Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Virus Has infected registry


  • This topic is locked This topic is locked
18 replies to this topic

#1 Rogue_wolf

Rogue_wolf

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 05 June 2012 - 07:49 PM

Hello there. I bought this computer from second hand on the street. Its a Toshiba satellite 2300, but it came infected with a Trojan worm. I cleared the most of them out using an antivirus program called calm-win, and manually removed the viruses by using the cmd.exe and locating the viruses in their directory paths, but there is apparently a virus that is loaded on my PC that I cannot remove using either clam-win, or Avira, another antivirus I installed. Here is my log from using DDS and the other program, GMER. if you require any additional information from my PC, such as my "hijack this: log, which i also have, feel free to respond to my post. Thank you.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Owner at 18:15:30 on 2012-06-05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.83 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.bearshare.com/
uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
mDefault_Page_URL = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: {45d06dd4-7b73-4ce0-bf56-b3b2142e93fa} - c:\windows\system32\ljJBrOHa.dll
BHO: : {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - c:\program files\starware322\bin\Starware322.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: QXK Olive: {72492997-ccc3-4c07-bcb8-d2d7bfb65f7f} - c:\windows\ksendlbtdpl.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {984C42AE-0B1D-4495-B16B-935DA5671133} - No File
BHO: {9b40b60e-d743-44b0-959c-35dd5fe37c45} - c:\windows\system32\byXQIBts.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Starware Reference Toolbar: {1962c5bc-e475-465b-823b-133e711bceb9} - c:\program files\starware322\bin\Starware322.dll
TB: vrmdtneg: {778dc3f7-1699-4a2f-8d32-143c0d00854c} - c:\windows\vrmdtneg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: Starware322: {e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} - c:\program files\starware322\bin\Starware322.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ErrorSafeFree] "c:\program files\errorsafe free\uers.exe" /min
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Sys3.exe] C:\Sys3.exe
uRun: [My Web Search Community Tools] "c:\program files\mywebsearch\bar\1.bin\m3IMPipe.exe"
uRun: [Aim6]
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [S3Hotkey] s3hotkey.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ERScw] c:\program files\common files\error safe\ERScw.exe -c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [Salestart] "c:\program files\common files\winantivirus pro 2007\mav_startupmon.exe"
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Sys2.exe] C:\Sys2.exe
mRun: [S3TRAY2] S3Tray2.exe
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Gcc.exe
uPolicies-explorer: NoToolbarCustomize = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
uPolicies-explorer: NoSetFolders = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MJUS
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{07ADCCEB-0E60-4511-9895-87737DF82C5B} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{38057A42-44B4-45AA-BBF0-1BB4F3CA77AA} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7A1638C4-786F-4FB8-8BEB-3DF049B13800} : DhcpNameServer = 66.82.4.12 66.82.4.8
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: ljJBrOHa - ljJBrOHa.dll
Notify: msole - c:\windows\java\msole.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: xvorfwbd - {928F3026-8D9C-402F-A77E-784768C90284} - c:\windows\xvorfwbd.dll
SSODL: wpvmqosg - {1C06E39B-1AF9-4669-BB6E-0B3482926A9D} - c:\windows\wpvmqosg.dll
SSODL: VolumeSys - {f204b1e1-8720-45f9-8a09-b3975a60d8ac} - c:\windows\resources\VolumeSys.dll
SEH: {45d06dd4-7b73-4ce0-bf56-b3b2142e93fa} - c:\windows\system32\ljJBrOHa.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXQIBts
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\0lzhyomp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\0lzhyomp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\0lzhyomp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-6 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-6 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-6 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-6 44768]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-14 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-6 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-2 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-6 136176]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-6-17 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-6-17 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-6-17 81288]
S3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [2004-3-9 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 129976]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-6-17 337800]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-6-17 1017224]
.
=============== Created Last 30 ================
.
2012-06-05 14:03:16 -------- d-----w- c:\windows\system32\Adobe
2012-06-04 02:19:06 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-04 02:19:01 -------- d-----w- c:\program files\Trend Micro
2012-06-04 02:13:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-04 02:13:39 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 20:32:03 248448 ----a-w- c:\windows\system32\PROUnstl.exe
.
==================== Find3M ====================
.
2012-06-04 02:12:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 04:18:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-02 04:18:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:16:04.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 09 June 2012 - 08:28 PM

Hi Rogue_wolf,


:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

:step1: Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next reply, please include:
  • Combofix log
  • FSS log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 11 June 2012 - 08:53 PM

Hi Rogue_wolf,

It has been two days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 11 June 2012 - 09:57 PM

let me download the program, run it tommorow, and I'll get back you. Funny thing is I have been cheking my email every day but didnt receive the notification until today about your post from two days ago. No matter, I'll download it today and run it tommorow and I'll tell you what happens next. Thank you.

