Jump to content

Getting Malwarebytes "needs to close error" with v1.70.0.1100 in Windows XP


Recommended Posts

i posted the following in the general malwarebytes anti-malware forum yesterday (with the same topic title as above):

Hi,

Running Windows XP, long time malwarebytes user (free version) never had any problems. It just updated to 1.70.0.1100 and now it won't complete the scans. When running a quick scan, whenever it gets to "windows/system/mciavi" in the scanning process, I get the message "Malwarebytes has enountered an error and needs to close" and then prompts me on whether or not I want to send an error report.

I've tried mbam clean and reinstalled several times. No joy.

Please advise further. Thanks!

*****

moderator: AdvancedSetup responded, and instructed me to create the mbam-check log and the dds scan.

after pasting the results of the those scans in my reply, he responded as follows:

The computer appears to possibly be infected.

Please follow the advice from here: Available Assistance for Possibly Infected Computers and someone will assist you with this further.

please review the dds scan results below and advise me on how to proceed.

thanks!

here is the DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37

Run by Steve at 18:13:40 on 2013-01-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1513 [GMT -5:00]

.

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Easy Dock] c:\documents and settings\steve\my documents\rca easyrip\EZDock.exe

uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Easy Dock] <no file>

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\rlolerzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870.sys [2012-3-9 90240]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2012-3-12 31104]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2012-3-8 71961]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-3-24 6016]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-3-9 36608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-15 40776]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-3-24 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-3-24 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-3-24 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-3-24 11008]

S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-3-16 389120]

S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

.

=============== Created Last 30 ================

.

2013-01-15 22:28:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-15 02:06:55 -------- d-----w- c:\documents and settings\steve\application data\Malwarebytes

2013-01-15 02:06:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-01-15 02:06:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-15 02:06:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-22 15:23:06 -------- d-----w- c:\program files\Dropbox

2012-12-18 14:28:14 186584 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-01-09 17:59:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-09 17:59:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 18:14:07.01 ===============

here is the Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/9/2012 8:20:03 AM

System Uptime: 1/15/2013 6:09:22 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz | N/A | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 1.579 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® Wireless WiFi Link 4965AGN

Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&29E2C51B&0&00E1

Manufacturer: Intel Corporation

Name: Intel® Wireless WiFi Link 4965AGN

PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&29E2C51B&0&00E1

Service: NETw5x32

.

Class GUID:

Description: Toshiba RFBUS Driver

Device ID: BLUETOOTH\TOSRFBD\TOSRFBD

Manufacturer:

Name: Toshiba RFBUS Driver

PNP Device ID: BLUETOOTH\TOSRFBD\TOSRFBD

Service:

.

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: Windows XP / Windows Server 2003 device driver for the Infineon Trusted Platform Module

Device ID: ACPI\IFX0102\1

Manufacturer: Infineon Technologies AG

Name: Infineon Trusted Platform Module

PNP Device ID: ACPI\IFX0102\1

Service: IFXTPM

.

==== System Restore Points ===================

.

