08 01:41:25 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-08 00:58:13 -------- d-s---w- C:\ComboFix
2012-07-19 03:17:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-19 03:17:03 19384 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-07-19 03:17:02 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-07-19 03:17:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-07-19 03:17:01 125880 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
.
==================== Find3M ====================
.
2012-08-10 13:14:49 1529 --sha-w- c:\windows\system32\mmf.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 04:33:01 1409 ----a-w- c:\windows\QTFont.for
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-18 09:41:40 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2012-05-18 09:41:40 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2012-05-18 09:41:39 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 13:23:07.98 ===============

Attach LOG


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2007 5:53:17 PM
System Uptime: 8/10/2012 7:58:31 AM (6 hours ago)
.
Motherboard: | |
Processor: Intel® Celeron® CPU 2.93GHz | J2E1 | 2926/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 10.238 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.672 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP140: 6/21/2012 11:11:54 PM - System Checkpoint
RP141: 6/23/2012 12:02:19 AM - System Checkpoint
RP142: 6/23/2012 3:00:20 AM - Software Distribution Service 3.0
RP143: 6/25/2012 12:31:58 AM - System Checkpoint
RP144: 6/28/2012 3:03:22 AM - System Checkpoint
RP145: 6/29/2012 8:10:06 AM - System Checkpoint
RP146: 7/1/2012 11:59:19 PM - System Checkpoint
RP147: 7/3/2012 7:53:39 AM - System Checkpoint
RP148: 7/8/2012 11:07:58 PM - System Checkpoint
RP149: 7/11/2012 3:00:29 AM - Software Distribution Service 3.0
RP150: 7/12/2012 3:28:04 AM - System Checkpoint
RP151: 7/13/2012 6:10:41 AM - System Checkpoint
RP152: 7/14/2012 7:45:15 PM - System Checkpoint
RP153: 7/18/2012 12:16:04 AM - System Checkpoint
RP154: 7/19/2012 12:47:53 AM - System Checkpoint
RP155: 7/20/2012 1:43:17 AM - System Checkpoint
RP156: 7/21/2012 2:43:20 AM - System Checkpoint
RP157: 7/22/2012 3:43:17 AM - System Checkpoint
RP158: 7/23/2012 4:27:49 AM - System Checkpoint
RP159: 7/24/2012 5:27:15 AM - System Checkpoint
RP160: 7/25/2012 5:27:49 AM - System Checkpoint
RP161: 7/26/2012 6:45:42 AM - System Checkpoint
RP162: 7/27/2012 7:27:49 AM - System Checkpoint
RP163: 7/28/2012 10:12:55 PM - System Checkpoint
RP164: 7/29/2012 10:53:09 PM - System Checkpoint
RP165: 7/30/2012 11:28:07 PM - System Checkpoint
RP166: 8/1/2012 7:27:19 AM - System Checkpoint
RP167: 8/2/2012 4:25:38 PM - System Checkpoint
RP168: 8/5/2012 11:37:28 PM - System Checkpoint
RP169: 8/7/2012 12:23:24 AM - System Checkpoint
RP170: 8/7/2012 8:36:33 PM - Removed MediaFire Toolbar.
RP171: 8/7/2012 9:41:25 PM - avast! Free Antivirus Setup
RP172: 8/7/2012 9:56:30 PM - Software Distribution Service 3.0
RP173: 8/9/2012 12:21:56 AM - System Checkpoint
RP174: 8/10/2012 12:48:03 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
AIO_Scan
Any Video Converter 3.3.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
BearShare
Best Buy Digital Music Store
BigFix
bitRipper
Bitser Beta
Bonjour
BufferChm
Build-a-lot - On Vacation
Build-a-lot - Town of the Year
Command & Conquer Generals
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Media Reader
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Download Accelerator Plus (DAP)
DownloadHQ
DVD Flick 1.3.0.7
eSupportQFolder
F2100
F2100_doccd
F2100_Help
Fast Break College Basketball 2010 Demo
Free Video Joiner 1.1
GearDrvs
getPlus®_ocx
Google Chrome
Google Update Helper
honestech VHS to DVD 4.0 HD
Hotel Mogul
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Imikimi Plugin
Info Center 1.0.0.7
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
Law & Order II: Double or Nothing
Learn2 Player (Uninstall Only)
Mall-A-Palooza
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MediaFireDownloader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero BurnRights
Nero OEM
Norton PC Checkup
PowerDVD
PSSWCORE
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Rhapsody
Rhapsody Player Engine
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923689)
SendSpace Wizard
Shop for HP Supplies
Soft Data Fax Modem with SmartCP
SolutionCenter
SpeedBit Video Accelerator
SpeedBit Video Downloader
Spelling Dictionaries Support For Adobe Reader 9
Status
System Requirements Lab
System Requirements Lab CYRI
TEW2005
TEW2007
TEW2008
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 9:52:13 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer AMYSPRADLIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0636A51A-AB0C. The master browser is stopping or an election is being forced.
8/7/2012 8:57:33 PM, error: Service Control Manager [7034] - The VideoAcceleratorService service terminated unexpectedly. It has done this 1 time(s).
8/7/2012 8:13:04 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/7/2012 8:12:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/7/2012 8:11:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/7/2012 8:11:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/7/2012 8:00:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
8/7/2012 7:58:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2012 11:19:50 PM, error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).
.
==== End Of File ===========================

