Jump to content

zoot56

Honorary Members
 View Profile  See their activity

  • Posts

    75

  • Joined

  • Last visited

Reputation

0 Neutral
  1. zoot56
    i think not for the moment unless you think its a good idea
  2. zoot56
    since i uninstalled google earth the errors have stopped
  3. zoot56
    The installer has to be connected to the internet
  4. zoot56
    Thank you very much I wish this thing would just stop. Should I try any of those things? Has anyone allowed the firewall to let the thing launch?
  5. zoot56
    Why wont this thing let me post a screen shot? Anyways it says: GoogleEarth-Win-Bundle-7.0.3.8542:error 7-Zip: Internal error, code 105.
  6. zoot56
    Still getting the error messages. MiniToolBox by Farbar Version:05-03-2013 Ran by Robert (administrator) on 15-04-2013 at 16:16:31 Running from "C:\Documents and Settings\Robert\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Event log errors: =============================== Application errors: ================== Error: (04/14/2013 02:09:54 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (04/12/2013 08:28:36 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (04/11/2013 11:53:05 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (04/10/2013 08:43:39 AM) (Source: Bonjour Service) (User: ) Description: SendWakeupPacket error: sent -1 bytes: 10004 Error: (04/10/2013 08:43:39 AM) (Source: Bonjour Service) (User: ) Description: SendWakeupPacket error: sent -1 bytes: 10004 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 21 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 20 System errors: ============= Error: (04/14/2013 02:19:14 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/14/2013 02:13:29 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/14/2013 02:12:02 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/11/2013 11:57:59 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/11/2013 11:55:33 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/11/2013 11:54:48 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/10/2013 08:44:28 AM) (Source: DCOM) (User: METATRON) Description: The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout. Error: (04/06/2013 00:00:34 AM) (Source: DCOM) (User: METATRON) Description: The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout. Error: (03/29/2013 08:18:54 AM) (Source: DCOM) (User: METATRON) Description: The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout. Error: (03/28/2013 03:43:16 PM) (Source: Windows Update Agent) (User: ) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.147.673.0). Microsoft Office Sessions: ========================= Error: (04/14/2013 02:09:54 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (04/12/2013 08:28:36 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (04/11/2013 11:53:05 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (04/10/2013 08:43:39 AM) (Source: Bonjour Service)(User: ) Description: SendWakeupPacket error: sent -1 bytes: 10004 Error: (04/10/2013 08:43:39 AM) (Source: Bonjour Service)(User: ) Description: SendWakeupPacket error: sent -1 bytes: 10004 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 21 Error: (04/10/2013 08:43:38 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 20 **** End of log ****
  7. zoot56
    The combofix prompted to update when I ran it so I said ok. I hope that was ok. Here is the log. I will wait and see if I am still getting the errors and run the minitoolbox if I am. ComboFix 13-04-14.01 - Robert 04/14/2013 14:13:49.9.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2252 [GMT -7:00] Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Robert\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Robert\My Documents\FIX\HBCD c:\documents and settings\Robert\My Documents\FIX\HBCD\BurnCDCC.exe c:\documents and settings\Robert\My Documents\FIX\HBCD\BurnToCD.cmd c:\documents and settings\Robert\My Documents\FIX\HBCD\DefaultKeyboardPatch.zip c:\documents and settings\Robert\My Documents\FIX\HBCD\DefaultKeyboardPatch\data.dat c:\documents and settings\Robert\My Documents\FIX\HBCD\DefaultKeyboardPatch\Patch.cmd c:\documents and settings\Robert\My Documents\FIX\HBCD\DefaultKeyboardPatch\PatchInfo.txt c:\documents and settings\Robert\My Documents\FIX\HBCD\HBCD.txt c:\documents and settings\Robert\My Documents\FIX\HBCD\HBCDCustomizer.exe c:\documents and settings\Robert\My Documents\FIX\HBCD\Hiren's.BootCD.13.0.iso . . ((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 ))))))))))))))))))))))))))))))) . . 2013-04-14 19:59 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8003AC02-9551-47EC-9726-3E526A42B6E3}\mpengine.dll 2013-04-14 09:31 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-21 18:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-18 05:19 . 2013-03-18 05:18 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-18 05:19 . 2013-03-18 05:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 21:50 . 2010-02-28 00:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 10:33 . 2010-12-31 06:17 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-18 05:18 . 2012-05-09 03:45 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-18 05:18 . 2011-08-23 00:50 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 09:28 . 2012-06-26 20:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 09:28 . 2012-06-26 20:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2009-05-20 22:55 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-20 23:59 . 2011-04-18 20:18 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2010-09-01 23:33 . 2010-12-31 23:11 83968 ----a-w- c:\program files\remover.exe 2013-04-12 05:41 . 