Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've tried Spybot, malwarebytes, super anti-spyware, and much more, still infected!!. Check my Hijack This log?


  • This topic is locked This topic is locked
132 replies to this topic

#1 noseguy

noseguy

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 23 November 2011 - 08:08 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:13 PM, on 11/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Claire\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Claire\Desktop\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [McafWelcome] c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Claire\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7979 bytes

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 AM

Posted 24 November 2011 - 08:20 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


NEXT


Please download GetPartitions from the link bellow.

You must right click on the link and choose Save as....

Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").

It will produce a log on your C:\ drive C:\DiskReport.txt

please navigate to that file and post the contents of the log in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 noseguy

noseguy
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 25 November 2011 - 12:42 AM

Well, slight problem. I now can't connect to the internet on my infected computer, so I don't know how to update the aswMBR scan.
I ran it anyway, and am submitting that log, in addition to dds.txt and attach.txt. As for the GetPartitions.bat, I double clicked it, and it disappeared from my desktop altogether.
Is this enough to give you an idea?



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Run by Claire at 14:22:21 on 2011-11-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.568 [GMT -8:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Claire\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [iPhone PC Suite] c:\program files\netdragon\91 mobile\iphone\iPhone PC Suite.exe /start
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MSKAgent.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [McafWelcome] c:\progra~1\mcafee.com\agent\mcwelcom.exe
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\claire\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\claire\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9
TCP: Interfaces\{4D74B84A-DFC1-4985-BB87-DE0A945FF1EB} : DhcpNameServer = 76.14.0.8 76.14.0.9
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\claire\application data\mozilla\firefox\profiles\7pcb1ojc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\claire\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\claire\application data\mozilla\firefox\profiles\7pcb1ojc.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\claire\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\claire\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-1-18 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-1-18 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-23 36000]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-23 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-23 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-21 74640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-7-6 28672]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2004-8-10 106496]
S2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-4 34944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-5 24576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-11-23 10:49:04 -------- d-----w- c:\windows\system32\NtmsData
2011-11-23 10:48:31 -------- d-----w- c:\documents and settings\claire\application data\Avira
2011-11-23 10:42:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-23 10:41:55 -------- d-----w- c:\program files\Avira
2011-11-23 10:41:55 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-11-22 18:58:24 -------- d-----w- c:\documents and settings\claire\DoctorWeb
2011-11-22 03:51:26 -------- d-----w- C:\_OTM
2011-11-08 05:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-10-20 00:56:50 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:23:58.93 ===============



DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2006 9:05:41 PM
System Uptime: 11/24/2011 1:56:02 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GD366
Processor: Intel® Celeron® M processor 1.50GHz | Microprocessor | 1496/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 20.274 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP608: 11/3/2011 7:28:19 AM - System Checkpoint
RP609: 11/4/2011 5:57:52 AM - Installed Rapport
RP610: 11/5/2011 6:04:57 AM - System Checkpoint
RP611: 11/6/2011 10:18:41 AM - System Checkpoint
RP612: 11/8/2011 6:46:51 PM - System Checkpoint
RP613: 11/9/2011 7:04:26 PM - System Checkpoint
RP614: 11/11/2011 11:22:03 AM - System Checkpoint
RP615: 11/12/2011 11:52:20 AM - System Checkpoint
RP616: 11/12/2011 10:24:19 PM - Installed Rapport
RP617: 11/14/2011 6:41:25 PM - System Checkpoint
RP618: 11/15/2011 7:15:43 PM - System Checkpoint
RP619: 11/16/2011 7:20:45 PM - System Checkpoint
RP620: 11/17/2011 7:46:20 PM - System Checkpoint
RP621: 11/18/2011 8:27:11 PM - System Checkpoint
RP622: 11/19/2011 10:35:12 PM - System Checkpoint
RP623: 11/20/2011 11:13:45 PM - System Checkpoint
RP624: 11/21/2011 8:01:01 PM - OTM Restore Point
RP625: 11/21/2011 8:36:00 PM - Removed SUPERAntiSpyware Free Edition
RP626: 11/22/2011 9:10:43 PM - System Checkpoint
RP627: 11/23/2011 2:06:35 AM - Avira AntiVir Personal - 11/23/2011 2:06
.
==== Installed Programs ======================
.
(Main Game) Lightside - Legend Ragnarok Online
Acoustica Mixcraft 4.2
Ad-Aware SE Personal
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player
AOLIcon
Apple Software Update
Avira Free Antivirus
BitTorrent
Bonjour
Broadcom Management Programs
Brother HL-2070N
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
DAEMON Tools
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
DNA
Dofus 1.25.0
Dropbox
EducateU
ELIcon
ERUNT 1.1j
Facebook Plug-In
getPlus®_ocx
Gunbound Revolution
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HTC Driver Installer
HTC Sync
IBM ViaVoice Command and Control Runtime 5.3
ijji
ijji Auto Installer
Intel® Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
iTunes
Java™ 6 Update 17
Java™ 6 Update 7
Learn2 Player (Uninstall Only)
LibUSB-Win32-0.1.12.1
Malwarebytes' Anti-Malware version 1.51.2.1300
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Modem Helper
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MTG GamePack for Magic Workstation
NetWaiting
Novacomd
OpenAL
OverDrive Media Console
Palm webOS® Doctor™ Build Sprint.230.225, webOS 1.4.1.1
Pando Media Booster
Photodex Presenter
PowerDVD 5.5
ProShow Gold
QuickSet
QuickTime
Rapport
Real Alternative 1.60
SAMSUNG PC Share Manager
Search Assist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
URL Assistant
Visual C++ 8.0 Runtime Setup Package
VLC media player 1.1.11
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.0.4
Wolfenstein - Enemy Territory
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
11/24/2011 1:57:39 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
11/23/2011 8:22:08 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/23/2011 8:22:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
11/23/2011 12:50:26 PM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
11/23/2011 12:47:26 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
11/23/2011 12:47:26 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
11/23/2011 12:47:25 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
11/23/2011 12:47:22 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
11/23/2011 12:47:21 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd
11/23/2011 12:47:20 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: Afd
11/22/2011 10:51:15 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2011 10:51:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
11/21/2011 8:36:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/21/2011 7:51:29 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Palm Novacom service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The NetworkLog service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 5:07:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/21/2011 5:07:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/21/2011 5:07:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/21/2011 5:05:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 4:14:07 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/21/2011 4:14:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
11/21/2011 4:14:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework v1.1.4322 Update service to connect.
11/21/2011 4:14:06 PM, error: Service Control Manager [7000] - The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 4:14:04 PM, error: Service Control Manager [7023] - The MicroSoft Messenger Helper service terminated with the following error: The specified module could not be found.
11/21/2011 4:13:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/21/2011 3:40:51 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 3:40:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/21/2011 3:40:46 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/20/2011 9:57:25 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s).
11/20/2011 9:56:47 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================




aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 21:23:46
-----------------------------
21:23:46.937 OS Version: Windows 5.1.2600 Service Pack 3
21:23:46.937 Number of processors: 1 586 0xD08
21:23:46.937 ComputerName: MOM UserName:
21:23:48.062 Initialize success
21:23:53.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:23:53.609 Disk 0 Vendor: FUJITSU_MHV2060AH 000000A0 Size: 57231MB BusType: 3
21:23:53.609 Device \Driver\atapi -> DriverStartIo f73f1864
21:23:53.609 Device \Driver\atapi -> MajorFunction 86df9008
21:23:55.718 Disk 0 MBR read successfully
21:23:55.718 Disk 0 MBR scan
21:23:55.718 Disk 0 unknown MBR code
21:23:55.828 Disk 0 scanning sectors +117194175
21:23:56.140 Disk 0 scanning C:\WINDOWS\system32\drivers
21:24:09.296 Service scanning
21:24:11.062 Modules scanning
21:24:18.734 Disk 0 trace - called modules:
21:24:18.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86df9008]<<
21:24:18.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f52998]
21:24:19.265 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f57d98]
21:24:19.265 \Driver\atapi[0x86f58778] -> IRP_MJ_CREATE -> 0x86df9008
21:24:19.265 Scan finished successfully
21:25:20.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Claire\Desktop\MBR.dat"
21:25:20.500 The log file has been saved successfully to "C:\Documents and Settings\Claire\Desktop\aswMBR.txt"

Edited by noseguy, 25 November 2011 - 12:49 AM.


#4 noseguy

noseguy
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 25 November 2011 - 12:45 AM

