CaseyJ000

"newgenerationp.com/x" and "oldschoolzzz.com.x"

41 posts in this topic

I'm getting ESET alerts on my wife's computer running Windows XP

blocking "newgenerationp.com/x" and "oldschoolzzz.com.x"

ESET keeps giving alerts that the computer needs to be updated, but I see the updates have been failing for several days. And they failed when I tried.

Malewarebytes is showing nothing now. I deleted a trojan earlier today.

I know i should post some logs first, but if anyone has any suggestions of what to start with let me know.

Share this post


Link to post
Share on other sites

Hello CaseyJ000! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post the log files when you are ready.

Share this post


Link to post
Share on other sites

Hi Maniac,

I saw your posts on Techmonkey.com related to this trojan. I've already ran TDSSKiller because I saw the info about blue screens probably coming soon, and hadn't heard back from anyone. My apologies. So I have those logs too.

MBAM

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.19.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Frances :: JIM2-88XVZV9YF [administrator]

Protection: Disabled

6/19/2012 10:26:25 PM

mbam-log-2012-06-19 (22-26-25).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 417013

Time elapsed: 2 hour(s), 28 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33

Run by Frances at 6:00:33 on 2012-06-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.278 [GMT -7:00]

.

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

svchost.exe

C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\frxhser.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\frxhapp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Microsoft Office\Office\Winword.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [frxmxins] frxmxins

mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [FGLRXDetectPnPMonitor] rundll32 fglrxmon.dll,MonitorDetect

StartupFolder: c:\docume~1\frances\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.clarkcolor.com/ClarkActivia.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aon.webex.com/client/T25L10NSP41EP7/webex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7A7E11BE-51A3-42F3-8CDD-67FC3AD14385} : DhcpNameServer = 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\frances\application data\mozilla\firefox\profiles\pi4kvmcf.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]

R2 FGLRXUtil;FGLRXUTIL;c:\windows\system32\frxhser.exe [2005-1-16 53248]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-14 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-14 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-19 40776]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\frances\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\frances\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\frances\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\frances\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 PPPoEService;PPPoE Service;c:\progra~1\nts\entern~1\app\pppoeservice.exe --> c:\progra~1\nts\entern~1\app\pppoeservice.exe [?]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-29 257696]

S3 atifglrx;atifglrx;c:\windows\system32\drivers\fglrxm.sys [2005-1-16 417061]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-29 129976]

.

=============== Created Last 30 ================

.

2012-06-20 05:26:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-20 05:15:19 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-20 04:52:34 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-16 14:32:56 -------- d-----w- c:\documents and settings\frances\application data\AdobeAUM

2012-06-16 14:29:31 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-06-16 14:29:30 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-06-16 14:29:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-06-16 14:29:29 159232 ----a-w- c:\windows\system32\ptpusd.dll

2012-06-13 02:25:34 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-13 02:25:34 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-30 01:58:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-29 14:49:32 -------- d-----w- c:\program files\Mozilla Maintenance Service

.

==================== Find3M ====================

.

2012-06-13 02:25:02 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-30 02:01:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 6:01:40.56 ===============

.Extras.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/16/2005 12:43:54 PM

System Uptime: 6/19/2012 10:20:10 PM (8 hours ago)

.

Motherboard: Dell Computer Corp. | |

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2784/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 74 GiB total, 31.087 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 699 GiB total, 637.908 GiB free.

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP287: 3/23/2012 3:25:35 AM - System Checkpoint