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 15 June 2012 - 10:09 AM

Rogue_wolf,

Have you had a chance to follow my previous instructions?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 17 June 2012 - 11:44 PM

alright, just downloaded the combofix an hour ago, amazingly of all the programs I've tried this has to be the only one that got to the root of the problem with my start buttong being gone, I am now going to download the farbar service, will get back to you with the logs. but just one question. do you want me to copy and paste BOTH logs or just the farbar one? Thank you.

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 18 June 2012 - 07:25 AM

Yes, please copy and paste both logs into your reply. If it's too long for just one post, split it up into multiple posts. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 18 June 2012 - 10:17 AM

Hello Jason,

The program you recommended to me worked great! Like I said before, Combo fix seemed to be the best malware removal I have seen. After I ran it, once before I downloaded it and then, it continued running after the PC rebooted, It made some icons "re-appear" that were being held hostage by the virus onto the desktop. The virus also seemed to be holding hostage the "all programs" button in my start button, and it works fine now. It seems to have sped up the computer a little bit too, because it was a lot slower before, probably because it was eating up the ram. Well, everything worked out good, the only problem I have is that as before the virus is still holding the system clock hostage, because it still says "VIRUS ALERT!" next to the clock and is still presenting time in military time instead of regular 24 hours, as I have tried to change it before. But everything else seems to be fine, the shortcuts to my old icons reappeared in mt start button and my desktop, whereas before the virus seemed to have blocked access to them. Well, here are my logs from the combofix and the farbar service, in that order. Thank you.