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2006 9:05:41 PM
System Uptime: 11/24/2011 1:56:02 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GD366
Processor: Intel® Celeron® M processor 1.50GHz | Microprocessor | 1496/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 20.274 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP608: 11/3/2011 7:28:19 AM - System Checkpoint
RP609: 11/4/2011 5:57:52 AM - Installed Rapport
RP610: 11/5/2011 6:04:57 AM - System Checkpoint
RP611: 11/6/2011 10:18:41 AM - System Checkpoint
RP612: 11/8/2011 6:46:51 PM - System Checkpoint
RP613: 11/9/2011 7:04:26 PM - System Checkpoint
RP614: 11/11/2011 11:22:03 AM - System Checkpoint
RP615: 11/12/2011 11:52:20 AM - System Checkpoint
RP616: 11/12/2011 10:24:19 PM - Installed Rapport
RP617: 11/14/2011 6:41:25 PM - System Checkpoint
RP618: 11/15/2011 7:15:43 PM - System Checkpoint
RP619: 11/16/2011 7:20:45 PM - System Checkpoint
RP620: 11/17/2011 7:46:20 PM - System Checkpoint
RP621: 11/18/2011 8:27:11 PM - System Checkpoint
RP622: 11/19/2011 10:35:12 PM - System Checkpoint
RP623: 11/20/2011 11:13:45 PM - System Checkpoint
RP624: 11/21/2011 8:01:01 PM - OTM Restore Point
RP625: 11/21/2011 8:36:00 PM - Removed SUPERAntiSpyware Free Edition
RP626: 11/22/2011 9:10:43 PM - System Checkpoint
RP627: 11/23/2011 2:06:35 AM - Avira AntiVir Personal - 11/23/2011 2:06
.
==== Installed Programs ======================
.
(Main Game) Lightside - Legend Ragnarok Online
Acoustica Mixcraft 4.2
Ad-Aware SE Personal
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player
AOLIcon
Apple Software Update
Avira Free Antivirus
BitTorrent
Bonjour
Broadcom Management Programs
Brother HL-2070N
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
DAEMON Tools
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
DNA
Dofus 1.25.0
Dropbox
EducateU
ELIcon
ERUNT 1.1j
Facebook Plug-In
getPlus®_ocx
Gunbound Revolution
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HTC Driver Installer
HTC Sync
IBM ViaVoice Command and Control Runtime 5.3
ijji
ijji Auto Installer
Intel® Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
iTunes
Java™ 6 Update 17
Java™ 6 Update 7
Learn2 Player (Uninstall Only)
LibUSB-Win32-0.1.12.1
Malwarebytes' Anti-Malware version 1.51.2.1300
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Modem Helper
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MTG GamePack for Magic Workstation
NetWaiting
Novacomd
OpenAL
OverDrive Media Console
Palm webOS® Doctor™ Build Sprint.230.225, webOS 1.4.1.1
Pando Media Booster
Photodex Presenter
PowerDVD 5.5
ProShow Gold
QuickSet
QuickTime
Rapport
Real Alternative 1.60
SAMSUNG PC Share Manager
Search Assist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
URL Assistant
Visual C++ 8.0 Runtime Setup Package
VLC media player 1.1.11
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.0.4
Wolfenstein - Enemy Territory
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
11/24/2011 1:57:39 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
11/23/2011 8:22:08 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/23/2011 8:22:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
11/23/2011 12:50:26 PM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
11/23/2011 12:47:26 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
11/23/2011 12:47:26 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
11/23/2011 12:47:25 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
11/23/2011 12:47:22 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
11/23/2011 12:47:21 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd
11/23/2011 12:47:20 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: Afd
11/22/2011 10:51:15 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2011 10:51:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
11/21/2011 8:36:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/21/2011 7:51:29 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Palm Novacom service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The NetworkLog service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 5:07:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/21/2011 5:07:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/21/2011 5:07:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/21/2011 5:05:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 4:14:07 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/21/2011 4:14:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
11/21/2011 4:14:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework v1.1.4322 Update service to connect.
11/21/2011 4:14:06 PM, error: Service Control Manager [7000] - The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 4:14:04 PM, error: Service Control Manager [7023] - The MicroSoft Messenger Helper service terminated with the following error: The specified module could not be found.
11/21/2011 4:13:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/21/2011 3:40:51 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 3:40:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/21/2011 3:40:46 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/20/2011 9:57:25 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s).
11/20/2011 9:56:47 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 21:23:46
-----------------------------
21:23:46.937 OS Version: Windows 5.1.2600 Service Pack 3
21:23:46.937 Number of processors: 1 586 0xD08
21:23:46.937 ComputerName: MOM UserName:
21:23:48.062 Initialize success
21:23:53.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:23:53.609 Disk 0 Vendor: FUJITSU_MHV2060AH 000000A0 Size: 57231MB BusType: 3
21:23:53.609 Device \Driver\atapi -> DriverStartIo f73f1864
21:23:53.609 Device \Driver\atapi -> MajorFunction 86df9008
21:23:55.718 Disk 0 MBR read successfully
21:23:55.718 Disk 0 MBR scan
21:23:55.718 Disk 0 unknown MBR code
21:23:55.828 Disk 0 scanning sectors +117194175
21:23:56.140 Disk 0 scanning C:\WINDOWS\system32\drivers
21:24:09.296 Service scanning
21:24:11.062 Modules scanning
21:24:18.734 Disk 0 trace - called modules:
21:24:18.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86df9008]<<
21:24:18.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f52998]
21:24:19.265 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f57d98]
21:24:19.265 \Driver\atapi[0x86f58778] -> IRP_MJ_CREATE -> 0x86df9008
21:24:19.265 Scan finished successfully
21:25:20.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Claire\Desktop\MBR.dat"
21:25:20.500 The log file has been saved successfully to "C:\Documents and Settings\Claire\Desktop\aswMBR.txt"

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 AM

Posted 25 November 2011 - 02:51 PM

hi,

the getpartitions.bat was supposed to disappear after being run, the log will be located at C:\DiskReport.txt

Please download the following to a USB stick > take to the infected computer and run it > it will run from the USB, make sure your security programs are disabled:

if combofix is unable to connect to download and install the Recovery Console > carry on without it.

