Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoorwin32.Bifrose.fsi help!


  • Please log in to reply
15 replies to this topic

#1 ape27

ape27

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 September 2012 - 02:44 PM

i there you guys are fantastic you helped me remove a Trojan a few weeks ago. Yesterday I could tell something infiltrated my computer again and ran Adware, Malware and spybot. Adware quarantined Backdoorwin32.Bifrose.fsi. I rebooted the computer like it told me to but it is still running constantly and is still slow. Do you have any advice on how to ensure this Trojan was removed?

Thank you!

BC AdBot (Login to Remove)

 


#2 xAPMx

xAPMx

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:51 AM

Posted 15 September 2012 - 02:49 PM

What are your system specs?

Operating System?
Make/Model of PC or CPU/RAM specs?

I assume by "Malware" you mean Malwarebytes? Have you tried running Malwarebytes Anti-Malware?

"it is still running constantly" - Do you mean you can hear the hard drive running?

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 AM

Posted 15 September 2012 - 03:10 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 ape27

ape27
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 16 September 2012 - 04:03 PM

Hi,

I have a dell Dimension c521 with 1024 Ram and use Windows XP.

Here is a list of the scans I ran. ESET said there were no results. There was nothing to click on to list the threats. I don't know if I did it right or not. Please let me know. Thank you so much for your help.

TDSS killer report
16:59:13.0906 3068 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:59:14.0171 3068 ============================================================
16:59:14.0171 3068 Current date / time: 2012/09/15 16:59:14.0171
16:59:14.0171 3068 SystemInfo:
16:59:14.0171 3068
16:59:14.0171 3068 OS Version: 5.1.2600 ServicePack: 3.0
16:59:14.0171 3068 Product type: Workstation
16:59:14.0171 3068 ComputerName: OFFICE
16:59:14.0171 3068 UserName: Aprel Goddard
16:59:14.0171 3068 Windows directory: C:\WINDOWS
16:59:14.0171 3068 System windows directory: C:\WINDOWS
16:59:14.0171 3068 Processor architecture: Intel x86
16:59:14.0171 3068 Number of processors: 2
16:59:14.0171 3068 Page size: 0x1000
16:59:14.0171 3068 Boot type: Normal boot
16:59:14.0171 3068 ============================================================
16:59:15.0312 3068 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:59:15.0375 3068 ============================================================
16:59:15.0375 3068 \Device\Harddisk0\DR0:
16:59:15.0375 3068 MBR partitions:
16:59:15.0375 3068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE
16:59:15.0375 3068 ============================================================
16:59:15.0406 3068 C: <-> \Device\Harddisk0\DR0\Partition1
16:59:15.0421 3068 ============================================================
16:59:15.0421 3068 Initialize success
16:59:15.0421 3068 ============================================================
16:59:17.0109 0696 ============================================================
16:59:17.0109 0696 Scan started
16:59:17.0109 0696 Mode: Manual;
16:59:17.0109 0696 ============================================================
16:59:17.0515 0696 ================ Scan system memory ========================
16:59:17.0515 0696 System memory - ok
16:59:17.0515 0696 ================ Scan services =============================
16:59:17.0687 0696 Abiosdsk - ok
16:59:17.0703 0696 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:59:17.0812 0696 abp480n5 - ok
16:59:17.0859 0696 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:59:17.0859 0696 ACPI - ok
16:59:17.0890 0696 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:59:17.0890 0696 ACPIEC - ok
16:59:17.0953 0696 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:17.0953 0696 AdobeFlashPlayerUpdateSvc - ok
16:59:17.0984 0696 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:59:18.0125 0696 adpu160m - ok
16:59:18.0203 0696 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:59:18.0296 0696 aec - ok
16:59:18.0359 0696 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:59:18.0359 0696 AFD – ok