2013-04-12 05:40 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\Robert\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-01-31 138096] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-08 73392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 738984] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896] "NvMediaCenter"="NvMCTray.dll" [2012-12-29 108984] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-29 1982312] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Army Builder\\ArmyBuilder.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Documents and Settings\\Robert\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "3074:TCP"= 3074:TCP:*:Disabled:xbox live "3074:UDP"= 3074:UDP:*:Disabled:xbox live . R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4/30/2012 12:05 PM 27056] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4/30/2012 12:05 PM 497320] S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/29/2012 9:49 PM 24064] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL9FA00F3A *NewlyCreated* - TRUESIGHT *Deregistered* - MpKsl9fa00f3a *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 09:28] . 2013-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34] . 2013-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1454471165-1614895754-1801674531-1004Core.job - c:\documents and settings\Robert\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-31 15:26] . 2013-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1454471165-1614895754-1801674531-1004UA.job - c:\documents and settings\Robert\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-31 15:26] . 2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43] . 2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43] . 2013-04-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN112936925632837-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d&q={searchTerms} FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-14 14:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1454471165-1614895754-1801674531-1004\Software\SecuROM\License information*] "datasecu"=hex:ee,39,e6,33,9f,d3,4f,13,28,be,73,7f,d9,dd,64,be,8d,e0,f8,c2,54, 4e,ea,d8,56,32,97,6b,e9,3d,40,aa,2d,e2,53,01,79,76,81,af,cf,06,23,b4,d5,a0,\ "rkeysecu"=hex:3f,f5,91,b9,bf,e0,d1,30,e8,f4,28,b5,04,e4,ca,b2 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(928) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(984) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . Completion time: 2013-04-14 14:24:02 ComboFix-quarantined-files.txt 2013-04-14 21:23 ComboFix2.txt 2013-04-12 07:11 ComboFix3.txt 2012-05-14 03:50 . Pre-Run: 219,274,387,456 bytes free Post-Run: 219,451,011,072 bytes free . - - End Of File - - 9E25D12DB5BDF07BABA60ABB2ECF2580
  8. zoot56
    Yeah I'm pretty sure I didn't download anything called Hirens so we should probably remove it. And I already have google earth installed and i haven't touched it in ages so it seems strange that it would be trying to install.
  9. zoot56
    I don't know what Hiren's is or an iso. How do I know if I downloaded it? What is "Win32/PSWTool.KonBoot.A application"? The firewall is still popping up with the suspicious behavior warning: Setup Launcher Unicode is trying to launch C:\WINDOWS\system32\msiexec.exe, or use another program to gain access to privileged resources. When I click on more info it says: Application: C\WINDOWS\system32\config\systemprofile\LocalSettings\temp\._MSIGE61\GOOGLEEARTH.EXE
  10. zoot56
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=18fc5ae4eb0b2c499fc6b250cb676f56 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-14 05:45:42 # local_time=2012-05-13 10:45:42 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5891 16776869 42 93 0 3748827 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16776894 75 4 0 0 0 0 # scanned=140645 # found=0 # cleaned=0 # scan_time=2482 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=18fc5ae4eb0b2c499fc6b250cb676f56 # engine=13607 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-04-12 05:12:13 # local_time=2013-04-12 10:12:13 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5892 16777213 88 94 2419997 16573623 0 0 # compatibility_mode=9217 16776894 75 4 8976944 8976944 0 0 # scanned=150875 # found=1 # cleaned=0 # scan_time=4223 sh=FF19868F60E16DE4359F0FB3C947009949CC374A ft=0 fh=0000000000000000 vn="Win32/PSWTool.KonBoot.A application" ac=I fn="C:\Documents and Settings\Robert\My Documents\FIX\HBCD\Hiren's.BootCD.13.0.iso"
  11. zoot56
    ComboFix 13-04-11.01 - Robert 04/11/2013 23:55:43.8.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1978 [GMT -7:00] Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-12 to 2013-04-12 ))))))))))))))))))))))))))))))) . . 2013-04-12 05:41 . 2013-04-12 05:41 26520 ----a-w- c:\program files\Mozilla Firefox\updated\plugin-hang-ui.exe 2013-04-11 19:49 . 2013-04-11 19:49 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C8848E1-BD45-47B5-95C1-013BE969AA3C}\MpKsl9fa00f3a.sys 2013-04-11 03:34 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C8848E1-BD45-47B5-95C1-013BE969AA3C}\mpengine.dll 2013-04-10 02:49 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-21 18:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-18 05:19 . 2013-03-18 05:18 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-18 05:19 . 2013-03-18 05:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 21:50 . 2010-02-28 00:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 10:33 . 2010-12-31 06:17 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-18 05:18 . 2012-05-09 03:45 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-18 05:18 . 