ComboFix 12-06-16.02 - Owner 06/18/2012 0:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.266 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\salesmonitor
c:\documents and settings\All Users\Application Data\Starware322
c:\documents and settings\All Users\Application Data\Starware322\buttons\Dating0.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\Dating0.bmp_new
c:\documents and settings\All Users\Application Data\Starware322\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware322\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware322\buttons\Free_Credit_Score0.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\Free_Music0.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\Free_Music0.bmp_new
c:\documents and settings\All Users\Application Data\Starware322\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware322\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware322\buttons\Ringtones0.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\Ringtones0.bmp_new
c:\documents and settings\All Users\Application Data\Starware322\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\WeatherHot.bmp
c:\documents and settings\All Users\Application Data\Starware322\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware322\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware322\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware322\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware322\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware322\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware322\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware322\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware322\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware322\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware322\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware322\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Morgan Harvey\Application Data\SmartShopper
c:\documents and settings\Morgan Harvey\Application Data\Starware322
c:\documents and settings\Morgan Harvey\Application Data\Starware322\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Configurator\Configurator.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Configurator\Configurator.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Dating\DatingOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Dating\DatingOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Free_Credit_Score\Free_Credit_ScoreOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Free_Music\Free_MusicOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Free_Music\Free_MusicOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Layouts\ToolbarLayout.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Manager\ManagerOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Manager\ManagerOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Reference\ReferenceOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Ringtones\RingtonesOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Ringtones\RingtonesOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Toolbar\TBProductsOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Weather\AlertArchive.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Weather\WeatherOptions.xml
c:\documents and settings\Morgan Harvey\Application Data\Starware322\Weather\WeatherOptions.xml.backup
c:\documents and settings\Owner\Application Data\437B6FBE1BF9489C8D326843001E447E.rul
c:\documents and settings\Owner\Application Data\437B6FBE1BF9489C8D326843001E447E.sta
c:\documents and settings\Owner\Application Data\Error Safe Free
c:\documents and settings\Owner\Application Data\Error Safe Free\Logs\update.log
c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat
c:\documents and settings\Owner\Application Data\Starware322
c:\documents and settings\Owner\Application Data\Starware322\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Owner\Application Data\Starware322\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Configurator\Configurator.xml
c:\documents and settings\Owner\Application Data\Starware322\Configurator\Configurator.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Dating\DatingOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Dating\DatingOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Free_Credit_Score\Free_Credit_ScoreOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Free_Music\Free_MusicOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Free_Music\Free_MusicOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Layouts\ToolbarLayout.xml
c:\documents and settings\Owner\Application Data\Starware322\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Manager\ManagerOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Manager\ManagerOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Reference\ReferenceOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Ringtones\RingtonesOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Ringtones\RingtonesOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Toolbar\TBProductsOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware322\Weather\AlertArchive.xml
c:\documents and settings\Owner\Application Data\Starware322\Weather\WeatherOptions.xml
c:\documents and settings\Owner\Application Data\Starware322\Weather\WeatherOptions.xml.backup
c:\program files\Common Files\winantivirus pro 2007
c:\program files\Common Files\WinAntiVirus Pro 2007\err.log
c:\program files\ErrorSafe Free
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\25453C63.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\0002B1A9
c:\program files\MyWebSearch\bar\Cache\001C991C.bin
c:\program files\MyWebSearch\bar\Cache\001C9A2B.bin
c:\program files\MyWebSearch\bar\Cache\001C9AFD.bin
c:\program files\MyWebSearch\bar\Cache\193884B1
c:\program files\MyWebSearch\bar\Cache\19388C97
c:\program files\MyWebSearch\bar\Cache\1938B1C1.bin
c:\program files\MyWebSearch\bar\Cache\1938C121.bin
c:\program files\MyWebSearch\bar\Cache\1938C348.bin
c:\program files\MyWebSearch\bar\Cache\1938C6B9.bin
c:\program files\MyWebSearch\bar\Cache\1938C872.bin
c:\program files\MyWebSearch\bar\Cache\19E16D9E.bin
c:\program files\MyWebSearch\bar\Cache\19E16EFC.bin
c:\program files\MyWebSearch\bar\Cache\19E16FB1.bin
c:\program files\MyWebSearch\bar\Cache\19E17029.bin
c:\program files\MyWebSearch\bar\Cache\19E17173.bin
c:\program files\MyWebSearch\bar\Cache\1F97ECEA
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\PCHealthCenter
c:\program files\PCHealthCenter\0.gif
c:\program files\PCHealthCenter\1.gif
c:\program files\PCHealthCenter\2.gif
c:\program files\PCHealthCenter\3.gif
c:\program files\PCHealthCenter\sex1.ico
c:\program files\PCHealthCenter\sex2.ico
c:\program files\PCHealthCenter\Thumbs.db
c:\program files\Starware322
c:\program files\Starware322\icons\star_16.ico
C:\UWA7P
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\763444
c:\windows\system32\bszip.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\sex1.ico
c:\windows\system32\sex2.ico
c:\windows\system32\skhwpywx.ini
c:\windows\system32\stBIQXyb.ini
c:\windows\system32\stBIQXyb.ini2
c:\windows\system32\stera.job
c:\windows\system32\stera.log
c:\windows\system32\vxjnqura.ini
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FOPN
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-07 20:12 . 2012-06-07 20:12 -------- d-----w- c:\documents and settings\Morgan Harvey\Local Settings\Application Data\Apple
2012-06-06 22:26 . 2012-06-06 22:26 -------- d-sh--w- c:\documents and settings\Morgan Harvey\PrivacIE
2012-06-05 14:03 . 2012-06-05 14:03 -------- d-----w- c:\windows\system32\Adobe
2012-06-04 02:19 . 2012-06-04 02:19 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-04 02:19 . 2012-06-04 02:19 -------- d-----w- c:\program files\Trend Micro
2012-06-04 02:13 . 2012-06-04 02:12 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-04 02:13 . 2012-06-04 02:12 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 20:32 . 2007-12-20 14:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 02:12 . 2007-11-16 01:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 04:18 . 2012-05-02 04:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-02 04:18 . 2012-05-02 04:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-21 01:19 . 2012-06-04 02:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Hotkey"="s3hotkey.exe" [2007-06-28 40960]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-03-01 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"S3TRAY2"="S3Tray2.exe" [2007-06-28 69632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]
Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-7-31 36864]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/6/2012 9:04 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2012 9:04 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2012 9:04 PM 20696]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/14/2007 7:20 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2012 9:04 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/2/2012 12:18 AM 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2012 9:04 PM 136176]
S3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [3/9/2004 8:48 PM 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 10:45 PM 129976]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/17/2008 10:46 AM 337800]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 04:18]
.
2012-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 01:04]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 01:04]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-04 19:08]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-04 19:08]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1007Core.job
- c:\documents and settings\Morgan Harvey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-07 19:08]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1007UA.job
- c:\documents and settings\Morgan Harvey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-07 19:08]
.
2012-06-18 c:\windows\Tasks\User_Feed_Synchronization-{E220C219-E49B-4DAD-9D8E-7B9E7A439377}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lzhyomp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|http://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9B40B60E-D743-44B0-959C-35DD5FE37C45} - c:\windows\system32\byXQIBts.dll
HKCU-Run-ErrorSafeFree - c:\program files\ErrorSafe Free\uers.exe
HKCU-Run-Sys3.exe - C:\Sys3.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-ERScw - c:\program files\Common Files\Error Safe\ERScw.exe
HKLM-Run-Sys2.exe - C:\Sys2.exe
SSODL-xvorfwbd-{928F3026-8D9C-402F-A77E-784768C90284} - c:\windows\xvorfwbd.dll
SSODL-wpvmqosg-{1C06E39B-1AF9-4669-BB6E-0B3482926A9D} - c:\windows\wpvmqosg.dll
SSODL-VolumeSys-{f204b1e1-8720-45f9-8a09-b3975a60d8ac} - c:\windows\Resources\VolumeSys.dll
Notify-ljJBrOHa - ljJBrOHa.dll
Notify-msole - c:\windows\java\msole.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 00:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
c:\windows\system32\s3hotkey.exe
c:\windows\sm56hlpr.exe
c:\windows\system32\S3Tray2.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-18 00:37:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 04:37
.
Pre-Run: 9,081,851,904 bytes free
Post-Run: 9,649,569,792 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 63AD7D8E0F88D182F6A148019D1C2241