RP226: 10/17/2012 10:07:24 PM - System Checkpoint

RP227: 10/18/2012 11:36:26 AM - Installed Java™ 6 Update 37

RP228: 10/19/2012 4:28:23 PM - System Checkpoint

RP229: 10/20/2012 4:55:24 PM - System Checkpoint

RP230: 10/21/2012 5:55:20 PM - System Checkpoint

RP231: 10/22/2012 6:04:15 PM - System Checkpoint

RP232: 10/23/2012 8:43:44 AM - Installed QuickTime

RP233: 10/24/2012 5:07:09 PM - System Checkpoint

RP234: 10/25/2012 6:02:48 PM - System Checkpoint

RP235: 10/26/2012 6:04:34 PM - System Checkpoint

RP236: 10/27/2012 7:04:33 PM - System Checkpoint

RP237: 10/28/2012 7:39:47 PM - System Checkpoint

RP238: 10/29/2012 8:04:34 PM - System Checkpoint

RP239: 10/30/2012 8:04:51 PM - System Checkpoint

RP240: 10/31/2012 9:04:52 PM - System Checkpoint

RP241: 11/1/2012 10:04:51 PM - System Checkpoint

RP242: 11/2/2012 11:04:52 PM - System Checkpoint

RP243: 11/3/2012 11:04:52 PM - System Checkpoint

RP244: 11/5/2012 12:04:52 AM - System Checkpoint

RP245: 11/6/2012 1:04:52 AM - System Checkpoint

RP246: 11/7/2012 1:39:07 AM - System Checkpoint

RP247: 11/8/2012 1:59:32 AM - System Checkpoint

RP248: 11/9/2012 2:59:33 AM - System Checkpoint

RP249: 11/10/2012 3:59:32 AM - System Checkpoint

RP250: 11/11/2012 8:30:56 AM - System Checkpoint

RP251: 11/12/2012 5:07:31 PM - System Checkpoint

RP252: 11/13/2012 6:10:28 PM - System Checkpoint

RP253: 11/14/2012 6:41:07 PM - System Checkpoint

RP254: 11/14/2012 10:01:20 PM - Installed WModem_Installer

RP255: 11/15/2012 10:41:08 PM - System Checkpoint

RP256: 11/16/2012 10:42:13 PM - System Checkpoint

RP257: 11/17/2012 11:41:07 PM - System Checkpoint

RP258: 11/19/2012 12:41:07 AM - System Checkpoint

RP259: 11/20/2012 1:04:25 AM - System Checkpoint

RP260: 11/21/2012 1:04:49 AM - System Checkpoint

RP261: 11/22/2012 2:04:49 AM - System Checkpoint

RP262: 11/23/2012 3:04:50 AM - System Checkpoint

RP263: 11/24/2012 4:04:50 AM - System Checkpoint

RP264: 11/25/2012 5:04:49 AM - System Checkpoint

RP265: 11/26/2012 6:04:50 AM - System Checkpoint

RP266: 11/27/2012 3:07:50 PM - System Checkpoint

RP267: 11/28/2012 5:11:11 PM - System Checkpoint

RP268: 11/29/2012 5:25:11 PM - System Checkpoint

RP269: 11/30/2012 6:20:03 PM - System Checkpoint

RP270: 12/1/2012 7:18:57 PM - System Checkpoint

RP271: 12/2/2012 8:18:58 PM - System Checkpoint

RP272: 12/3/2012 8:36:47 PM - System Checkpoint

RP273: 12/4/2012 9:22:32 PM - System Checkpoint

RP274: 12/5/2012 10:22:31 PM - System Checkpoint

RP275: 12/6/2012 10:47:38 PM - System Checkpoint

RP276: 12/7/2012 11:47:02 PM - System Checkpoint

RP277: 12/9/2012 12:47:02 AM - System Checkpoint

RP278: 12/10/2012 12:53:02 AM - System Checkpoint

RP279: 12/10/2012 1:46:30 PM - Removed Claro Chrome Toolbar

RP280: 12/11/2012 6:04:24 AM - Restore Operation

RP281: 12/11/2012 9:27:42 AM - Restore Operation

RP282: 12/12/2012 5:19:26 PM - System Checkpoint

RP283: 12/13/2012 6:18:27 PM - System Checkpoint

RP284: 12/14/2012 7:14:00 PM - System Checkpoint

RP285: 12/15/2012 7:41:41 PM - System Checkpoint

RP286: 12/16/2012 8:09:05 PM - System Checkpoint

RP287: 12/17/2012 8:14:49 PM - System Checkpoint

RP288: 12/18/2012 8:15:03 PM - System Checkpoint

RP289: 12/19/2012 8:26:27 PM - System Checkpoint

RP290: 12/20/2012 9:26:27 PM - System Checkpoint

RP291: 12/21/2012 10:05:52 PM - System Checkpoint

RP292: 12/22/2012 10:24:14 PM - System Checkpoint

RP293: 12/23/2012 11:24:13 PM - System Checkpoint