2011-08-23 00:50 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 09:28 . 2012-06-26 20:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 09:28 . 2012-06-26 20:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2009-05-20 22:55 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-20 23:59 . 2011-04-18 20:18 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2010-09-01 23:33 . 2010-12-31 23:11 83968 ----a-w- c:\program files\remover.exe 2013-03-13 06:37 . 2013-02-20 18:34 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\Robert\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-01-31 138096] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-08 73392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 738984] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896] "NvMediaCenter"="NvMCTray.dll" [2012-12-29 108984] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-29 1982312] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwMzQ0NjAyLUJBKzEtS1YzKzctVDQtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1YMjAxMCsyLVFJWDErNC1GMTBNMTBEKzE∏=90&ver=10.0.1204" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Army Builder\\ArmyBuilder.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Documents and Settings\\Robert\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "3074:TCP"= 3074:TCP:*:Disabled:xbox live "3074:UDP"= 3074:UDP:*:Disabled:xbox live "6112:TCP"= 6112:TCP:Blizzard Downloader: 6112 . R1 MpKsl9fa00f3a;MpKsl9fa00f3a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C8848E1-BD45-47B5-95C1-013BE969AA3C}\MpKsl9fa00f3a.sys [4/11/2013 12:49 PM 29904] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4/30/2012 12:05 PM 27056] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4/30/2012 12:05 PM 497320] S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/29/2012 9:49 PM 24064] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL9FA00F3A *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 09:28] . 2013-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34] . 2013-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1454471165-1614895754-1801674531-1004Core.job - c:\documents and settings\Robert\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-31 15:26] . 2013-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1454471165-1614895754-1801674531-1004UA.job - c:\documents and settings\Robert\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-31 15:26] . 2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43] . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43] . 2013-04-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: alaskausa.org\ultrabranch Trusted Zone: alaskausa.org\www Trusted Zone: amazon.com\www Trusted Zone: aol.com\mail Trusted Zone: aol.com\my.screenname Trusted Zone: bankofamerica.com\safe Trusted Zone: bankofamerica.com\www Trusted Zone: chase.com\chaseonline Trusted Zone: clonewarsadventures.com Trusted Zone: facebook.com\apps Trusted Zone: facebook.com\www Trusted Zone: freerealms.com Trusted Zone: games-workshop.com\www Trusted Zone: kingcounty.gov\www Trusted Zone: live.com\login Trusted Zone: malwarebytes.org\forums Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: netflix.com\movies Trusted Zone: netflix.com\signup Trusted Zone: soe.com Trusted Zone: sony.com Trusted Zone: wa.gov\fortress Trusted Zone: wccnet.edu\blackboard9 Trusted Zone: wednet.edu\mail.auburn Trusted Zone: windowsupdate.com\download Trusted Zone: windowsupdate.com\www Trusted Zone: wm.com\www Trusted Zone: youtube.com\www TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN112936925632837-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d&q={searchTerms} FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-12 00:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1454471165-1614895754-1801674531-1004\Software\SecuROM\License information*] "datasecu"=hex:ee,39,e6,33,9f,d3,4f,13,28,be,73,7f,d9,dd,64,be,8d,e0,f8,c2,54, 4e,ea,d8,56,32,97,6b,e9,3d,40,aa,2d,e2,53,01,79,76,81,af,cf,06,23,b4,d5,a0,\ "rkeysecu"=hex:3f,f5,91,b9,bf,e0,d1,30,e8,f4,28,b5,04,e4,ca,b2 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(928) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(984) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . Completion time: 2013-04-12 00:11:57 ComboFix-quarantined-files.txt 2013-04-12 07:11 ComboFix2.txt 2012-05-14 03:50 . Pre-Run: 219,084,001,280 bytes free Post-Run: 219,606,740,992 bytes free . - - End Of File - - 187F347A86553FA5BEE0292D64341559
  12. zoot56
    In addition to these reports, roguekiller made two files on my desktop called "RK_Quarentine" and ".picasaoriginals". What do I do with those? # AdwCleaner v2.200 - Logfile created 04/11/2013 at 12:46:22 # Updated 02/04/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Robert - METATRON # Boot Mode : Normal # Running from : C:\Documents and Settings\Robert\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\DOCUME~1\Robert\LOCALS~1\Temp\Uninstall.exe File Deleted : C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\searchplugins\zonealarm.xml File Deleted : C:\user.js ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\prefs.js C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\user.js ... Deleted ! [OK] File is clean. ************************* AdwCleaner[s1].txt - [1617 octets] - [11/04/2013 12:46:22] ########## EOF - C:\AdwCleaner[s1].txt - [1677 octets] ########## RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Robert [Admin rights] Mode : Scan -- Date : 04/11/2013 12:56:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKS-00A7B2 +++++ --- User --- [MBR] 939f19ba167ed9e3214caba0c930aa92 [bSP] 624ba18a9061ea14c4a0a395eb9a19a0 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04112013_02d1256.txt >> RKreport[1]_S_04112013_02d1256.