RP288: 3/24/2012 4:25:35 AM - System Checkpoint

RP289: 3/25/2012 5:25:38 AM - System Checkpoint

RP290: 3/26/2012 8:12:52 AM - System Checkpoint

RP291: 3/27/2012 1:22:24 PM - System Checkpoint

RP292: 3/28/2012 1:50:02 PM - System Checkpoint

RP293: 3/29/2012 2:26:38 PM - System Checkpoint

RP294: 3/30/2012 2:42:12 PM - System Checkpoint

RP295: 3/31/2012 3:26:35 PM - System Checkpoint

RP296: 4/1/2012 3:27:39 PM - System Checkpoint

RP297: 4/2/2012 3:53:59 PM - System Checkpoint

RP298: 4/3/2012 3:56:22 PM - System Checkpoint

RP299: 4/4/2012 4:16:52 PM - System Checkpoint

RP300: 4/5/2012 4:22:39 PM - System Checkpoint

RP301: 4/6/2012 5:20:29 PM - System Checkpoint

RP302: 4/7/2012 5:41:34 PM - System Checkpoint

RP303: 4/8/2012 5:56:07 PM - System Checkpoint

RP304: 4/9/2012 6:08:07 PM - System Checkpoint

RP305: 4/10/2012 6:42:55 PM - System Checkpoint

RP306: 4/11/2012 8:50:12 AM - Software Distribution Service 3.0

RP307: 4/12/2012 10:01:33 AM - System Checkpoint

RP308: 4/13/2012 10:48:15 AM - System Checkpoint

RP309: 4/14/2012 8:25:44 PM - System Checkpoint

RP310: 4/15/2012 9:42:50 PM - System Checkpoint

RP311: 4/16/2012 9:47:08 PM - System Checkpoint

RP312: 4/17/2012 10:47:09 PM - System Checkpoint

RP313: 4/18/2012 11:11:20 PM - System Checkpoint

RP314: 4/19/2012 1:15:01 PM - Installed QuickTime

RP315: 4/20/2012 1:24:07 PM - System Checkpoint

RP316: 4/21/2012 2:23:56 PM - System Checkpoint

RP317: 4/22/2012 3:25:00 PM - System Checkpoint

RP318: 4/23/2012 4:23:55 PM - System Checkpoint

RP319: 4/24/2012 5:20:14 PM - System Checkpoint

RP320: 4/25/2012 6:30:50 PM - System Checkpoint

RP321: 4/26/2012 7:21:19 PM - System Checkpoint

RP322: 4/27/2012 7:43:38 PM - System Checkpoint

RP323: 4/28/2012 8:37:59 PM - System Checkpoint

RP324: 4/29/2012 9:37:58 PM - System Checkpoint

RP325: 4/30/2012 10:07:20 PM - System Checkpoint

RP326: 5/1/2012 10:36:38 PM - System Checkpoint

RP327: 5/2/2012 10:59:15 PM - System Checkpoint

RP328: 5/3/2012 11:59:14 PM - System Checkpoint

RP329: 5/5/2012 12:59:19 AM - System Checkpoint

RP330: 5/6/2012 1:59:15 AM - System Checkpoint

RP331: 5/7/2012 2:50:19 AM - System Checkpoint

RP332: 5/8/2012 3:50:18 AM - System Checkpoint

RP333: 5/9/2012 4:50:20 AM - System Checkpoint

RP334: 5/10/2012 8:57:12 AM - System Checkpoint

RP335: 5/10/2012 1:13:35 PM - Software Distribution Service 3.0

RP336: 5/11/2012 1:30:29 PM - System Checkpoint

RP337: 5/12/2012 1:52:39 PM - System Checkpoint

RP338: 5/13/2012 2:40:36 PM - System Checkpoint

RP339: 5/14/2012 3:15:29 PM - System Checkpoint

RP340: 5/15/2012 3:43:46 PM - System Checkpoint

RP341: 5/16/2012 4:42:09 PM - System Checkpoint

RP342: 5/17/2012 5:30:11 PM - System Checkpoint

RP343: 5/18/2012 5:43:41 PM - System Checkpoint

RP344: 5/19/2012 6:30:10 PM - System Checkpoint

RP345: 5/20/2012 7:30:08 PM - System Checkpoint

RP346: 5/21/2012 8:07:08 PM - System Checkpoint

RP347: 5/22/2012 8:42:21 PM - System Checkpoint

RP348: 5/23/2012 8:42:41 PM - System Checkpoint

RP349: 5/24/2012 8:43:48 PM - System Checkpoint

RP350: 5/25/2012 9:20:43 PM - System Checkpoint

RP351: 5/26/2012 10:20:45 PM - System Checkpoint

RP352: 5/27/2012 11:20:44 PM - System Checkpoint

RP353: 5/28/2012 11:27:32 PM - System Checkpoint

RP354: 5/29/2012 11:40:20 PM - System Checkpoint

RP355: 5/30/2012 11:58:35 PM - System Checkpoint

RP356: 6/1/2012 12:58:36 AM - System Checkpoint

RP357: 6/2/2012 6:56:36 AM - System Checkpoint

RP358: 6/3/2012 7:54:39 AM - System Checkpoint

RP359: 6/4/2012 7:50:42 PM - System Checkpoint

RP360: 6/5/2012 8:50:30 PM - System Checkpoint

RP361: 6/6/2012 9:38:21 PM - System Checkpoint

RP362: 6/7/2012 10:38:20 PM - System Checkpoint

RP363: 6/8/2012 10:59:34 PM - System Checkpoint

RP364: 6/9/2012 11:57:51 PM - System Checkpoint

RP365: 6/11/2012 12:05:40 AM - System Checkpoint

RP366: 6/12/2012 12:12:42 AM - System Checkpoint

RP367: 6/12/2012 7:24:08 PM - Removed Java™ 6 Update 26

RP368: 6/12/2012 7:24:49 PM - Installed Java™ 6 Update 33

RP369: 6/13/2012 8:11:58 PM - Software Distribution Service 3.0

RP370: 6/14/2012 8:23:23 PM - System Checkpoint

RP371: 6/15/2012 9:07:50 PM - System Checkpoint

RP372: 6/16/2012 9:37:07 PM - System Checkpoint

RP373: 6/17/2012 10:21:14 PM - System Checkpoint

RP374: 6/18/2012 10:35:53 PM - System Checkpoint

RP375: 6/19/2012 10:15:38 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2Wire Wireless Client

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Album 2.0 Starter Edition

Adobe Reader X (10.1.3)

Apple Application Support

Apple Software Update

AT&T Yahoo! High Speed Internet Home Networking Installer

ATI - Software Uninstall Utility

ATI Display Driver

Canon iP2600 series

Canon iP2600 series User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Download Manager

Dell ResourceCD

Drive Manager

ESET Online Scanner v3

ESET Smart Security

GoToAssist Corporate

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® PRO Ethernet Adapter and Software

iTunes

Java Auto Updater

Java™ 6 Update 33

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Excel 97

Microsoft IntelliPoint 7.1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Word 97

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 6 Service Pack 2 (KB954459)

Norton SystemWorks

Picture Package Music Transfer

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype™ 5.8

Sony Picture Utility

SpywareBlaster 4.6

Symantec Technical Support Web Controls

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebEx

WebFldrs XP

Windows 7 Upgrade Advisor

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

6/19/2012 9:46:16 AM, error: Print [6161] - The document http://msn.careerbui...terviewing-The- owned by Frances failed to print on printer Canon iP2600 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 115608. Number of bytes printed: 115440. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\JIM2-88XVZV9YF. Win32 error code returned by the print processor: 0 (0x0).