RP294: 12/24/2012 11:48:22 PM - System Checkpoint

RP295: 12/26/2012 12:48:21 AM - System Checkpoint

RP296: 12/27/2012 1:48:21 AM - System Checkpoint

RP297: 12/28/2012 1:55:02 AM - System Checkpoint

RP298: 12/29/2012 2:27:36 AM - System Checkpoint

RP299: 12/30/2012 3:24:26 AM - System Checkpoint

RP300: 12/31/2012 4:00:46 AM - System Checkpoint

RP301: 1/1/2013 4:48:02 AM - System Checkpoint

RP302: 1/2/2013 5:08:12 AM - System Checkpoint

RP303: 1/3/2013 6:08:11 AM - System Checkpoint

RP304: 1/4/2013 6:37:10 AM - System Checkpoint

RP305: 1/5/2013 7:16:12 AM - System Checkpoint

RP306: 1/6/2013 7:55:12 AM - System Checkpoint

RP307: 1/7/2013 11:27:30 AM - System Checkpoint

RP308: 1/8/2013 5:03:53 PM - System Checkpoint

RP309: 1/9/2013 5:32:23 PM - System Checkpoint

RP310: 1/10/2013 6:21:26 PM - System Checkpoint

RP311: 1/11/2013 7:16:27 PM - System Checkpoint

RP312: 1/12/2013 7:55:08 PM - System Checkpoint

RP313: 1/13/2013 8:08:25 PM - System Checkpoint

RP314: 1/15/2013 10:11:33 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

aioscnnr

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BitTorrent

Bonjour

C4USelfUpdater

calibre

CCleaner

CDisplayEx 1.8

center

Dropbox

essentials

FLAC 1.2.1b (remove only)

Free M4a to MP3 Converter 7.1

Google Chrome

Google Talk Plugin

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB954550-v5)

IrfanView (remove only)

iTunes

Java Auto Updater

Java™ 6 Update 37

Kodak AIO Printer

KODAK AiO Software

ksDIP

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

mIRC

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.4.0

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 6.0 Parser

ocr

PreReq

QuickTime

RCA Detective™ 3.0.3.0

RCA easyRip 2.5.7.0

RCA Updater 2.1.7.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Setting Utility Series

SigmaTel Audio

Skype Click to Call

Skype™ 5.10

Soft Data Fax Modem with SmartCP

Sony Utilities DLL

Sony Video Shared Library

Sony Visual Communication Camera VGP-VCC7 Ver.6.3000.210.0

Spybot - Search & Destroy

StreamTorrent 1.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

VAIO Camera Capture Utility

VAIO Camera Utility

VAIO Event Service

VAIO Power Management

VLC media player 2.0.1

WBFS Manager 3.0

WBFS to ISO

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Driver Package - Alps (ApfiltrService) Mouse (05/25/2007 5.3.512.7)

Windows Driver Package - CXT (winachsf) Modem (07/11/2006 7.50.00.00)

Windows Driver Package - Intel Corporation (ialm) Display (06/22/2007 6.14.10.4847)

Windows Driver Package - Marvell (yukonwxp) Net (05/03/2007 10.14.6.3)

Windows Driver Package - Sony Corporation (SNC) HIDClass (06/04/2002 6.0.0.2)

Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)

WinRAR 4.20 (32-bit)

WModem Driver Installer

.

==== Event Viewer Messages From Past Week ========

.

1/15/2013 5:55:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

1/15/2013 5:55:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/13/2013 11:15:24 AM, error: yukonwxp [101] - Driver has encountered an internal error

1/13/2013 11:14:59 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A8063E391. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

1/13/2013 11:14:13 AM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.DOCK) disappeared from the system without first being prepared for removal.