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 noseguy

noseguy
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 25 November 2011 - 03:28 PM

I no longer have an internet connection on my infected computer, so I couldn't download the recovery console (I dl'd the combofix from another computer and transferred it to the infected desktop). Neither wired or wireless is connecting, I tried to renew my IP, and I get a "media disconnected" error. I have had no luck in fixing this, and wondered if it was related to malware.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 AM

Posted 25 November 2011 - 03:32 PM

yes it will be related to malware

the type of infection you have infects the files that are required for a connection. If you are able to run ComboFix, it may be able to restore the connection

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 noseguy

noseguy
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 25 November 2011 - 11:10 PM

Below is the ComboFix I ran without being able to have the recovery console installed. I also got a message that said my Avira AntiVir was running, and to disable it (even though I had previously turned it off). So I uninstalled it completely. When I clicked OK afterwards, it found outdated versions that were apparently not disabled. It didn't allow me to find these and disable them, though, and it continued to scan. I'm still unable to connect to the internet.





ComboFix 11-11-25.02 - Claire 11/25/2011 14:08:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.722 [GMT -8:00]
Running from: c:\documents and settings\Claire\Desktop\username123.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00FC-0D24-347CA8A3377C}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Claire\WINDOWS
c:\temp\brr
c:\windows\$NtUninstallKB8274$
c:\windows\$NtUninstallKB8274$\1755492017
c:\windows\$NtUninstallKB8274$\4259634614\@
c:\windows\$NtUninstallKB8274$\4259634614\bckfg.tmp
c:\windows\$NtUninstallKB8274$\4259634614\cfg.ini
c:\windows\$NtUninstallKB8274$\4259634614\Desktop.ini
c:\windows\$NtUninstallKB8274$\4259634614\keywords
c:\windows\$NtUninstallKB8274$\4259634614\kwrd.dll
c:\windows\$NtUninstallKB8274$\4259634614\L\odetmngk
c:\windows\$NtUninstallKB8274$\4259634614\lsflt7.ver
c:\windows\$NtUninstallKB8274$\4259634614\U\00000001.@
c:\windows\$NtUninstallKB8274$\4259634614\U\00000002.@
c:\windows\$NtUninstallKB8274$\4259634614\U\00000004.@
c:\windows\$NtUninstallKB8274$\4259634614\U\80000000.@
c:\windows\$NtUninstallKB8274$\4259634614\U\80000004.@
c:\windows\$NtUninstallKB8274$\4259634614\U\80000032.@
c:\windows\daemon.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_FOPN
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-23 10:49 . 2011-11-23 10:49 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 19:29 . 2011-11-22 19:29 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-22 18:58 . 2011-11-23 00:39 -------- d-----w- c:\documents and settings\Claire\DoctorWeb
2011-11-22 03:51 . 2011-11-22 03:51 -------- d-----w- C:\_OTM
2011-11-22 03:47 . 2011-11-22 03:47 -------- d-----w- c:\program files\ERUNT
2011-11-21 06:39 . 2011-11-21 06:39 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-11-08 05:28 . 2011-11-08 05:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-06 15:53 . 2011-11-06 15:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 00:00 . 2008-08-16 18:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 01:55 . 2011-10-03 04:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iPhone PC Suite"="c:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [N/A]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-19 2969496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [N/A]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [N/A]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-13 1117184]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [N/A]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"McafWelcome"="c:\progra~1\mcafee.com\agent\mcwelcom.exe" [N/A]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Claire\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Claire\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-2 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"56379:TCP"= 56379:TCP:Pando Media Booster
"56379:UDP"= 56379:UDP:Pando Media Booster
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1/18/2011 1:25 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1/18/2011 1:25 AM 5248]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [11/7/2011 9:30 PM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/7/2011 9:28 PM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/7/2011 9:28 PM 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/7/2011 9:28 PM 931640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [7/6/2009 2:53 PM 28672]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/8/2011 4:28 PM 21520]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [8/10/2004 4:20 PM 106496]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [1/12/2010 10:07 AM 33792]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 4:23 PM 6638080]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 1:55 PM 34944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/5/2010 6:41 PM 24576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/7/2011 9:28 PM 56208]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9
FF - ProfilePath - c:\documents and settings\Claire\Application Data\Mozilla\Firefox\Profiles\7pcb1ojc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\documents and settings\Claire\Local Settings\Temporary Internet Files\Content.IE5\SZYFIT29\HijackThis.exe
AddRemove-llro - c:\program files\Lightside - Legend Ragnarok\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 14:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(456)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1652)
c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
.
**************************************************************************
.
Completion time: 2011-11-25 14:35:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 22:35
.
Pre-Run: 21,896,523,776 bytes free
Post-Run: 22,187,438,080 bytes free
.
- - End Of File - - BBE645E047DC1B64C14EC13EBD34631A