6/19/2012 9:44:44 AM, error: Print [6161] - The document http://msn.careerbui...terviewing-The- owned by Frances failed to print on printer Canon iP2600 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 115440. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\JIM2-88XVZV9YF. Win32 error code returned by the print processor: 0 (0x0).

6/19/2012 9:00:46 PM, error: Print [6161] - The document https://hrjobs.trave...E/HRMS/c/HRS_HR owned by Frances failed to print on printer Canon iP2600 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 39100. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\JIM2-88XVZV9YF. Win32 error code returned by the print processor: 0 (0x0).

6/15/2012 10:33:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SASDIFSV SASKUTIL

6/15/2012 10:33:32 PM, error: Service Control Manager [7000] - The iPodService service failed to start due to the following error: %1 is not a valid Win32 application.

6/15/2012 10:33:32 PM, error: DCOM [10005] - DCOM got error "%193" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

6/15/2012 10:33:31 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

6/15/2012 10:33:31 PM, error: Service Control Manager [7000] - The PPPoE Service service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

TDSSKiller.2.7.40.0_19.06.2012_21.49.43_log.zip

TDSSKiller.2.7.40.0_19.06.2012_22.04.46_log.zip

Share this post


Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Here's the Combofix log.

I guess we will install Window 7. (Temporarily, can I use something like Sandoxie until we get the OS? I'll probably have my wife on Sandbox after we install the OS. If it's the dumbest thing you've ever heard let me know.) We won't do any banking or Credit card use on this computer until this is changed.

Is there a possibility the Backdoor Trojan can get into other computers on a hardwire router? If so I can't have her change passwords on my computer.

Is her Iphone somewhat safe because it is a MAC?

Thanks!

ESET first detected bad websites at 5/8/12. I imagine System Restore is fully infected

ComboFix 12-06-20.01 - Frances 06/20/2012 6:53.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.534 [GMT -7:00]

Running from: c:\documents and settings\Frances\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\windows\_detmp.2

.

.

((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))

.

.

2012-06-20 05:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-20 04:52 . 2012-06-20 05:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-16 14:32 . 2012-06-16 14:32 -------- d-----w- c:\documents and settings\Frances\Application Data\AdobeAUM

2012-06-16 14:29 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-06-16 14:29 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-06-16 14:29 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-06-16 14:29 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

2012-06-13 02:25 . 2012-06-13 02:25 -------- d-----w- c:\program files\Common Files\Java

2012-06-13 02:25 . 2012-06-13 02:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-13 02:25 . 2012-06-13 02:25 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-30 01:58 . 2012-05-30 02:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-29 14:49 . 2012-05-29 14:49 -------- d-----w- c:\program files\Mozilla Maintenance Service

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 02:25 . 2011-01-16 17:12 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-31 13:22 . 2008-09-13 14:58 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-30 02:01 . 2011-07-16 17:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-16 15:08 . 2004-08-24 03:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2008-09-13 14:57 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42 . 2002-09-03 19:42 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2002-09-03 19:40 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-09-13 15:00 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:12 . 2008-09-13 14:57 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2008-09-13 14:57 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2008-09-13 14:57 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 22:56 . 2011-05-15 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-21 01:19 . 2012-05-29 14:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"frxmxins"="frxmxins" [X]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"FGLRXDetectPnPMonitor"="fglrxmon.dll" [2003-09-17 307200]

.

c:\documents and settings\Frances\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-9-26 385024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2011-05-17 02:24 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8/12/2010 2:16 PM 810144]

R2 FGLRXUtil;FGLRXUTIL;c:\windows\system32\frxhser.exe [1/16/2005 1:59 PM 53248]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/14/2011 5:50 PM 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/14/2011 5:50 PM 22344]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 PPPoEService;PPPoE Service;c:\progra~1\NTS\ENTERN~1\app\pppoeservice.exe --> c:\progra~1\NTS\ENTERN~1\app\pppoeservice.exe [?]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/29/2012 6:58 PM 257696]

S3 atifglrx;atifglrx;c:\windows\system32\drivers\fglrxm.sys [1/16/2005 1:59 PM 417061]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/29/2012 7:49 AM 129976]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 02:01]

.

2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

TCP: DhcpNameServer = 192.168.1.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Frances\Application Data\Mozilla\Firefox\Profiles\pi4kvmcf.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-20 07:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(940)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll

c:\windows\system32\FRXHDLL.DLL

.

Completion time: 2012-06-20 07:07:10

ComboFix-quarantined-files.txt 2012-06-20 14:07

.

Pre-Run: 33,240,498,176 bytes free

Post-Run: 34,392,760,320 bytes free

.