1/13/2013 11:14:04 AM, error: yukonwxp [106] - Adapter hardware initialization failed

1/10/2013 6:51:01 PM, error: IFXTPM [3] - IFXTPM: Device driver could not be started - c000009c

1/10/2013 12:10:10 PM, error: PlugPlayManager [12] - The device 'Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller' (PCI\VEN_11AB&DEV_4362&SUBSYS_81FE104D&REV_23\4&1b09a299&0&00E3) disappeared from the system without first being prepared for removal.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello sgbrown68! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: BitTorrent

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

In your next reply, post the following log files:

  • ESET Online Scanner log
  • Farbar Service Scanner log
  • a new fresh DDS log

Link to post
Share on other sites

ok, a few things:

earlier this morning, windows wouldn't fully load. it got to where it would load up to the desktop, but the desktop wouldn't fully load (no start button, no icons on desktop, no taskbar, just the wallpaper). i could get taskmanager to run, ran chkdsk from "run" prompt in taskmanager, it found several problems, but on reboot, did the same thing, got the wallpaper but nothing else. rebooted in safe mode and was able to run system restore, which worked and it booted up as normal. in the other thread on this forum (http://forums.malwarebytes.org/index.php?showtopic=121032&hl=&fromsearch=1) one of the mods mentioned that my hard drive was almost full and that that might be causing problems with programs running properly. So I cleared some space and worked on the computer all day long with no problems. After work, I ran mbam-clean and reinstalled malwarebytes. i ran both a quick scan and a full scan. Both scans completed and found no threats.

I then began doing as you instructed above: removed bittorrent, ran the ESET scan (found 2 infected files), the farbar scan and the dds. The results are all pasted below.

Please advise me on how to proceed next.

Again, many thanks for your assistance.

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=424daba597ff2b46a958a63bd8f59bb5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-16 10:26:13

# local_time=2013-01-16 05:26:13 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=40403

# found=2

# cleaned=2

# scan_time=1147

C:\Documents and Settings\Steve\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 2503638237A9469DCB691D06A5701C55C66644D3 C

C:\Documents and Settings\Steve\My Documents\Downloads\MIRCSDM.exe a variant of Win32/SweetIM.C application (cleaned by deleting - quarantined) C798A07E7128C5421D5A594F59D10CB48647243D C

FSS:

Farbar Service Scanner Version: 16-01-2013

Ran by Steve (administrator) on 16-01-2013 at 17:04:57

Running from "C:\Documents and Settings\Steve\My Documents\Downloads"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys

[2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll

[2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll

[2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll

[2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe

[2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A

Extra List:

=======

Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x0700000004000000010000000200000003000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37

Run by Steve at 17:28:32 on 2013-01-16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1212 [GMT -5:00]

.

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Steve\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Easy Dock] c:\documents and settings\steve\my documents\rca easyrip\EZDock.exe

uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Easy Dock] <no file>

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\steve\application data\dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{6CFE73E1-0CF0-4A0A-B0F7-922B4E11A734} : DHCPNameServer = 65.32.5.111 65.32.5.112

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\rlolerzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(3).dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870.sys [2012-3-9 90240]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2012-3-12 31104]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2012-3-8 71961]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-3-24 6016]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-3-9 36608]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-3-24 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-3-24 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-3-24 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-3-24 11008]

S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-3-16 389120]

S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

.

=============== Created Last 30 ================

.

2013-01-16 22:03:16 -------- d-----w- c:\program files\ESET

2013-01-16 21:18:51 -------- d-----w- c:\documents and settings\steve\application data\Malwarebytes

2013-01-16 21:18:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-01-16 21:18:40 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-16 21:18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-16 11:53:10 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-01-16 11:53:10 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-16 02:36:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(3)

2013-01-16 02:36:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes(3)

2013-01-15 23:30:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)

2013-01-15 23:30:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes(2)

2012-12-22 15:23:06 -------- d-----w- c:\program files\Dropbox

2012-12-18 14:28:14 186584 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-01-16 11:59:49 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-16 11:59:48 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 17:33:43.42 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/9/2012 8:20:03 AM

System Uptime: 1/16/2013 4:15:18 PM (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T7500 @ 2.20GHz | N/A | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 32.707 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Toshiba RFBUS Driver

Device ID: BLUETOOTH\TOSRFBD\TOSRFBD

Manufacturer:

Name: Toshiba RFBUS Driver

PNP Device ID: BLUETOOTH\TOSRFBD\TOSRFBD

Service:

.