Farbar Service Scanner Version: 09-06-2012
Ran by Owner (administrator) on 18-06-2012 at 00:55:21
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2006-02-28 08:00] - [2006-05-19 08:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2006-02-28 08:00] - [2008-08-14 05:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2006-02-28 08:00] - [2006-02-28 08:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2006-02-28 08:00] - [2008-06-20 06:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2006-02-28 08:00] - [2006-02-28 08:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2006-02-28 08:00] - [2008-02-20 01:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2006-02-28 08:00] - [2006-02-28 08:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2006-02-28 08:00] - [2005-08-22 14:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2007-06-28 12:46] - [2006-02-28 08:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2007-06-28 12:49] - [2006-02-28 08:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2007-06-28 12:49] - [2006-02-28 08:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2006-02-28 08:00] - [2006-02-28 08:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2007-06-28 12:46] - [2006-02-28 08:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2007-06-28 12:49] - [2006-02-28 08:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2007-06-28 12:49] - [2006-02-28 08:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2006-02-28 08:00] - [2008-07-07 16:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2006-02-28 08:00] - [2006-02-28 08:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2006-02-28 08:00] - [2006-02-28 08:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2006-02-28 08:00] - [2009-02-09 06:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2006-02-28 08:00] - [2009-02-06 13:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE



**** End of log ****

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 18 June 2012 - 11:21 AM

Rogue_wolf,

:step1: Rerun Combofix

Open notepad and copy/paste the text below into it:

http://www.bleepingcomputer.com/forums/topic456009.html

Suspect::[139]
c:\windows\system32\S3Tray2.exe

MIA::
c:\windows\system32\drivers\usbehci.sys

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

If asked to update ComboFix, please click Yes to allow it to update.

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.


:step2: Install and Run Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It will take some time to complete so please be patient!
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include:
  • Combofix log
  • Malwarebytes log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 21 June 2012 - 01:11 PM

Rogue_wolf,

It has been 3 days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 21 June 2012 - 08:37 PM

Ok jason,

How you been. Sorry i took so long to reply I have two laptops and only one charger, because the other charger for my laptop fried. So I did everything you said, followed all your instructions step-by-step, and when I got to copying & pasting the notepad and scanning with combofix, the first scan went through w/o any problems. The second scan, it seems, after the operating system reboots, the program crashed and an error message from Microsoft said that I had to submit it it Microsoft. Well, I re-attempted it and did everything back to step one, dragged the notepad from the folder into the combofix.exe, and it ran fine with the first scan and the second scan. It went through w/o any problems the second time. Then i saved the log, followed your other instructions on d/l and installing malware bytes. So here are the logs, oh, and btw, I managed to obtain my screenshot grabber and snagged me a screenshot of the problem with the clock I told you about previously, with the virus hijacking the system tray. It seems the code you wrote seemed to stop my normal programs, which are my Microsoft messenger, my tv tuner program & my wireless notebook switch. So here are the logs, along with the screenshot of the system clock, & the virus alert!. Interestingly enough, when I look through the "event viewer" in my administrative tools section of the control panel, all the time stamps there seems to says the date, time & the annoying "virus alert" notification along with it too next to the time stamps. Anyways I hope that was specific enough, Here the scan logs and the screenshot. Thank you for you time.