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-15 17:04:33
-----------------------------
17:04:33.937 OS Version: Windows 5.1.2600 Service Pack 3
17:04:33.937 Number of processors: 2 586 0x4B02
17:04:33.937 ComputerName: OFFICE UserName:
17:04:34.421 Initialize success
17:04:48.062 The log file has been saved successfully to "C:\Documents and Settings\Aprel Goddard\My Documents\Downloads\aswMBR.txt"
17:09:26.437 AVAST engine defs: 12091400
18:07:21.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:07:21.406 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
18:07:21.421 Disk 0 MBR read successfully
18:07:21.421 Disk 0 MBR scan
18:07:21.750 Disk 0 unknown MBR code
18:07:21.781 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:07:21.796 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149464 MB offset 80325
18:07:21.828 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306198900
18:07:21.843 Disk 0 scanning sectors +312496380
18:07:21.968 Disk 0 scanning C:\WINDOWS\system32\drivers
18:07:47.171 Service scanning
18:08:22.265 Modules scanning
18:08:42.312 Disk 0 trace - called modules:
18:08:42.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:08:42.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ed4ab8]
18:08:42.343 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000067[0x86051be0]
18:08:42.343 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85fc2940]
18:08:44.046 AVAST engine scan C:\WINDOWS
18:09:12.687 AVAST engine scan C:\WINDOWS\system32
18:12:59.937 AVAST engine scan C:\WINDOWS\system32\drivers
18:13:17.234 AVAST engine scan C:\Documents and Settings\Aprel Goddard
18:25:42.343 AVAST engine scan C:\Documents and Settings\All Users
18:30:23.156 Scan finished successfully
08:40:36.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aprel Goddard\My Documents\Downloads\MBR.dat"
08:40:37.062 The log file has been saved successfully to "C:\Documents and Settings\Aprel Goddard\My Documents\Downloads\aswMBR2.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 AM

Posted 16 September 2012 - 04:07 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#6 ape27

ape27
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 16 September 2012 - 04:20 PM

Oh sorry I did mean to say that when I said I ran Malware it was Anti malware. It didn't find anything. Should I still run it?

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 AM

Posted 16 September 2012 - 04:22 PM

yes,update it and run a full scan

#8 ape27

ape27
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 17 September 2012 - 09:20 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Aprel Goddard (administrator) on 16-09-2012 at 17:22:07
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15215 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Office
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nh.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.nh.comcast.net.
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-13-72-3B-78-81
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
Lease Obtained. . . . . . . . . . : Sunday, September 16, 2012 8:40:01 AM
Lease Expires . . . . . . . . . . : Monday, September 17, 2012 8:40:01 AM
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 173.194.43.37, 173.194.43.41, 173.194.43.32, 173.194.43.40
173.194.43.34, 173.194.43.35, 173.194.43.39, 173.194.43.36, 173.194.43.46
173.194.43.38, 173.194.43.33


Pinging google.com [74.125.226.238] with 32 bytes of data:

Reply from 74.125.226.238: bytes=32 time=40ms TTL=54
Reply from 74.125.226.238: bytes=32 time=39ms TTL=54

Ping statistics for 74.125.226.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 40ms, Average = 39ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=58ms TTL=51
Reply from 98.138.253.109: bytes=32 time=83ms TTL=51

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 83ms, Average = 70ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 3b 78 81 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/14/2012 02:03:53 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (09/14/2012 01:48:25 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1116954496.

Error: (09/14/2012 01:48:16 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1116954496.

Error: (09/14/2012 01:48:03 PM) (Source: Application Hang) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/14/2012 01:48:03 PM) (Source: Application Hang) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/12/2012 09:48:03 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (09/12/2012 09:47:48 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/10/2012 06:04:32 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (09/08/2012 10:26:59 AM) (Source: Application Hang) (User: )
Description: Fault bucket -1227688620.

Error: (09/08/2012 10:26:28 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/16/2012 08:40:37 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error: (09/15/2012 03:33:40 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 0013723B7881.

Error: (09/14/2012 01:53:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (09/13/2012 02:13:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (09/13/2012 02:03:08 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 0013723B7881.

Error: (09/12/2012 09:47:11 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 0013723B7881.

Error: (09/10/2012 03:02:53 PM) (Source: DCOM) (User: OFFICE)
Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout.

Error: (09/09/2012 07:52:42 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error: (09/08/2012 09:07:49 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Error: (09/08/2012 09:04:15 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 0013723B7881.


Microsoft Office Sessions:
=========================
Error: (07/31/2012 01:14:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 352670 seconds with 3780 seconds of active time. This session ended with a crash.

Error: (04/26/2012 00:52:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 115774 seconds with 19320 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:55:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:55:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:55:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:54:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:54:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:54:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:54:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/28/2011 03:53:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