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: Windows XP / Windows Server 2003 device driver for the Infineon Trusted Platform Module

Device ID: ACPI\IFX0102\1

Manufacturer: Infineon Technologies AG

Name: Infineon Trusted Platform Module

PNP Device ID: ACPI\IFX0102\1

Service: IFXTPM

.

==== System Restore Points ===================

.

RP293: 12/23/2012 11:24:13 PM - System Checkpoint

RP294: 12/24/2012 11:48:22 PM - System Checkpoint

RP295: 12/26/2012 12:48:21 AM - System Checkpoint

RP296: 12/27/2012 1:48:21 AM - System Checkpoint

RP297: 12/28/2012 1:55:02 AM - System Checkpoint

RP298: 12/29/2012 2:27:36 AM - System Checkpoint

RP299: 12/30/2012 3:24:26 AM - System Checkpoint

RP300: 12/31/2012 4:00:46 AM - System Checkpoint

RP301: 1/1/2013 4:48:02 AM - System Checkpoint

RP302: 1/2/2013 5:08:12 AM - System Checkpoint

RP303: 1/3/2013 6:08:11 AM - System Checkpoint

RP304: 1/4/2013 6:37:10 AM - System Checkpoint

RP305: 1/5/2013 7:16:12 AM - System Checkpoint

RP306: 1/6/2013 7:55:12 AM - System Checkpoint

RP307: 1/7/2013 11:27:30 AM - System Checkpoint

RP308: 1/8/2013 5:03:53 PM - System Checkpoint

RP309: 1/9/2013 5:32:23 PM - System Checkpoint

RP310: 1/10/2013 6:21:26 PM - System Checkpoint

RP311: 1/11/2013 7:16:27 PM - System Checkpoint

RP312: 1/12/2013 7:55:08 PM - System Checkpoint

RP313: 1/13/2013 8:08:25 PM - System Checkpoint

RP314: 1/15/2013 10:11:33 AM - System Checkpoint

RP315: 1/15/2013 9:36:07 PM - Restore Operation

RP316: 1/16/2013 6:20:17 AM - Restore Operation

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

aioscnnr

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

C4USelfUpdater

calibre

CCleaner

CDisplayEx 1.8

center

Dropbox

ESET Online Scanner v3

essentials

FLAC 1.2.1b (remove only)

Free M4a to MP3 Converter 7.1

Google Chrome

Google Talk Plugin

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB954550-v5)

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 37

Kodak AIO Printer

KODAK AiO Software

ksDIP

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

mIRC

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.4.0

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 6.0 Parser

ocr

PreReq

QuickTime

RCA Detective™ 3.0.3.0

RCA easyRip 2.5.7.0

RCA Updater 2.1.7.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Setting Utility Series

SigmaTel Audio

Skype Click to Call

Skype™ 5.10

Soft Data Fax Modem with SmartCP

Sony Utilities DLL

Sony Video Shared Library

Sony Visual Communication Camera VGP-VCC7 Ver.6.3000.210.0

Spybot - Search & Destroy

StreamTorrent 1.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

VAIO Camera Capture Utility

VAIO Camera Utility

VAIO Event Service

VAIO Power Management

VLC media player 2.0.1

WBFS Manager 3.0

WBFS to ISO

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Driver Package - Alps (ApfiltrService) Mouse (05/25/2007 5.3.512.7)

Windows Driver Package - CXT (winachsf) Modem (07/11/2006 7.50.00.00)

Windows Driver Package - Intel Corporation (ialm) Display (06/22/2007 6.14.10.4847)

Windows Driver Package - Marvell (yukonwxp) Net (05/03/2007 10.14.6.3)

Windows Driver Package - Sony Corporation (SNC) HIDClass (06/04/2002 6.0.0.2)

Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)

WinRAR 4.20 (32-bit)

WModem Driver Installer

.

==== Event Viewer Messages From Past Week ========

.

1/15/2013 5:55:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

1/15/2013 5:55:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/13/2013 11:15:33 AM, error: yukonwxp [101] - Driver has encountered an internal error

1/13/2013 11:14:59 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A8063E391. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

1/13/2013 11:14:13 AM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.DOCK) disappeared from the system without first being prepared for removal.