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 AM

Posted 26 November 2011 - 10:20 AM

Let's search for the file that is either corrupted or missing that is preventing the connection

please download the following to a USB and transfer to the infected computer


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT

let's see if we can get rid of all the left over Avira files so you can perform a clean install when we are done

please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

SecCenter::
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00FC-0D24-347CA8A3377C}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 noseguy

noseguy
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 26 November 2011 - 03:18 PM

Here is the FSS.txt and the combofix.txt

Farbar Service Scanner
Ran by Claire (administrator) on 26-11-2011 at 11:34:28
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Unable to retrieve start type of afd. The value might not exist.
Unable to retrieve ImagePath of afd. The value might not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to Google returned error: Google IP is unreachable
Attempt to yahoo returend error: Yahoo IP is unreachable

**** End of log ****


----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------



ComboFix 11-11-25.02 - Claire 11/26/2011 11:46:49.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.604 [GMT -8:00]
Running from: c:\documents and settings\Claire\Desktop\username123.exe
Command switches used :: c:\documents and settings\Claire\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-23 10:49 . 2011-11-23 10:49 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 19:29 . 2011-11-22 19:29 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-22 18:58 . 2011-11-23 00:39 -------- d-----w- c:\documents and settings\Claire\DoctorWeb
2011-11-22 03:51 . 2011-11-22 03:51 -------- d-----w- C:\_OTM
2011-11-22 03:47 . 2011-11-22 03:47 -------- d-----w- c:\program files\ERUNT
2011-11-21 06:39 . 2011-11-21 06:39 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-11-08 05:28 . 2011-11-08 05:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-06 15:53 . 2011-11-06 15:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 00:00 . 2008-08-16 18:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 01:55 . 2011-10-03 04:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-25_22.28.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-26 19:43 . 2011-11-26 19:43 16384 c:\windows\Temp\Perflib_Perfdata_e58.dat
+ 2011-11-25 22:41 . 2011-11-25 22:41 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 02:44 . 2007-10-11 02:51 39792 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
.
2005-06-10 15:44 . 2005-06-10 15:44 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
.
2005-06-10 15:44 . 2005-06-10 15:44 249856 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
.
2006-04-02 23:59 . 2005-02-23 21:19 53248 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe
.
2006-04-02 23:58 . 2005-12-15 15:44 839680 c:\program files\Dell\QuickSet\bak\Quickset.exe
.
2003-11-19 22:48 . 2003-11-19 22:48 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
.
2006-04-03 00:03 . 2006-04-03 00:03 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-27 00:18 . 2009-05-27 00:18 413696 c:\program files\QuickTime\QTTask.exe
.
2006-04-02 23:55 . 2005-11-29 09:56 761947 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iPhone PC Suite"="c:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [N/A]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-19 2969496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [N/A]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [N/A]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-13 1117184]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [N/A]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"McafWelcome"="c:\progra~1\mcafee.com\agent\mcwelcom.exe" [N/A]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Claire\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Claire\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-2 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"56379:TCP"= 56379:TCP:Pando Media Booster
"56379:UDP"= 56379:UDP:Pando Media Booster
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1/18/2011 1:25 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1/18/2011 1:25 AM 5248]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [11/7/2011 9:30 PM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/7/2011 9:28 PM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/7/2011 9:28 PM 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/7/2011 9:28 PM 931640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [7/6/2009 2:53 PM 28672]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/8/2011 4:28 PM 21520]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [8/10/2004 4:20 PM 106496]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [1/12/2010 10:07 AM 33792]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 4:23 PM 6638080]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 1:55 PM 34944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/5/2010 6:41 PM 24576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/7/2011 9:28 PM 56208]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RPCLOCATOR
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9
FF - ProfilePath - c:\documents and settings\Claire\Application Data\Mozilla\Firefox\Profiles\7pcb1ojc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3900)
c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-11-26 11:58:51
ComboFix-quarantined-files.txt 2011-11-26 19:58
ComboFix2.txt 2011-11-25 22:35
.
Pre-Run: 22,214,279,168 bytes free
Post-Run: 22,192,492,544 bytes free
.
- - End Of File - - 1397C9905FD05B86992FEF9BC4E133D7

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 AM

Posted 26 November 2011 - 03:28 PM

afd Service is not running

think we've found the missing file

please do the following:


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *afd*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 noseguy

noseguy
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 26 November 2011 - 04:04 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:48 on 26/11/2011 by Claire
Administrator - Elevation successful