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Robert [Admin rights] Mode : Remove -- Date : 04/11/2013 12:57:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKS-00A7B2 +++++ --- User --- [MBR] 939f19ba167ed9e3214caba0c930aa92 [bSP] 624ba18a9061ea14c4a0a395eb9a19a0 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04112013_02d1257.txt >> RKreport[1]_S_04112013_02d1256.txt ; RKreport[2]_D_04112013_02d1257.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Robert [Admin rights] Mode : Shortcuts HJfix -- Date : 04/11/2013 13:02:18 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 2 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 3 / Fail 0 Start menu: Success 4 / Fail 0 User folder: Success 1169 / Fail 0 My documents: Success 201 / Fail 201 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 276 / Fail 0 Backup: [NOT FOUND] Drives: [A:] \Device\Floppy0 -- 0x2 --> Skipped [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored [D:] \Device\CdRom0 -- 0x5 --> Skipped Finished : << RKreport[3]_SC_04112013_02d1302.txt >> RKreport[1]_S_04112013_02d1256.txt ; RKreport[2]_D_04112013_02d1257.txt ; RKreport[3]_SC_04112013_02d1302.txt
  13. zoot56
    I appreciate any help you can give. I'm not sure what is going on. I think I may be infected with something. I keep getting a repeating error window that pops up that looks like this: GoogleEarth-Win-Bundle-7.0.3.8542:error 7-Zip: Internal error, code 105. And my firewall also keeps popping up with a repeating suspicious behavior message that says: Setup Launcher Unicode is trying to launch C:\WINDOWS\system32\msiexec.exe, or use another program to gain access to privileged resources I keep telling it to "deny" but it keeps coming back. My Malwarebytes has been updated but it is not detecting anything. Here is the latest scan: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.11.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Robert :: METATRON [administrator] 4/11/2013 10:05:40 AM mbam-log-2013-04-11 (10-05-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 259154 Time elapsed: 14 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by Robert at 11:03:42 on 2013-04-11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1802 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Free Firewall Firewall *Enabled* . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Google\Update\Install\{A5AE69A3-4216-49D7-BBB7-66C63692B377}\GoogleEarth-Win-Bundle-7.0.3.8542.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: SecureBrowsing bho: {7632ABCA-B104-4fbc-9C70-419C4147061B} - c:\program files\m86security secure browsing\SecureBrowsing.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: M86 Security Secure Browsing: {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - c:\program files\m86security secure browsing\SecureBrowsing.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Facebook Update] "c:\documents and settings\robert\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgwMzQ0NjAyLUJBKzEtS1YzKzctVDQtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1YMjAxMCsyLVFJWDErNC1GMTBNMTBEKzE"&"prod=90"&"ver=10.0.1204 mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242920910640 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340742957406 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{EE2BC3A9-D089-42F2-B524-90E2D651376E} : DHCPNameServer = 192.168.0.1 Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\robert\application data\mozilla\firefox\profiles\ige9lf9l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN112936925632837-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d&q={searchTerms} FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\robert\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.zonealarm.hpOld - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112487423416078-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d FF - user.js: extensions.zonealarm.hpNew - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112487423416078-1600&toolbarId=base&affiliateId=1025&Lan=en&utid=941db9ba00000000000000248c444d7d FF - user.js: extensions.zonealarm.dspOld - Search By ZoneAlarm FF - user.js: extensions.zonealarm.dspNew - Search By ZoneAlarm FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.hmpg - true FF - user.js: extensions.zonealarm_i.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112936925632837-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d FF - user.js: extensions.zonealarm_i.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN112936925632837-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d&q={searchTerms} FF - user.js: extensions.zonealarm_i.dnsErr - true FF - user.js: extensions.zonealarm_i.newTab - true FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN112936925632837-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112936925632837-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=941db9ba00000000000000248c444d7d&q= FF - user.js: extensions.zonealarm.id - 941db9ba00000000000000248c444d7d FF - user.js: extensions.zonealarm.instlDay - 15469 FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3 FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.38:00:02 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1600 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN112936925632837-1600 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 195296] R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-11-7 527408] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27056] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497320] R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-3-29 24064] . =============== Created Last 30 ================ . 