6200 (Version: 47.0.1.000)
6200_Help (Version: 47.0.1.000)
6200Trb (Version: 47.0.1.000)
Ad-Aware
Ad-Aware (Version: 8.3.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.2)
Broadcom Management Programs (Version: 9.03.01)
BufferChm (Version: 45.4.157.000)
Coupon Printer for Windows (Version: 5.0.0.1)
Dell CinePlayer (Version: 3.0)
Dell Resource CD (Version: 1.00.0000)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
Desktop Doctor (Version: 2.5.5)
Destinations (Version: 45.4.157.000)
Digital Content Portal (Version: 1.00.0000)
Director (Version: 45.4.157.000)
EarthLink Setup Files (Version: 2005.2.178.0.2.2)
ESET Online Scanner v3
Fax (Version: 47.0.1.000)
Google Drive (Version: 1.3.3209.2688)
Google Update Helper (Version: 1.3.21.115)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP Image Zone 4.7 (Version: 4.7)
HP Image Zone Express (Version: 1.1.000.035)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
iTunes (Version: 10.4.0.80)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Juniper Networks Setup Client (Version: 2.2.5.9755)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
McAfee Security Scan Plus (Version: 3.0.207.4)
McAfee SecurityCenter (Version: 10.5.240)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
PMB (Version: 5.2.00.03250)
ProductContext (Version: 47.0.1.000)
QFolder (Version: 1.00.0000)
Qualxserve Service Agreement (Version: 1.11.0000)
QuickTime (Version: 7.72.80.56)
Readme (Version: 47.0.1.000)
RealPlayer Basic
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
Sonic Activation Module (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 958.42 MB
Available physical RAM: 450.8 MB
Total Pagefile: 2314.32 MB
Available Pagefile: 1567.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:145.96 GB) (Free:115.82 GB) NTFS

========================= Users: ========================================

User accounts for \\OFFICE

Administrator Aprel Goddard Christie Davis
Guest HelpAssistant McAfeeMVSUser
SUPPORT_388945a0


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Aprel Goddard (administrator) on 17-09-2012 at 10:07:57
Running from "C:\Documents and Settings\Aprel Goddard\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdi2k(8) MPFP(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
# AdwCleaner v2.002 - Logfile created 09/17/2012 at 10:09:42
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Aprel Goddard - OFFICE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Aprel Goddard\My Documents\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Christie Davis\Application Data\Mozilla\Firefox\Profiles\ps7goqy6.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Aprel Goddard\Application Data\Mozilla\Firefox\Profiles\gjmw8rtf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2318 octets] - [14/08/2012 21:19:28]
AdwCleaner[S3].txt - [1436 octets] - [17/09/2012 10:09:42]

########## EOF - C:\AdwCleaner[S3].txt - [1496 octets] ##########

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 AM

Posted 17 September 2012 - 09:23 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#10 ape27