========== filefind ==========

Searching for "*afd*"
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\B6A7F3A52FFD4934A26DAFDF41C6AC1B_icon24.png --a---- 1571 bytes [05:53 24/07/2010] [06:55 24/07/2010] C9B121D42E64E38AC142FB2BD6CF9DE7
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\B6A7F3A52FFD4934A26DAFDF41C6AC1B_icon48.png --a---- 4385 bytes [05:53 24/07/2010] [06:55 24/07/2010] A0A4035A8F73450D670BD8A4FC317570
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\B6A7F3A52FFD4934A26DAFDF41C6AC1B_named_strings.mlsxml --a---- 773 bytes [05:53 24/07/2010] [06:55 24/07/2010] 7D2C7671CAFAFBE01B62EAF5A5B8C523
C:\Documents and Settings\All Users\Application Data\Teleca\Capability Manager\Applications\CA100_AL_Device_Connect_Basic.xml -ra---- 520 bytes [22:16 31/03/2009] [22:16 31/03/2009] A114A3C9C251D252A7A849E3416F47E3
C:\Documents and Settings\All Users\Application Data\Teleca\Capability Manager\Applications\CA100_AL_TrayMenu_No_Device.xml -ra---- 661 bytes [18:29 01/07/2009] [18:29 01/07/2009] 050447DE096858139CB817D736AED239
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381\2b70b844834321b9f4e9760531ce76db7819afd3.mddata --a---- 60 bytes [10:23 02/07/2009] [23:29 06/07/2009] 88B5F467034B23799631D93FB5967302
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381\2b70b844834321b9f4e9760531ce76db7819afd3.mdinfo --a---- 184 bytes [23:29 06/07/2009] [23:29 06/07/2009] A4E2E43859C79A639EC33A9A8F4626AC
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381\64852404d8347fafdc95c5d68f7629995baef161.mddata --a---- 13774 bytes [10:23 02/07/2009] [23:29 06/07/2009] BDDE9F0748498686D18710D5F77E1B4E
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381\64852404d8347fafdc95c5d68f7629995baef161.mdinfo --a---- 202 bytes [23:29 06/07/2009] [23:29 06/07/2009] A2310416B886C29959FAAF80E0C92477
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381\7354d391d6afddc09cc9fd7c1196aec38ba29e7c.mddata --a---- 1077 bytes [10:23 02/07/2009] [23:29 06/07/2009] 88073A807CCC77CF9920B91BE8CBCA39
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381\7354d391d6afddc09cc9fd7c1196aec38ba29e7c.mdinfo --a---- 173 bytes [23:29 06/07/2009] [23:29 06/07/2009] F98DB7BFC89D3C0B4B11D53B8B8FD0DE
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-204315\2b70b844834321b9f4e9760531ce76db7819afd3.mddata --a---- 60 bytes [03:43 07/07/2009] [23:29 06/07/2009] 88B5F467034B23799631D93FB5967302
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-204315\2b70b844834321b9f4e9760531ce76db7819afd3.mdinfo --a---- 184 bytes [03:43 07/07/2009] [23:29 06/07/2009] A4E2E43859C79A639EC33A9A8F4626AC
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-204315\64852404d8347fafdc95c5d68f7629995baef161.mddata --a---- 13774 bytes [03:43 07/07/2009] [23:29 06/07/2009] BDDE9F0748498686D18710D5F77E1B4E
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-204315\64852404d8347fafdc95c5d68f7629995baef161.mdinfo --a---- 202 bytes [03:43 07/07/2009] [23:29 06/07/2009] A2310416B886C29959FAAF80E0C92477
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-204315\7354d391d6afddc09cc9fd7c1196aec38ba29e7c.mddata --a---- 1077 bytes [03:43 07/07/2009] [23:29 06/07/2009] 88073A807CCC77CF9920B91BE8CBCA39
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-204315\7354d391d6afddc09cc9fd7c1196aec38ba29e7c.mdinfo --a---- 173 bytes [03:43 07/07/2009] [23:29 06/07/2009] F98DB7BFC89D3C0B4B11D53B8B8FD0DE
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-230805\2b70b844834321b9f4e9760531ce76db7819afd3.mddata --a---- 60 bytes [06:08 07/07/2009] [23:29 06/07/2009] 88B5F467034B23799631D93FB5967302
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-230805\2b70b844834321b9f4e9760531ce76db7819afd3.mdinfo --a---- 184 bytes [06:08 07/07/2009] [23:29 06/07/2009] A4E2E43859C79A639EC33A9A8F4626AC
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-230805\64852404d8347fafdc95c5d68f7629995baef161.mddata --a---- 13774 bytes [06:08 07/07/2009] [23:29 06/07/2009] BDDE9F0748498686D18710D5F77E1B4E
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-230805\64852404d8347fafdc95c5d68f7629995baef161.mdinfo --a---- 202 bytes [06:08 07/07/2009] [23:29 06/07/2009] A2310416B886C29959FAAF80E0C92477
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-230805\7354d391d6afddc09cc9fd7c1196aec38ba29e7c.mddata --a---- 1077 bytes [06:08 07/07/2009] [23:29 06/07/2009] 88073A807CCC77CF9920B91BE8CBCA39