Error code 0000000a, parameter1 00000016, parameter2 00000002, parameter3 00000000, parameter4 804dbda3.
(error log from windows when it restarted with the combofix second scan)
COMOFIX LOG


ComboFix 12-06-21.02 - Owner 06/21/2012 18:13:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.177 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
file zipped: c:\windows\system32\S3Tray2.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Morgan Harvey\err.log
c:\documents and settings\Owner\err.log
c:\documents and settings\Owner\Favorites\Error Cleaner.url
c:\documents and settings\Owner\Favorites\Privacy Protector.url
c:\documents and settings\Owner\Favorites\Spyware&Malware Protection.url
c:\documents and settings\Owner\ResErrors.log
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 20:42 . 2012-06-21 20:56 -------- d-----w- C:\21867540cc22dbbf8477
2012-06-07 20:12 . 2012-06-07 20:12 -------- d-----w- c:\documents and settings\Morgan Harvey\Local Settings\Application Data\Apple
2012-06-06 22:26 . 2012-06-06 22:26 -------- d-sh--w- c:\documents and settings\Morgan Harvey\PrivacIE
2012-06-05 14:03 . 2012-06-05 14:03 -------- d-----w- c:\windows\system32\Adobe
2012-06-04 02:19 . 2012-06-04 02:19 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-04 02:19 . 2012-06-04 02:19 -------- d-----w- c:\program files\Trend Micro
2012-06-04 02:13 . 2012-06-04 02:12 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-04 02:13 . 2012-06-04 02:12 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 20:32 . 2007-12-20 14:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 02:12 . 2007-11-16 01:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 04:18 . 2012-05-02 04:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-02 04:18 . 2012-05-02 04:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-21 01:19 . 2012-06-04 02:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_04.30.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 21:37 . 2012-06-21 21:37 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2012-06-21 20:59 . 2012-06-21 20:59 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2007-06-28 20:45 . 2012-06-21 20:46 56731752 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Hotkey"="s3hotkey.exe" [2007-06-28 40960]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-03-01 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"S3TRAY2"="S3Tray2.exe" [2007-06-28 69632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]
Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-7-31 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/14/2007 7:20 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2012 9:04 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/2/2012 12:18 AM 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2012 9:04 PM 136176]
S3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [3/9/2004 8:48 PM 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 10:45 PM 129976]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/17/2008 10:46 AM 337800]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 04:18]
.
2012-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 01:04]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 01:04]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-04 19:08]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-04 19:08]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1007Core.job
- c:\documents and settings\Morgan Harvey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-07 19:08]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1060284298-1007UA.job
- c:\documents and settings\Morgan Harvey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-07 19:08]
.
2012-06-21 c:\windows\Tasks\User_Feed_Synchronization-{E220C219-E49B-4DAD-9D8E-7B9E7A439377}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lzhyomp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|http://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 18:27
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-21 18:31:49
ComboFix-quarantined-files.txt 2012-06-21 22:31
ComboFix2.txt 2012-06-18 04:37
.
Pre-Run: 11,417,202,688 bytes free
Post-Run: 11,412,381,696 bytes free
.
- - End Of File - - DD689A0EEB884E38A963AB8E0130256F
Upload was successful



MALWAREBYTES LOG


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.21.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-22FB45311 [administrator]

Protection: Enabled

6/21/2012 18:49: VIRUS ALERT!
mbam-log-2012-06-21 (20-48-32).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258470
Time elapsed: 1 hour(s), 58 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{6F520BE0-9B54-4558-816F-224E67997DF3} (Rogue.WinAntiVirus) -> No action taken.
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749} (Rogue.WinAntiVirus) -> No action taken.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} (Trojan.BHO) -> No action taken.
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} (Trojan.BHO) -> No action taken.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKCR\vrmdtneg.bkod (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\VAV (Rogue.VistaAntiVirus2008) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ErrorSafe Additional Feature (Trojan.FakeAlert) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken.