ape27
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 17 September 2012 - 09:59 AM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ddoctorv2" "" "SupportSoft, Inc." "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe"
+ "DMXLauncher" "" "" "c:\program files\dell\media experience\dmxlauncher.exe"
+ "HP Software Update" "hpwuSchd" "Hewlett-Packard Company" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "mcui_exe" "McAfee Security Center" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 110.49 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "PMBVolumeWatcher" "Media Check Tool" "Sony Corporation" "c:\program files\sony\pmb\pmbvolumewatcher.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RealTray" "RealPlayer" "RealNetworks, Inc." "c:\program files\real\realplayer\realplay.exe"
+ "SigmatelSysTrayApp" "Sigmatel Audio system tray application" "SigmaTel, Inc." "c:\windows\stsystra.exe"
+ "SunJavaUpdateSched" "Java™ 2 Platform Standard Edition binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.5.0_06\bin\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "America Online 9.0 Tray Icon.lnk" "AOL Tray Icon" "America Online, Inc." "c:\program files\america online 9.0\aoltray.exe"
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files\mcafee security scan\3.0.207\ssscheduler.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DellSupport" "Dell Support" "Gteko Ltd." "c:\program files\dell support\dsagnt.exe"
+ "Download" "" "" "c:\documents and settings\aprel goddard\local settings\application data\supportsoft\ddoctorv2\aprel goddard\ssget.exe"
+ "GoogleDriveSync" "Google Drive" "Google" "c:\program files\google\drive\googledrivesync.exe"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "myrm" "myRumor Subsystem MyRmProt Module" "McAfee, Inc." "c:\program files\mcafee\managed virusscan\agent\myrmprot5.0.0.531.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "Shell Extension " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "Yahoo! Mail" "YMMAPI Module" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 110.49 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "Shell Extension " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "GDriveBlacklistedOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
+ "GDriveSharedOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
+ "GDriveSyncedOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
+ "GDriveSyncingOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\scriptsn.20110917141323.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "SSVHelper Class" "Java™ 2 Platform Standard Edition binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.5.0_06\bin\ssv.dll"
+ "Yahoo! IE Services Button" "Yahoo! IE Services" "Yahoo! Inc." "c:\program files\yahoo!\common\yiesrvc.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Sun Java Console" "Java™ 2 Platform Standard Edition binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.5.0_06\bin\ssv.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "Yahoo! Services" "Yahoo! IE Services" "Yahoo! Inc." "c:\program files\yahoo!\common\yiesrvc.dll"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "Ad-Aware Admin Application " "Lavasoft Limited " "c:\program files\lavasoft\ad-aware\ad-awareadmin.exe"
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AOL ACS" "AOL Connectivity Service" "America Online, Inc." "c:\program files\common files\aol\acs\aolacsd.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Lavasoft Ad-Aware Service" "Ad-Aware Service" "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\3.0.207\mcchsvc.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNaiAnn" "McAfee VirusScan Announcer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McODS" "Scans specified locations on this computer for viruses and other threats. The service runs for scheduled scans and manual scans." "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "mfefire" "Provides firewall services to McAfee products" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "myAgtSvc" "Controls scanning and updating activities at the desktop for Virus and Spyware Protection Services." "McAfee, Inc." "c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PMBDeviceInfoProvider" "Enables PMB to communicate with the device." "Sony Corporation" "c:\program files\sony\pmb\pmbdeviceinfoprovider.exe"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\hpzipm12.exe"
+ "sprtsvc_ddoctorv2" "SupportSoft Sprocket Service" "SupportSoft, Inc." "c:\program files\comcast\desktop doctor\bin\sprtsvc.exe"
+ "Symantec Core LC" "Symantec Core LC" "" "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AmdK8" "AMD Processor Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdk8.sys"
+ "ASCTRM" "TR Manager" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\asctrm.sys"
+ "bcm4sbxp" "Broadcom Corporation NDIS 5.1 ethernet driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\APRELG~1\LOCALS~1\Temp\catchme.sys"
+ "cfwids" "McAfee Personal Firewall IDS Plugin" "McAfee, Inc." "c:\windows\system32\drivers\cfwids.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DSproct" "Process Trigger Driver" "GTek Technologies Ltd." "c:\program files\dell support\gtaction\triggers\dsproct.sys"
+ "E100B" "NDIS 5 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "Lavasoft Kernexplorer" "" "" "c:\program files\lavasoft\ad-aware\kernexplorer.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01" "" "" "File not found: C:\WINDOWS\System32\Drivers\mfeavfk01.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfefirek" "McAfee Core Firewall Engine Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mfendisk" "McAfee NDIS Intermediate Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfendisk.sys"
+ "mfendiskmp" "McAfee NDIS Intermediate Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfendisk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfetdi2k" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfetdi2k.sys"
+ "MPFP" "McAfee Personal Firewall Plus Driver" "McAfee, Inc." "c:\windows\system32\drivers\mpfp.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.48 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "SDDMI2" "DDMI Service" "Gteko Ltd." "c:\windows\system32\ddmi2.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "symlcbrd" "Symantec Core Component" "Symantec Corporation" "c:\windows\system32\drivers\symlcbrd.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "wanatw" "Wan Miniport (ATW)" "America Online, Inc." "c:\windows\system32\drivers\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Photo Story 2 Trial Source Filter" "Plus! Photo Story 2 LE" "Microsoft Corporation" "c:\program files\microsoft plus! photo story 2 le\pssf2try.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Cinemaster® MCE Audio Decoder" "CinemasterAudio" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemasteraudio.dll"
+ "Sonic Cinemaster® VCD Navigator" "Sonic Cinemaster ® DS VCD Navigator" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemastervcdnav.dll"
+ "Sonic CM® DS VideoDecoder 4.0" "CinemasterVideo" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemastervideo.dll"
+ "Sonic DVD-VR Navigator" "Sonic Cinemaster ® DVD-VR Navigator" "Sonic Solutions" "c:\program files\common files\sonic shared\sonicdvddashvrnav.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WAV Dest Trial" "Plus! Photo Story 2 LE" "Microsoft Corporation" "c:\program files\microsoft plus! photo story 2 le\wavd2try.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpzlnt12" "" "HP" "c:\windows\system32\hpzlnt12.dll"

#11 ape27

ape27
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 17 September 2012 - 10:02 AM

Sorry here is the RKill log

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/17/2012 10:52:52 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (PID: 3744) [FI]
* C:\WINDOWS\stsystra.exe (PID: 3764) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/17/2012 10:54:08 AM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 AM

Posted 17 September 2012 - 10:14 AM

Uninstall Ad aware.It would conflict with mcafee antivirus and degrade system performance.

Any current issues?

#13 ape27

ape27
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 17 September 2012 - 10:43 AM

Can I uninstall Mcafee? I don't use it. It is not updated and hasn't been used in over 2 years probably.

Ad aware is the program that found that trojan for me.

I don't have any issues at the moment.

You guys are really amazing! Thank you so much and let me know about macafee.

THANK YOU!

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 AM

Posted 17 September 2012 - 10:45 AM

You can use the mcafee removal tool

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 ape27

ape27
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 17 September 2012 - 10:48 AM

Thank you! You are fabulous!

I learned tons from reading about security on your site so I thought I was better. I will have to be even more careful. That thing scared me!

THANKS!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users