- - End Of File - - 0879C58C21D3CA7FB475844B8DF69923

Share this post


Link to post
Share on other sites
Temporarily, can I use something like Sandoxie until we get the OS?

Makes no sense unless you clean the system ie you have nothing to keep, you have a compromised system.

Is there a possibility the Backdoor Trojan can get into other computers on a hardwire router?

No, there isn't.

Is her Iphone somewhat safe because it is a MAC?

First, your home network is not infected. Second, her iPhone has another mobile operating system - iOS. There are things in times other than Windows OS, so there is absolutely no chance of being infected, even if your network was damaged.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

Hi Maniac,

I did this scan with the internet connected. I don't know if that was okay. Let me know if you need me to do it again. I was wondering how to insure the Data was clean when we put the new Operating System in. At some point the other day we were got some sort of Java update box and I guess it was probably fake based on this report. I'd been doing a lot of Java updates since I was advised to do it in another thread here. I didn't realize the trojan was active.

Status: Deleted (events: 6)

6/21/2012 7:30:17 AM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\19.06.2012_21.49.43\mbr0000\mbr0000\tsk0000.dta High

6/21/2012 7:30:17 AM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\19.06.2012_21.49.43\mbr0000\mbr0000\tsk0000.dta//HDDImage High

6/21/2012 7:32:46 AM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\19.06.2012_21.49.43\mbr0000\mbr0000\tsk0001.dta//mbr//HDDImage High

6/21/2012 7:32:46 AM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\19.06.2012_21.49.43\mbr0000\mbr0000\tsk0001.dta//vbr0 High

6/21/2012 7:32:46 AM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\19.06.2012_21.49.43\mbr0000\mbr0000\tsk0001.dta//mbr High

6/21/2012 7:32:46 AM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\19.06.2012_21.49.43\mbr0000\mbr0000\tsk0001.dta High

Status: Disinfected (events: 10)

6/21/2012 8:53:38 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\32\5b0c2160-2e1bee54/durdom/huiak.class High

6/21/2012 8:53:38 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\205b5264-63832b5f/durdom/huiak.class High

6/21/2012 8:53:39 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\1d3809e6-5c7776ca/durdom/huiak.class High

6/21/2012 8:53:38 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\32\5b0c2160-2e1bee54 High

6/21/2012 8:53:39 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\205b5264-63832b5f High

6/21/2012 8:53:39 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\1d3809e6-5c7776ca High

6/21/2012 8:53:43 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\45ba72e7-1e7fb920/durdom/huiak.class High

6/21/2012 8:53:43 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\4e6a9e72-3047fa74/durdom/huiak.class High

6/21/2012 8:53:43 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\45ba72e7-1e7fb920 High

6/21/2012 8:53:43 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\4e6a9e72-3047fa74 High

Share this post


Link to post
Share on other sites

To ensure that everything is okay, it is important to make a full format the hard drive and install everything again.

How are things now?

Share this post


Link to post
Share on other sites

I'm going to have to assemble the passwords and things for the softwares and buy the OS. it may take me a while to get everything together.

One of the articles you recommended says these Rootkit Backdoor Trojans could be hidden in stored emails and pictures. I guess anything is possible at this point. I'm a bit worried about that. What do you think?

Share this post


Link to post
Share on other sites

If you have any doubts about any file you can upload it in www.virustotal.com and will be scanned from more than 40 antivirus programs.

Share this post


Link to post
Share on other sites

Giant problems now. Computer is not allowing AVG scan to be downloaded but I'm going to try to put it on from a USB. it keeps changing all the folders even desktop to read only.

Share this post


Link to post
Share on other sites

Why do you need AVG? You do not have to use USB flash drive without being secured! What are you doing now?

Share this post


Link to post
Share on other sites

installing avg in safe mode. Wife opened email. Computer went crazy. Have to leave for work. running Kaspersky in Safe Mode now.

Share this post


Link to post
Share on other sites

Did you uninstall ESET Smart Security before installed AVG? Why you do that without my instructions? I suggest you to re-install your system, because I don't know what are you doing there and why. The whole procedure passes without my participation.

Share this post


Link to post
Share on other sites

I just wanted to stabilize it because it changed everything to "read only." It'll take 3 hours to rescan, but I assume Trojan will still be in email. Computer is unplugged from internet.

I guess I'll have to start reformatting when I get home. Some passwords may be in emails, Probably not, probably on my machine.

Share this post


Link to post
Share on other sites

I didn't uninstall ESET by the way, and I looked at it right before my wife opened the email and it said everything was fine.

The AVG scan notes a lot of files as password protected now, and when I did it before. I don't know where that log is but I imagine the trojan is in those too.

Share this post


Link to post
Share on other sites

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. Your system currently has a mess, a very serious mess, so you should immediately re-install it.

Share this post


Link to post
Share on other sites

Immmediately reinstall what? The OS? I think we might be having a bit of trouble understanding each other. we've been running ESET and Malewarebytes for a long time. As I said ESET and Malwarbytes were active just a few seconds ago when the trojan took control of the computer.

I'll be in touch, I have to go and I'll have to work on this when I get home. I'll check into the forum to see what you say.

sorry, I was afraid all the data would be lost if I didn't run AVG again. ESET and Malwarbytes are getting tricked by this. We had the 2011 AntiVirus Malware on this computer last year and it was a major problem to save my wife's emails because the Virus changed almost everything to "read only"

Thanks for the help, I'll take care of you.