Registry Data Items Detected: 2
HKCU\Control Panel\International|sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion|ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0016644-25349) -> No action taken.

Folders Detected: 4
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs (Rogue.WinAntiVirus) -> No action taken.

Files Detected: 20
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJpeg.dll.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTactl.dll.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTml.dll.vir (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089487.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089489.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089490.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089492.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089488.DLL (PUP.FunWebProducts) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\CookieList.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\history.db (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\update.log (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntiVirus) -> No action taken.

(end)

Attached Files



#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 21 June 2012 - 08:47 PM

Rogue_Wolf,

"It seems the code you wrote seemed to stop my normal programs, which are my Microsoft messenger, my tv tuner program & my wireless notebook switch"

What do you mean by "stopped"? Are you able to open these programs, or do you get an error message (if you do, what exactly does it say?)


You didn't allow Malwarebytes to fix the problems.

Please Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected. <-- IMPORTANT!
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by jntkwx, 21 June 2012 - 08:47 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 22 June 2012 - 05:51 PM

Well I didn't let malware bytes quarantine the files because I must have misunderstood you when you said you didn't want me to make any changes until you read the scan logs. So I went ahead and removed the objects identified by the scan, and voila, it fixed it perfectly. It worked marvelously. And when I said before that it stopped some programs from the system tray, It only did it once, but yes they worked fine when I launched them, but didn't automatically appear when I restarted the computer after combofix rebooted the computer. but ever since that, I rebooted the computer again and everything went back to normal, so the applications auto-launched at start-up just like before. Well the computer is running faster, all the RAM the virus was eating has been freed, and it looks to be running just like new. I'm going i post the final log from malware bytes in case you need it, and if you need any more information, just message me. Thank you for your time and assistance, Jason.


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-22FB45311 [administrator]

Protection: Enabled

6/22/2012 4:40:29 PM
mbam-log-2012-06-22 (16-40-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260248
Time elapsed: 1 hour(s), 36 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{6F520BE0-9B54-4558-816F-224E67997DF3} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\vrmdtneg.bkod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\VAV (Rogue.VistaAntiVirus2008) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ErrorSafe Additional Feature (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\Control Panel\International|sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion|ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0016644-25349) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Files Detected: 21
C:\Documents and Settings\Owner\Local Settings\temp\Rar$EX10.0313\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJpeg.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTactl.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTml.dll.vir (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089487.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089489.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089490.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089492.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B117A42-2E86-4D5F-AD1D-3A27A84A1F99}\RP184\A0089488.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\CookieList.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\history.db (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\update.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

(end)

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:39 AM

Posted 23 June 2012 - 08:11 AM

Rogue_wolf,

Looking much better! :thumbup2:


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

In your next reply, please include:
  • ESET log
  • Copy and paste the contents of C:\Qoobox\Add-Remove Programs.txt
  • How's your computer running now? Please be as detailed in your description as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 24 June 2012 - 10:35 PM

eset scan log


C:\Documents and Settings\Owner\Desktop\New Folder\apps\Ultimate_hack_2008.rar multiple threats
C:\Documents and Settings\Owner\Local Settings\temp\47733FAD-BAB0-7891-BAFB-F327CA0DBDE5\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Owner\Local Settings\temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Owner\My Documents\Downloads\Optimum_installer_Setup.exe probably a variant of Win32/Adware.iBryte.B application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\skhwpywx.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\stBIQXyb.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\stBIQXyb.ini2.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\vxjnqura.ini.vir Win32/Adware.Virtumonde.NEO application




Qoobox log
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.6
AIM 6
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Big Fish Games Client
Bonjour
Disney Pirates of the Caribbean Online
Easy-WebPrint
Escape From Paradise
Google Chrome
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel Application Accelerator
Intel® Network Connections Drivers
iPod for Windows 2006-03-23
iTunes
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MortScript
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MySpaceIM
Nice Start Demo
Puppy Luv (remove only)
QuickBooks Pro 2006
QuickTime
RealArcade
S3Display
S3Gamma2
S3Info2
ScanSoft OmniPage SE 4.0
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SMSC IrCC V5.1.3600.7
Spyware Doctor 5.5
swMSM
The Sims 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Virtual Villagers
Virtual Villagers - The Secret City
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Wireless-G Notebook Adapter
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Messenger




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users