C:\Documents and Settings\Claire\Application Data\Apple Computer\MobileSync\Backup\c24799327f6d7e99bf81640e619ccdec26d75381-20090706-230805\7354d391d6afddc09cc9fd7c1196aec38ba29e7c.mdinfo --a---- 173 bytes [06:08 07/07/2009] [23:29 06/07/2009] F98DB7BFC89D3C0B4B11D53B8B8FD0DE
C:\Documents and Settings\Claire\Application Data\Dropbox\shellext\l\4e9afd27 --a---- 124 bytes [15:49 16/10/2011] [15:50 16/10/2011] DD6D400D35A791B87D46CB0132FA1A98
C:\Documents and Settings\Claire\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 --a-s-- 264037 bytes [17:12 03/09/2006] [17:58 19/03/2011] F28B9378C0CA56ECFB7CEADC538027E2
C:\Documents and Settings\Claire\Application Data\Microsoft\CryptnetUrlCache\Content\E8974A4669383843486E5AFDB09650F5 --a-s-- 2214 bytes [20:07 21/11/2009] [20:07 21/11/2009] 8798929211223FF92DFF6B1B3DDFA31C
C:\Documents and Settings\Claire\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 --a-s-- 120 bytes [17:12 03/09/2006] [17:58 19/03/2011] 0916BDDCDAEA36D9970BBEFF55B6B1EE
C:\Documents and Settings\Claire\Application Data\Microsoft\CryptnetUrlCache\MetaData\E8974A4669383843486E5AFDB09650F5 --a-s-- 124 bytes [20:07 21/11/2009] [20:07 21/11/2009] 42050E340F7445493654F4157EA0F725
C:\Documents and Settings\Claire\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3087601672-3631794483-4102241060-1006\e52f73ea1e6d8fb5afd750e25de6c8fa_a256fb97-162a-4558-be23-08ae4bbcb195 --a-s-- 46 bytes [20:54 19/09/2010] [20:54 19/09/2010] C1551A342602CDDF23DA8DE13875CA73
C:\i386\afd.sys --a---- 138496 bytes [05:59 08/04/2006] [10:00 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
C:\i386\C92641594A6F2DA8A55FE4738AFDA539.mof --a---- 28952 bytes [06:05 08/04/2006] [18:01 10/08/2004] CB47E5ADDC8871A7FBFFB7F86B5421EA
C:\i386\FAAD7D567E76CAB10704AFD7C0488F23.mof --a---- 61314 bytes [06:06 08/04/2006] [18:01 10/08/2004] 3B2088CB65A33B4C09952F5CC081C91B
C:\i386\msafd.dll --a---- 3584 bytes [06:02 08/04/2006] [10:00 04/08/2004] 5124913B6956D309978A67054C4360F3
C:\Program Files\Corel\Corel Photo Album 6\Content\Projects\Templates\Calendar\Calendar Basic H-1g (Layer4).jp2 --a---- 545 bytes [18:55 14/07/2005] [18:55 14/07/2005] 925D3C0985CD9B9D17B5C0EA497AB7E0
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [14:17 29/08/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys --a---- 138368 bytes [10:44 20/06/2008] [10:44 20/06/2008] D99DDFFB33DEACDCF20717CB520379F6
C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys --a---- 138496 bytes [11:40 20/06/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [04:19 19/10/2008] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138368 bytes [13:16 02/09/2008] [10:44 20/06/2008] 944CA435BFCFC82CC1ED9E3A7D731AA9
C:\WINDOWS\$NtServicePackUninstall$\msafd.dll -----c- 3584 bytes [13:16 02/09/2008] [10:00 04/08/2004] 5124913B6956D309978A67054C4360F3
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [06:48 02/09/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [06:16 02/09/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 138112 bytes [13:29 02/09/2008] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys -----c- 138496 bytes [10:00 09/07/2008] [10:00 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 138496 bytes [10:02 19/10/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_32997.xml --a---- 2016 bytes [05:49 31/10/2011] [05:49 31/10/2011] C2F205B1B43A4060132B1A19D6A26D3E
C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [21:38 18/08/2008] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\ServicePackFiles\i386\msafd.dll ------- 3584 bytes [21:38 18/08/2008] [00:10 14/04/2008] A26B5E4178D163D644DC731D206A6137
C:\WINDOWS\SoftwareDistribution\EventCache\{AFD1C10B-AF4C-452B-87F1-AC2F1B10A84F}.bin ------- 8 bytes [14:24 25/05/2006] [14:24 25/05/2006] 4D77CBA7579DBBE93F514F58B03DA564
C:\WINDOWS\system32\msafd.dll ------- 3584 bytes [17:51 10/08/2004] [00:10 14/04/2008] A26B5E4178D163D644DC731D206A6137
C:\WINDOWS\system32\dllcache\afd.sys --a---- 138496 bytes [17:50 10/08/2004] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [17:50 10/08/2004] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof ------- 28952 bytes [18:01 10/08/2004] [18:01 10/08/2004] CB47E5ADDC8871A7FBFFB7F86B5421EA
C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof ------- 61314 bytes [18:01 10/08/2004] [18:01 10/08/2004] 3B2088CB65A33B4C09952F5CC081C91B
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.manifest --a---- 2354 bytes [16:10 29/07/2008] [16:10 29/07/2008] 5AB0DFAF0A5A7D292B0AA07332BD3B13