Best Wishes.

Share this post


Link to post
Share on other sites

If you want to proceed our work here, post a new fresh DDS log file and describe what are your problems now. Don't do anything else.

Share this post


Link to post
Share on other sites

I'm not sure what was happening this morning but My wife was trying to print an email, and she said something was wrong. there was a light blue screen I've never seen before with her email windows on top. It had words on it. It looked like some sort of "HA HA We've taken over" screen. I pushed the button to turn the computer off. tried to reboot could install AVG. The location for the download was blocked. I tried to make the download locations not be "read only" but nothing worked and I couldn't even change the location it was greyed out. I started to get requests for Administrator passwords when I tried to change the location. I rebooted in Safe mode, Started AVG,downloaded from my other computer. It picked up no threats. the Malewarebytes, however, now had quarantined 2 files I had not seen before. One is a Passwords generator. I wrote down what they were before deleting. I did the DDS in Safe Mode. It's included below. I'm now in Safe Mode with Networking. I'm nervous about transferring anything to my other computer with my USB Stick.

Spyware.Passwords.Xgen c:\documents and settings|Frances|local settings\Temp494A.tmp

Trojan agent.Gen c:\documents and settings|allusers\application Data\Defender1.exe.exe

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33

Run by Administrator at 19:22:29 on 2012-06-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.661 [GMT -7:00]

.

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2012_06_22_16_41.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\7586332.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3454357\7586332.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = "c:\docume~1\frances\desktop\outloo~1\msimn.exe"

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [frxmxins] frxmxins

mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\_uninst_.lnk - c:\documents and settings\administrator\local settings\temp\_uninst_.bat

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.clarkcolor.com/ClarkActivia.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aon.webex.com/client/T25L10NSP41EP7/webex/ieatgpc.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ucmmjbyv.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\frances\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\frances\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\frances\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\frances\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]

S2 FGLRXUtil;FGLRXUTIL;c:\windows\system32\frxhser.exe [2005-1-16 53248]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-14 654408]

S2 PPPoEService;PPPoE Service;c:\progra~1\nts\entern~1\app\pppoeservice.exe --> c:\progra~1\nts\entern~1\app\pppoeservice.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-29 257696]

S3 atifglrx;atifglrx;c:\windows\system32\drivers\fglrxm.sys [2005-1-16 417061]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-14 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-29 129976]

.

=============== Created Last 30 ================

.

2012-06-22 15:01:03 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-22 15:01:03 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-06-20 13:51:06 518144 ----a-w- c:\windows\SWREG.exe

2012-06-20 13:51:06 256000 ----a-w- c:\windows\PEV.exe

2012-06-20 13:51:06 208896 ----a-w- c:\windows\MBR.exe

2012-06-20 13:51:05 98816 ----a-w- c:\windows\sed.exe

2012-06-20 05:15:19 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-20 04:52:34 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-16 14:29:31 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-06-16 14:29:30 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-06-16 14:29:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-06-16 14:29:29 159232 ----a-w- c:\windows\system32\ptpusd.dll

2012-06-13 02:25:34 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-13 02:25:34 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-30 01:58:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-29 14:49:32 -------- d-----w- c:\program files\Mozilla Maintenance Service

.

==================== Find3M ====================

.

2012-06-13 02:25:02 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-30 02:01:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 19:24:04.90 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/16/2005 12:43:54 PM

System Uptime: 6/22/2012 8:24:00 AM (11 hours ago)

.

Motherboard: Dell Computer Corp. | |

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2784/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 74 GiB total, 31.033 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 699 GiB total, 637.908 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP289: 3/25/2012 5:25:38 AM - System Checkpoint