2013-04-11 03:34:27 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c8848e1-bd45-47b5-95c1-013be969aa3c}\mpengine.dll 2013-04-10 02:49:49 7108640 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-03-21 18:21:29 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-18 05:19:15 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-18 05:19:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-18 05:18:57 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-18 05:18:57 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 09:28:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 09:28:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-20 23:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-16 06:19:19 1074560 ----a-w- c:\windows\system32\nvdrsdb0.bin 2013-01-16 06:19:19 1 ----a-w- c:\windows\system32\nvdrssel.bin 2013-01-16 06:19:15 1074560 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-09-01 23:33:49 83968 ----a-w- c:\program files\remover.exe . ============= FINISH: 11:04:33.39 =============== Here is the Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 5/20/2009 3:59:49 PM System Uptime: 4/9/2013 8:22:33 PM (39 hours ago) . Motherboard: ASUSTeK Computer INC. | | M3N72-D Processor: AMD Phenom™ 9650 Quad-Core Processor | Socket AM2 | 2299/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 203.374 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Age of Empires III Age of Empires III - The Asian Dynasties Age of Empires III - The WarChiefs AiO_Scan_CDA AiOSoftwareNPI Amazon Kindle AMD Processor Driver Apple Application Support Apple Mobile Device Support Apple Software Update Army Builder 3.3b Bonjour BufferChm Citrix XenApp Web Plugin Compatibility Pack for the 2007 Office system Coupon Printer for Windows Destinations DeviceManagementQFolder DocProc DocProcQFolder DVD Suite ESET Online Scanner v3 eSupportQFolder EverQuest F300 F300_Help Facebook Video Calling 1.2.0.287 Fax_CDA Garmin Communicator Plugin Garmin Lifetime Updater Garmin USB Drivers Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant Image Plugin InstantShareDevicesMFC iTunes Java 7 Update 17 Java Auto Updater JavaFX 2.1.1 M86Security Secure Browsing Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office File Validation Add-In Microsoft Office Publisher 2003 Microsoft Office Standard Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows Media Video 9 VCM Microsoft WSE 3.0 Runtime MobileMe Control Panel Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MSN MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Essentials neroxml Network Magic NewCopy_CDA NVIDIA Control Panel 310.90 NVIDIA Drivers NVIDIA Graphics Driver 310.90 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA nView 136.53 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Update 1.11.3 NVIDIA Update Components OCR Software by I.R.I.S 7.0 Picasa 3 PowerDVD PowerISO ProductContextNPI Pure Networks Platform QuickTime Readme Realtek High Definition Audio Driver RIFT Safari Scan ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords SimCity 4 Deluxe SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 Status The Sims 2 The Sims™ 3 Toolbox TrayApp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB971029) VC 9.0 Runtime Ventrilo Client Ventrilo Server VLC media player 1.0.5 Warcraft III Warhammer Online - Age of Reckoning WebFldrs XP WebReg Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Internet Explorer 8 Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver World of Warcraft Xfire (remove only) Yahoo! Detect ZoneAlarm Firewall ZoneAlarm Free Firewall ZoneAlarm LTD Toolbar ZoneAlarm Security . ==== End Of File =========================== Thank you for your help!
  14. zoot56
    It's like something is hijacking the browser's back button or there is somekind of adware tracker on certain sites. Sometimes while I'm browsing and I hit the back button nothing happens. So click it again. It might take 2 - 3 clicks of the back button to actually get back to the last page I was last on. This doesn't happen with every page but it happens on many different pages. At first I thought it was happening randomly but then I noticed it did seem to be a consistant behavior at least on the Fandango site but I don't remember it happening in the past as I've used that site for years. While I'm browsing, if the back button does not work on the first click, I right click on the back button to reveal the recent page history and usually it shows inserted between where I am and where I've been this web address: "https://googleads.q.doubleclick.net/page". If I click on the address it does nothing and I go nowhere. It's like a placeholder or something. Sometimes the address is listed more than once which means I must click back 3 or more times to get past it and back to the page I was actually on last. IE also has that annoying clicking sound whenever you navigate anywhere and it seems to increase to a longer series of clicks when this back button behavior is occuring. I could probably predict that the back button has just been hijacked on the page by noticing the increase in clicking noises the page just made. I have not experienced these problems on the Firefox. I must say that I like the Firefox very much so far, and thank you for recommending it.
  15. zoot56
    It doesn't seen to happen with the Firefox.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.