1/13/2013 11:14:04 AM, error: yukonwxp [106] - Adapter hardware initialization failed

1/10/2013 6:51:01 PM, error: IFXTPM [3] - IFXTPM: Device driver could not be started - c000009c

1/10/2013 12:10:10 PM, error: PlugPlayManager [12] - The device 'Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller' (PCI\VEN_11AB&DEV_4362&SUBSYS_81FE104D&REV_23\4&1b09a299&0&00E3) disappeared from the system without first being prepared for removal.

.

==== End Of File ===========================

Link to post
Share on other sites

You have a several modified system files. That's not good.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix.txt:

ComboFix 13-01-16.01 - Steve 01/16/2013 18:34:42.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1319 [GMT -5:00]

Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Steve\WINDOWS

C:\Documents

C:\Install.exe

c:\windows\system\WINSPOOL.DRV

.

c:\windows\system32\progman.exe . . . is infected!!

.

c:\windows\system32\proquota.exe . . . is infected!!

.

c:\windows\system32\proxycfg.exe . . . is infected!!

.

c:\windows\system32\tftp.exe . . . is infected!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_Skype_C2C_Service

-------\Service_Skype C2C Service

.

.

((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))

.

.

2013-01-16 22:56 . 2013-01-16 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-16 22:03 . 2013-01-16 22:03 -------- d-----w- c:\program files\ESET

2013-01-16 21:18 . 2013-01-16 21:18 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes

2013-01-16 21:18 . 2013-01-16 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-01-16 21:18 . 2013-01-16 21:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-16 21:18 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-16 11:53 . 2013-01-16 11:53 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-15 22:54 . 2013-01-16 11:39 -------- d-s---w- c:\documents and settings\Administrator

2012-12-22 15:23 . 2012-12-22 15:23 -------- d-----w- c:\program files\Dropbox

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-16 11:59 . 2012-03-30 23:39 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-16 11:59 . 2012-03-09 15:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 20:24 . 2012-12-11 20:23 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Steve\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Steve\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Steve\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Steve\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Easy Dock"="c:\documents and settings\Steve\My Documents\RCA easyRip\EZDock.exe" [2011-08-12 585728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 32768]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-09-06 118784]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 411768]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-09-28 217088]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-06 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-06 137752]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

c:\documents and settings\Steve\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Steve\Application Data\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2007-05-17 08:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Steve\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^RCA Detective.lnk]

path=c:\documents and settings\Steve\Start Menu\Programs\Startup\RCA Detective.lnk

backup=c:\windows\pss\RCA Detective.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]

2013-01-08 00:06 1248360 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-03-09 15:33 136176 ----atw- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"VAIO Event Service"=2 (0x2)

"MotoHelper"=2 (0x2)

"Kodak AiO Network Discovery Service"=2 (0x2)

"SkypeUpdate"=2 (0x2)

"Skype C2C Service"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=

"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Steve\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\Steve\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9322:TCP"= 9322:TCP:EKDiscovery

"5353:UDP"= 5353:UDP:Bonjour Port 5353

.

R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870.sys [3/9/2012 9:41 AM 90240]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/12/2012 4:39 PM 31104]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [3/8/2012 8:03 PM 71961]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [3/24/2012 4:51 PM 6016]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [3/9/2012 8:14 AM 36608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/16/2013 5:56 PM 40776]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [3/24/2012 4:21 PM 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [3/24/2012 4:21 PM 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [3/24/2012 4:51 PM 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [3/24/2012 4:51 PM 11008]

S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/16/2012 1:00 PM 389120]

S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 4:00 PM 214896]

S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:59]

.

2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-1417001333-1003Core.job

- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-09 15:33]

.

2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-1417001333-1003UA.job

- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-09 15:33]

.