RP290: 3/26/2012 8:12:52 AM - System Checkpoint

RP291: 3/27/2012 1:22:24 PM - System Checkpoint

RP292: 3/28/2012 1:50:02 PM - System Checkpoint

RP293: 3/29/2012 2:26:38 PM - System Checkpoint

RP294: 3/30/2012 2:42:12 PM - System Checkpoint

RP295: 3/31/2012 3:26:35 PM - System Checkpoint

RP296: 4/1/2012 3:27:39 PM - System Checkpoint

RP297: 4/2/2012 3:53:59 PM - System Checkpoint

RP298: 4/3/2012 3:56:22 PM - System Checkpoint

RP299: 4/4/2012 4:16:52 PM - System Checkpoint

RP300: 4/5/2012 4:22:39 PM - System Checkpoint

RP301: 4/6/2012 5:20:29 PM - System Checkpoint

RP302: 4/7/2012 5:41:34 PM - System Checkpoint

RP303: 4/8/2012 5:56:07 PM - System Checkpoint

RP304: 4/9/2012 6:08:07 PM - System Checkpoint

RP305: 4/10/2012 6:42:55 PM - System Checkpoint

RP306: 4/11/2012 8:50:12 AM - Software Distribution Service 3.0

RP307: 4/12/2012 10:01:33 AM - System Checkpoint

RP308: 4/13/2012 10:48:15 AM - System Checkpoint

RP309: 4/14/2012 8:25:44 PM - System Checkpoint

RP310: 4/15/2012 9:42:50 PM - System Checkpoint

RP311: 4/16/2012 9:47:08 PM - System Checkpoint

RP312: 4/17/2012 10:47:09 PM - System Checkpoint

RP313: 4/18/2012 11:11:20 PM - System Checkpoint

RP314: 4/19/2012 1:15:01 PM - Installed QuickTime

RP315: 4/20/2012 1:24:07 PM - System Checkpoint

RP316: 4/21/2012 2:23:56 PM - System Checkpoint

RP317: 4/22/2012 3:25:00 PM - System Checkpoint

RP318: 4/23/2012 4:23:55 PM - System Checkpoint

RP319: 4/24/2012 5:20:14 PM - System Checkpoint

RP320: 4/25/2012 6:30:50 PM - System Checkpoint

RP321: 4/26/2012 7:21:19 PM - System Checkpoint

RP322: 4/27/2012 7:43:38 PM - System Checkpoint

RP323: 4/28/2012 8:37:59 PM - System Checkpoint

RP324: 4/29/2012 9:37:58 PM - System Checkpoint

RP325: 4/30/2012 10:07:20 PM - System Checkpoint

RP326: 5/1/2012 10:36:38 PM - System Checkpoint

RP327: 5/2/2012 10:59:15 PM - System Checkpoint

RP328: 5/3/2012 11:59:14 PM - System Checkpoint

RP329: 5/5/2012 12:59:19 AM - System Checkpoint

RP330: 5/6/2012 1:59:15 AM - System Checkpoint

RP331: 5/7/2012 2:50:19 AM - System Checkpoint

RP332: 5/8/2012 3:50:18 AM - System Checkpoint

RP333: 5/9/2012 4:50:20 AM - System Checkpoint

RP334: 5/10/2012 8:57:12 AM - System Checkpoint

RP335: 5/10/2012 1:13:35 PM - Software Distribution Service 3.0

RP336: 5/11/2012 1:30:29 PM - System Checkpoint

RP337: 5/12/2012 1:52:39 PM - System Checkpoint

RP338: 5/13/2012 2:40:36 PM - System Checkpoint

RP339: 5/14/2012 3:15:29 PM - System Checkpoint

RP340: 5/15/2012 3:43:46 PM - System Checkpoint

RP341: 5/16/2012 4:42:09 PM - System Checkpoint

RP342: 5/17/2012 5:30:11 PM - System Checkpoint

RP343: 5/18/2012 5:43:41 PM - System Checkpoint

RP344: 5/19/2012 6:30:10 PM - System Checkpoint

RP345: 5/20/2012 7:30:08 PM - System Checkpoint

RP346: 5/21/2012 8:07:08 PM - System Checkpoint

RP347: 5/22/2012 8:42:21 PM - System Checkpoint

RP348: 5/23/2012 8:42:41 PM - System Checkpoint

RP349: 5/24/2012 8:43:48 PM - System Checkpoint

RP350: 5/25/2012 9:20:43 PM - System Checkpoint

RP351: 5/26/2012 10:20:45 PM - System Checkpoint

RP352: 5/27/2012 11:20:44 PM - System Checkpoint

RP353: 5/28/2012 11:27:32 PM - System Checkpoint

RP354: 5/29/2012 11:40:20 PM - System Checkpoint

RP355: 5/30/2012 11:58:35 PM - System Checkpoint

RP356: 6/1/2012 12:58:36 AM - System Checkpoint

RP357: 6/2/2012 6:56:36 AM - System Checkpoint

RP358: 6/3/2012 7:54:39 AM - System Checkpoint

RP359: 6/4/2012 7:50:42 PM - System Checkpoint

RP360: 6/5/2012 8:50:30 PM - System Checkpoint

RP361: 6/6/2012 9:38:21 PM - System Checkpoint

RP362: 6/7/2012 10:38:20 PM - System Checkpoint

RP363: 6/8/2012 10:59:34 PM - System Checkpoint

RP364: 6/9/2012 11:57:51 PM - System Checkpoint

RP365: 6/11/2012 12:05:40 AM - System Checkpoint

RP366: 6/12/2012 12:12:42 AM - System Checkpoint

RP367: 6/12/2012 7:24:08 PM - Removed Java 6 Update 26

RP368: 6/12/2012 7:24:49 PM - Installed Java 6 Update 33

RP369: 6/13/2012 8:11:58 PM - Software Distribution Service 3.0

RP370: 6/14/2012 8:23:23 PM - System Checkpoint

RP371: 6/15/2012 9:07:50 PM - System Checkpoint

RP372: 6/16/2012 9:37:07 PM - System Checkpoint

RP373: 6/17/2012 10:21:14 PM - System Checkpoint

RP374: 6/18/2012 10:35:53 PM - System Checkpoint

RP375: 6/19/2012 10:15:38 PM - Software Distribution Service 3.0

RP376: 6/20/2012 7:26:11 AM - Removed Skype™ 5.8

RP377: 6/21/2012 10:07:24 AM - System Checkpoint

.

==== Installed Programs ======================

.