RKreport

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 08/10/2012 13:30:11
¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] Runservice.exe -- C:\WINDOWS\runservice.exe -> KILLED [TermProc]
[SUSP PATH] soap0_wsdl.exe -- C:\DOCUME~1\Owner\LOCALS~1\Temp\soap0_wsdl.exe -> KILLED [TermProc]
[SUSP PATH] Runservice.exe -- C:\WINDOWS\runservice.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[SUSP PATH] ctfmon.lnk @Owner : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\Owner\LOCALS~1\Temp\soap0_wsdl.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JB-00REA0 +++++
--- User ---
[MBR] d18c8c6e0630f96cb4dcb4fbb22da097
[BSP] 54f9e6ca60d01bfcbc4d84bacce4b7b4 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 7727265 | Size: 148852 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3773 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#6
MrCharlie
Posted 10 August 2012 - 01:45 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,328 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7
fullhouse
Posted 10 August 2012 - 06:17 PM

    New Member

  • Members
  • Pip
  • 5 posts
I'm not sure if ComboFix finished running I had it up for almost 2 hours, the progress bar across the top never did go all the way across it stopped half way.

ComboFix 11-12-15.02 - Owner 12/15/2011 18:26:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.486 [GMT -5:00]
Running from: c:\techtools\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\Takeela\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 22:46 . 2011-12-15 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-15 22:32 . 2011-12-15 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 22:32 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 22:30 . 2011-12-15 22:31 -------- d-----w- C:\TechTools
2011-12-15 22:28 . 2011-12-15 22:28 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2011-12-15 22:24 . 2011-12-15 22:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-15 21:20 . 2011-12-15 21:21 -------- d-----w- c:\documents and settings\Administrator
2011-12-15 04:20 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-15 04:20 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-15 04:20 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-12-13 20:28 . 2011-12-13 20:28 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2011-12-13 15:00 . 2011-12-13 15:00 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2011-12-13 14:36 . 2011-12-13 14:38 -------- dc-h--w- c:\windows\ie8
2011-12-09 17:10 . 2011-12-13 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ETTB
2011-12-09 17:03 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-12-09 17:03 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-09 17:03 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-09 17:03 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-04 17:42 . 2011-12-15 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2011-12-04 17:42 . 2011-12-04 17:43 -------- d-----w- c:\program files\PCPitstop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 23:13 . 2011-06-09 01:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2011-11-04 11:24 1409 ----a-w- c:\windows\QTFont.for
2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2007-10-09 18:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-26 16:12 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-26 16:12 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-23 02:06 . 2011-10-13 11:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 07:44 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]
2008-04-29 23:50 650680 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1047.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2007-4-26 2348584]
run_startmenu.cmd [2004-10-11 45]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearSharePersonalization]
2008-04-29 23:50 1251768 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalization.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center]
2011-09-26 17:27 24216 ----a-w- c:\program files\PCPitstop\Info Center\InfoCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 14:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder]