2012-12-19 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2013-01-16 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-12-19 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\rlolerzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Easy Dock - (no file)

MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-16 18:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(872)

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'explorer.exe'(2444)

c:\windows\system32\WININET.dll

c:\documents and settings\Steve\Application Data\Dropbox\bin\DropboxExt.17.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\msi.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\ApMsgFwd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Apoint\Apntex.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2013-01-16 18:42:53 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-16 23:42

.

Pre-Run: 35,001,241,600 bytes free

Post-Run: 34,910,298,112 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - 527ED0D9647E801E8A5A5C797B4158B9

Link to post
Share on other sites

Please upload one by one the following files in www.virustotal.com:

c:\windows\system32\progman.exe

c:\windows\system32\proquota.exe

c:\windows\system32\proxycfg.exe

c:\windows\system32\tftp.exe

Wait until scan finished and copy/paste the URL in your next reply.

Link to post
Share on other sites

So the problem is the first file. Probably is false positive, but let's give a chance to Avira. Please compress the file:

c:\windows\system32\progman.exe

And upload it somewhere, for example in www.mediafire.com . Next, send me a download link via PM.

Next:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

below is the most recent eset log.txt. just as an fyi, if this does turn out to be a false positive, i'm still having the issue with malwarebytes not completing the scan as mentioned in the first post.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=424daba597ff2b46a958a63bd8f59bb5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-16 10:26:13

# local_time=2013-01-16 05:26:13 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=40403

# found=2

# cleaned=2

# scan_time=1147

C:\Documents and Settings\Steve\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 2503638237A9469DCB691D06A5701C55C66644D3 C

C:\Documents and Settings\Steve\My Documents\Downloads\MIRCSDM.exe a variant of Win32/SweetIM.C application (cleaned by deleting - quarantined) C798A07E7128C5421D5A594F59D10CB48647243D C

# version=8

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=424daba597ff2b46a958a63bd8f59bb5

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-17 02:12:45

# local_time=2013-01-17 09:12:45 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=38688

# found=0

# cleaned=0

# scan_time=1198

Link to post
Share on other sites


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

ok, just for the heck of it, i ran mwarbytes chameleon. the dos box popped up and started doing it's thing. after a few minutes, got the "encountered error/needs to close box". i clicked "don't send" when it asked if i wanted to send a report. then chameleon opened up regular mwarbytes to do a quick scan. this one was completed successfully, so i don't know what that means. at any rate, here's the FSS log:

Farbar Service Scanner Version: 16-01-2013

Ran by Steve (administrator) on 17-01-2013 at 09:53:03

Running from "C:\Documents and Settings\Steve\My Documents\Downloads"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys

[2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll

[2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll

[2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll

[2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe

[2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A

Extra List:

=======

Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x0700000004000000010000000200000003000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Farbar Service Scanner Version: 16-01-2013

Ran by Steve (administrator) on 17-01-2013 at 11:30:18

Running from "C:\Documents and Settings\Steve\My Documents\Downloads"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys

[2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll

[2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll

[2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll

[2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe

[2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A

Extra List:

=======

Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x0700000004000000010000000200000003000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

fyi, the sfc.exe resulted in my having to update windows (several updates, actually). once that was done, i rebooted and ran the fss, posted above, then i ran a quick scan on mwarebytes and it completed successfully. i'll now reboot again and see if it will complete another one successfully.

Link to post
Share on other sites

well, good news, i was able to run another quick scan successfully after reboot. perhaps the problem was the windows just needed to be updated, but we'll see what happens going forward. at any rate, i'd be grateful for any feedback you may have and i'll run a few more scans periodically throughout the day -- i usually do at least one full mwarebytes scan per day. i'll let you know if i run into any further irregularities. i deeply appreciate all of your assistance in this matter.

best, s

Link to post
Share on other sites

Please scan your system with this tool:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Status: Disinfected (events: 6)

1/17/2013 8:49:10 PM Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3 High

1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVc.class High

1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVe.class High

1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVd.class High

1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVa.class High

1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVb.class High

Status: Deleted (events: 2)

1/17/2013 8:50:08 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-0507.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\52\61d70074-68001ee9 High

1/17/2013 8:50:14 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\28\3682889c-79afcfb3 High

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.