2Wire Wireless Client

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Album 2.0 Starter Edition

Adobe Reader X (10.1.3)

Apple Application Support

Apple Software Update

AT&T Yahoo! High Speed Internet Home Networking Installer

ATI - Software Uninstall Utility

ATI Display Driver

Canon iP2600 series

Canon iP2600 series User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

Critical Update for Windows Media Player 11 (KB959772)

Dell ResourceCD

Drive Manager

ESET Online Scanner v3

ESET Smart Security

GoToAssist Corporate

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® PRO Ethernet Adapter and Software

iTunes

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Excel 97

Microsoft IntelliPoint 7.1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Word 97

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 6 Service Pack 2 (KB954459)

Norton SystemWorks

Picture Package Music Transfer

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Sony Picture Utility

SpywareBlaster 4.6

Symantec Technical Support Web Controls

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebEx

WebFldrs XP

Windows 7 Upgrade Advisor

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

6/22/2012 8:26:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/22/2012 8:26:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdi Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL

6/22/2012 8:26:01 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

6/22/2012 8:26:01 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/22/2012 8:26:01 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/22/2012 8:26:01 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

6/22/2012 8:25:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/22/2012 8:25:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

6/22/2012 7:53:52 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

6/22/2012 11:59:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

6/20/2012 8:06:48 AM, error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

6/20/2012 8:06:48 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

6/19/2012 9:46:16 AM, error: Print [6161] - The document http://msn.careerbuilder.com/Article/MSN-2870-Interviewing-The- owned by Frances failed to print on printer Canon iP2600 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 115608. Number of bytes printed: 115440. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\JIM2-88XVZV9YF. Win32 error code returned by the print processor: 0 (0x0).

6/19/2012 9:44:44 AM, error: Print [6161] - The document http://msn.careerbuilder.com/Article/MSN-2870-Interviewing-The- owned by Frances failed to print on printer Canon iP2600 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 115440. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\JIM2-88XVZV9YF. Win32 error code returned by the print processor: 0 (0x0).

6/19/2012 9:00:46 PM, error: Print [6161] - The document https://hrjobs.travelers.com/psc/PSHR110/EMPLOYEE/HRMS/c/HRS_HR owned by Frances failed to print on printer Canon iP2600 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 39100. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\JIM2-88XVZV9YF. Win32 error code returned by the print processor: 0 (0x0).

6/19/2012 11:41:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SASDIFSV SASKUTIL

6/19/2012 11:41:15 AM, error: Service Control Manager [7000] - The iPodService service failed to start due to the following error: %1 is not a valid Win32 application.

6/19/2012 11:41:14 AM, error: DCOM [10005] - DCOM got error "%193" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

6/19/2012 11:41:07 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

6/19/2012 11:41:07 AM, error: Service Control Manager [7000] - The PPPoE Service service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Let us now explain how to proceed, because obviously I was not clear enough: Your system is infected, it is susceptible to becoming infected, as already discovered yourself. You should not use this computer for any other important activities, except what we're doing here. You are logged in the mailbox, your password has been compromised, from a clean PC should change it immediately. It is also important to change absolutely all passwords that have been typed from this infected computer.

Now:

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Delete your current ComboFix copy, download a new fresh one and re-run it. Post the log file in your next reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ComboFix log

Share this post


Link to post
Share on other sites

Maniac,

I backed up all the data on the infected computer yesterday to an external Drive. I'm still running in Safe Mode with Networking in order to use these tools. I had some troble disabling the ESET ,as the Icon is gone< I launched the scannner from the program file and ended it in the Task Manager. If it spoiled the Combo Fix log let me know what to do and I'll do it again.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Administrator :: JIM2-88XVZV9YF [administrator]

Protection: Disabled

6/24/2012 7:06:36 AM

mbam-log-2012-06-24 (07-06-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213958

Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-06-23.06 - Administrator 06/24/2012 7:30.3.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.591 [GMT -7:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\dllcache\wmpvis.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))

.

.

2012-06-22 15:01 . 2012-06-22 15:01 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-22 15:01 . 2012-06-22 15:01 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-22 14:54 . 2012-06-22 15:00 -------- d-----w- c:\windows\LastGood

2012-06-20 05:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-20 04:52 . 2012-06-20 05:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-16 14:29 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-06-16 14:29 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-06-16 14:29 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-06-16 14:29 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

2012-06-13 02:25 . 2012-06-13 02:25 -------- d-----w- c:\program files\Common Files\Java

2012-06-13 02:25 . 2012-06-13 02:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-13 02:25 . 2012-06-13 02:25 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-30 01:58 . 2012-05-30 02:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-29 14:49 . 2012-05-29 14:49 -------- d-----w- c:\program files\Mozilla Maintenance Service

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 02:25 . 2011-01-16 17:12 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-02 22:19 . 2007-06-07 22:42 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2007-06-07 22:42 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2005-01-17 22:26 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2005-01-17 22:26 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2005-01-17 22:26 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2007-06-07 22:42 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2005-05-26 11:16 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2005-01-17 22:26 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2005-01-16 20:38 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2002-09-03 19:34 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2007-06-07 22:42 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2005-01-17 22:26 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2005-01-16 20:38 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2010-02-27 15:47 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2010-02-27 15:47 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18 . 2010-02-27 15:47 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2008-09-13 14:58 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-30 02:01 . 2011-07-16 17:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-16 15:08 . 2004-08-24 03:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2008-09-13 14:57 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42 . 2002-09-03 19:42 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2002-09-03 19:40 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-09-13 15:00 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:12 . 2008-09-13 14:57 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2008-09-13 14:57 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2008-09-13 14:57 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 22:56 . 2011-05-15 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 15:01 . 2012-05-29 14:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-20_14.04.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-22 07:44 . 2012-06-02 22:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll

+ 2012-06-22 07:44 . 2012-06-02 22:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll

+ 2005-01-17 22:26 . 2012-06-02 22:19 35864 c:\windows\system32\dllcache\wups.dll

+ 2005-01-16 20:38 . 2012-06-02 22:19 53784 c:\windows\system32\dllcache\wuauclt.exe

+ 2002-09-03 19:34 . 2012-06-02 22:19 97304 c:\windows\system32\dllcache\cdm.dll

+ 2005-01-17 22:26 . 2012-06-02 22:19 210968 c:\windows\system32\dllcache\wuweb.dll

+ 2005-01-17 22:26 . 2012-06-02 22:19 329240 c:\windows\system32\dllcache\wucltui.dll

+ 2005-01-17 22:26 . 2012-06-02 22:19 577048 c:\windows\system32\dllcache\wuapi.dll

+ 2012-06-22 15:00 . 2012-06-20 04:12 133208 c:\windows\LastGood\system32\DRIVERS\86109906.sys

+ 2012-06-22 14:54 . 2012-06-20 04:12 475736 c:\windows\LastGood\system32\DRIVERS\6801776drv.sys

+ 2012-06-22 14:56 . 2012-06-20 04:12 133208 c:\windows\LastGood\system32\DRIVERS\33722614.sys

+ 2005-01-16 20:38 . 2012-06-02 22:19 1933848 c:\windows\system32\dllcache\wuaueng.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"frxmxins"="frxmxins" [X]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

_uninst_.lnk - c:\documents and settings\Administrator\Local Settings\temp\_uninst_.bat [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2011-05-17 02:24 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Frances\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8/12/2010 2:16 PM 810144]

S2 FGLRXUtil;FGLRXUTIL;c:\windows\system32\frxhser.exe [1/16/2005 1:59 PM 53248]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/14/2011 5:50 PM 654408]

S2 PPPoEService;PPPoE Service;c:\progra~1\NTS\ENTERN~1\app\pppoeservice.exe --> c:\progra~1\NTS\ENTERN~1\app\pppoeservice.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/29/2012 6:58 PM 257696]

S3 atifglrx;atifglrx;c:\windows\system32\drivers\fglrxm.sys [1/16/2005 1:59 PM 417061]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/14/2011 5:50 PM 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/29/2012 7:49 AM 129976]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 02:01]

.

2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = "c:\docume~1\Frances\Desktop\OUTLOO~1\msimn.exe"

TCP: DhcpNameServer = 192.168.1.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ucmmjbyv.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-24 07:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1935655697-1078081533-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,7d,06,fc,07,f2,c7,43,b4,cd,9f,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,7d,06,fc,07,f2,c7,43,b4,cd,9f,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(816)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll

.

Completion time: 2012-06-24 07:37:36

ComboFix-quarantined-files.txt 2012-06-24 14:37

ComboFix2.txt 2012-06-20 14:07

.

Pre-Run: 33,666,752,512 bytes free

Post-Run: 33,780,744,192 bytes free

.

- - End Of File - - D48CBCFC5150DE7ADEAB7EA5014C543C

Share this post


Link to post
Share on other sites

Use Normal mode and:

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Share this post


Link to post
Share on other sites

I realized that there was a Combo Fix still installed in a different place, after I sent you the last CF log. If you want me to delete both and rerun it let me know. Here's the new Avast log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-24 08:53:30

-----------------------------

08:53:30.219 OS Version: Windows 5.1.2600 Service Pack 3

08:53:30.219 Number of processors: 1 586 0x207

08:53:30.219 ComputerName: JIM2-88XVZV9YF UserName: Frances

08:53:31.360 Initialize success

08:58:26.141 AVAST engine defs: 12062400

09:00:13.876 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

09:00:13.876 Disk 0 Vendor: ST380021A 3.75 Size: 76319MB BusType: 3

09:00:13.891 Disk 0 MBR read successfully

09:00:13.891 Disk 0 MBR scan

09:00:13.954 Disk 0 Windows XP default MBR code

09:00:13.969 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63

09:00:13.985 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76277 MB offset 64260

09:00:13.985 Disk 0 scanning sectors +156280320

09:00:14.063 Disk 0 scanning C:\WINDOWS\system32\drivers

09:00:40.048 Service scanning

09:01:03.235 Modules scanning

09:01:12.094 Disk 0 trace - called modules:

09:01:12.126 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS

09:01:12.641 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87390ab8]

09:01:12.641 3 CLASSPNP.SYS[f7821fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x873a8d98]

09:01:13.704 AVAST engine scan C:\WINDOWS

09:01:52.673 AVAST engine scan C:\WINDOWS\system32

09:05:21.907 AVAST engine scan C:\WINDOWS\system32\drivers

09:05:44.438 AVAST engine scan C:\Documents and Settings\Frances

09:47:15.126 AVAST engine scan C:\Documents and Settings\All Users

09:48:26.813 Scan finished successfully

09:50:30.126 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Frances\Desktop\MBR.dat"

09:50:30.126 The log file has been saved successfully to "C:\Documents and Settings\Frances\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.