2011-10-26 16:42 325280 ----a-w- c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCPitstop Scheduling"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/13/2011 3:28 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/13/2011 3:28 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 8:57 PM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/13/2011 3:28 AM 136312]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/12/2008 10:51 PM 2560]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [5/13/2011 3:28 AM 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/9/2009 9:54 PM 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/9/2009 9:54 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/12/2011 6:27 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSXpx86.sys [12/14/2011 9:15 PM 356280]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:01 AM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:01 AM 135664]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/4/2011 12:42 PM 91816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:54]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:54]
.
2007-04-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
2007-04-26 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vs4ln1ej.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\0ECC3A43B9416605BEB3AE7E61B07718]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
1a,42,2c,55,e0,34,81,ae,ca
"2"=hex:ff,46,a9,cd,53,d2,ef,98
"3"=hex:7a,df,d5,4c,57,ae,df,52,45,12,ef,74,0e,81,42,21,d4,1c,0f,64,a2,89,b4,
0d,9a,3d,ad,bd,91,54,13,86,71,a9,24,13,8f,26,dd,dc,3c,ad,c8,64,9e,27,1b,2b,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
1a,a6,9a,22,80,3b,be,a2,ab,0f,c9,d8,50,26,f2,97,29,00,1d,dc,11,71,88,89,5e,\
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,0a,a7,b3,1c,99,c8,a4,fc,b2,a0,c4,0f,9f,bf,5f,
2d,98,42,c1,23,08,65,81,7e,37,62,bf,dc,f3,71,e2,a0
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:ef,75,97,fd,82,af,ad,38,06,46,3e,0c,eb,80,ea,c5,cf,e8,34,1f,86,30,bb,
80,a7,73,39,43,0a,92,37,98,2c,8a,2d,c4,2b,32,ba,d2,27,d7,cc,cf,4d,ad,fe,0a,\
"13"=hex:a2,c8,03,1d,e8,4d,1d,93,50,ca,cf,49,25,90,fd,e0,7f,10,80,4a,52,41,7f,
8f
"14"=hex:b9,fb,ea,14,55,b7,5a,f0
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:56,47,2e,66,99,1b,a5,d3,fc,7b,e6,60,ef,99,e5,85
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:6f,57,5e,0f,ea,60,68,3a,05,4b,2f,25,ac,de,6c,11,53,6c,8f,45,c5,1c,6c,
20,b3,52,3a,62,9d,12,59,4a,04,36,85,a4,07,60,c8,cb,f8,54,94,6a,49,45,ad,05,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\sxs.dll
.
- - - - - - - > 'explorer.exe'(3412)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-12-15 18:46:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 23:46
.
Pre-Run: 120,053,075,968 bytes free
Post-Run: 120,299,216,896 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D354E92F157A8E60DA3D5CDDEEAAE1E7

#8
MrCharlie
Posted 10 August 2012 - 06:28 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,328 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9
fullhouse
Posted 10 August 2012 - 08:45 PM

    New Member

  • Members
  • Pip
  • 5 posts
Mr. C,

Everything seems to be running fine, I can connect suf the internet using explorer, however firefox doesnt seem to have the files needed to run now. Do you think it would be okay to reinstall firefox?


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-14B55A8A15 [administrator]
8/10/2012 8:04:46 PM
mbam-log-2012-08-10 (20-04-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228500
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\Owner\Local Settings\temp\soap0_wsdl.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.
(end)

#10
MrCharlie
Posted 10 August 2012 - 08:47 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,328 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Yes reinstall it.

If everything else is OK.........


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11
Maurice Naggar
Posted 11 August 2012 - 06:40 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,165 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us