-= EOF =-

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 AM

Posted 26 November 2011 - 05:17 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
C:\WINDOWS\system32\dllcache\afd.sys | C:\WINDOWS\system32\drivers\afd.sys
 
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Start Device Manager > click Start > run > type > devmgmt.msc into the open run box > hit OK

  • Click View, and then click Show hidden devices.
  • In the right pane of Device Manager, click Non-Plug and Play Drivers.
  • Double-click AFD Networking Support Environment.
  • Under Device usage, select the Use this device (enable) check box, and then click OK.



NEXT

Please run the following:

I want to make sure the registry key is correct:

Go to Start > Run > copy and paste the following command into the run box > OK:

regedit /e "%userprofile%\desktop\output.txt" "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD"

A new file called output.txt should appear on your Desktop, please post the contents with your next response.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 noseguy

noseguy
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 26 November 2011 - 06:23 PM

I don't see much in the right pane. It says Device Manager on local computer, which has a drop-down menu, which says "More Actions", then Devices by type, by connection, Resources by type, etc.
Meanwhile, here's my latest ComboFix log:



ComboFix 11-11-25.02 - Claire 11/26/2011 14:55:00.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.572 [GMT -8:00]
Running from: c:\documents and settings\Claire\Desktop\username123.exe
Command switches used :: c:\documents and settings\Claire\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\afd.sys --> c:\windows\system32\drivers\afd.sys
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-23 10:49 . 2011-11-23 10:49 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 19:29 . 2011-11-22 19:29 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-22 18:58 . 2011-11-23 00:39 -------- d-----w- c:\documents and settings\Claire\DoctorWeb
2011-11-22 03:51 . 2011-11-22 03:51 -------- d-----w- C:\_OTM
2011-11-22 03:47 . 2011-11-22 03:47 -------- d-----w- c:\program files\ERUNT
2011-11-21 06:39 . 2011-11-21 06:39 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-11-08 05:28 . 2011-11-08 05:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-06 15:53 . 2011-11-06 15:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 00:00 . 2008-08-16 18:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 01:55 . 2011-10-03 04:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-25_22.28.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-25 22:41 . 2011-11-25 22:41 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 02:44 . 2007-10-11 02:51 39792 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
.
2005-06-10 15:44 . 2005-06-10 15:44 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
.
2005-06-10 15:44 . 2005-06-10 15:44 249856 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
.
2006-04-02 23:59 . 2005-02-23 21:19 53248 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe
.
2006-04-02 23:58 . 2005-12-15 15:44 839680 c:\program files\Dell\QuickSet\bak\Quickset.exe
.
2003-11-19 22:48 . 2003-11-19 22:48 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
.
2006-04-03 00:03 . 2006-04-03 00:03 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-27 00:18 . 2009-05-27 00:18 413696 c:\program files\QuickTime\QTTask.exe
.
2006-04-02 23:55 . 2005-11-29 09:56 761947 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Claire\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iPhone PC Suite"="c:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [N/A]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-19 2969496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [N/A]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [N/A]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-13 1117184]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [N/A]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"McafWelcome"="c:\progra~1\mcafee.com\agent\mcwelcom.exe" [N/A]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Claire\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Claire\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-2 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"56379:TCP"= 56379:TCP:Pando Media Booster
"56379:UDP"= 56379:UDP:Pando Media Booster
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1/18/2011 1:25 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1/18/2011 1:25 AM 5248]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [11/7/2011 9:30 PM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/7/2011 9:28 PM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/7/2011 9:28 PM 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/7/2011 9:28 PM 931640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [7/6/2009 2:53 PM 28672]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/8/2011 4:28 PM 21520]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [8/10/2004 4:20 PM 106496]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [1/12/2010 10:07 AM 33792]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 4:23 PM 6638080]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 1:55 PM 34944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/5/2010 6:41 PM 24576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/7/2011 9:28 PM 56208]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RPCLOCATOR
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9
FF - ProfilePath - c:\documents and settings\Claire\Application Data\Mozilla\Firefox\Profiles\7pcb1ojc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-11-26 15:05:42
ComboFix-quarantined-files.txt 2011-11-26 23:05
ComboFix2.txt 2011-11-26 19:58
ComboFix3.txt 2011-11-25 22:35
.
Pre-Run: 22,208,208,896 bytes free
Post-Run: 22,186,065,920 bytes free
.
- - End Of File - - E55C50F3E7975C074E6EB43F0AA67065

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 AM

Posted 26 November 2011 - 06:53 PM

Hi,

can you please run the registry export (last instruction)

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users