Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI/Moneypak Malware: Have I removed it?


  • Please log in to reply
5 replies to this topic

#1 Brandage

Brandage

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 14 November 2012 - 05:37 PM

I was infected with the malware from the moneypak scam. I followed the first part of the procedure published several times by naranxp to remove the malware (see post by bighenny22 for example). I then rebooted in normal mode and followed the remainder of the procedure to check the system. My computer has been running fine now for two days. My question is: Have I done everything I need to? I ask, because naranxp asks for log files, which I can't understand. Should I look at something particular in those files? Finally, my thanks to naranxp for working out a good fix and being kind enough to post it multiple times for those of us less skilled.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:21 PM

Posted 14 November 2012 - 05:52 PM

Can you post the logs ?

#3 Brandage

Brandage
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 17 November 2012 - 02:58 PM

OK,here are all the log files.



TDSS

16:02:57.0546 1760 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:02:58.0000 1760 ============================================================
16:02:58.0000 1760 Current date / time: 2012/11/12 16:02:58.0000
16:02:58.0000 1760 SystemInfo:
16:02:58.0000 1760
16:02:58.0000 1760 OS Version: 5.1.2600 ServicePack: 3.0
16:02:58.0000 1760 Product type: Workstation
16:02:58.0000 1760 ComputerName: Study
16:02:58.0000 1760 UserName: Administrator
16:02:58.0000 1760 Windows directory: C:\WINDOWS
16:02:58.0000 1760 System windows directory: C:\WINDOWS
16:02:58.0000 1760 Processor architecture: Intel x86
16:02:58.0000 1760 Number of processors: 2
16:02:58.0000 1760 Page size: 0x1000
16:02:58.0000 1760 Boot type: Safe boot with network
16:02:58.0000 1760 ============================================================
16:03:00.0546 1760 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:03:00.0593 1760 ============================================================
16:03:00.0593 1760 \Device\Harddisk0\DR0:
16:03:00.0593 1760 MBR partitions:
16:03:00.0593 1760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758
16:03:00.0593 1760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x1C0BAF29
16:03:00.0593 1760 ============================================================
16:03:00.0656 1760 C: <-> \Device\Harddisk0\DR0\Partition2
16:03:00.0656 1760 D: <-> \Device\Harddisk0\DR0\Partition1
16:03:00.0687 1760 ============================================================
16:03:00.0687 1760 Initialize success
16:03:00.0687 1760 ============================================================
16:03:22.0859 1756 Deinitialize success



aswMBR Log File

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 16:12:19
-----------------------------
16:12:19.562 OS Version: Windows 5.1.2600 Service Pack 3
16:12:19.562 Number of processors: 2 586 0x403
16:12:19.562 ComputerName: Study UserName:
16:12:20.187 Initialize success
16:14:01.578 AVAST engine defs: 12111201
16:14:24.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
16:14:24.078 Disk 0 Vendor: WDC_WD2500JS-60MHB1 10.02E02 Size: 238475MB BusType: 3
16:14:24.093 Disk 0 MBR read successfully
16:14:24.109 Disk 0 MBR scan
16:14:24.140 Disk 0 unknown MBR code
16:14:24.156 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8714 MB offset 63
16:14:24.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229749 MB offset 17848215
16:14:24.187 Disk 0 scanning sectors +488376000
16:14:24.265 Disk 0 scanning C:\WINDOWS\system32\drivers
16:14:36.187 Service scanning
16:14:56.421 Modules scanning
16:15:00.953 Disk 0 trace - called modules:
16:15:01.000 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:15:01.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8633dab8]
16:15:01.062 3 CLASSPNP.SYS[f754efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8637ed98]
16:15:01.734 AVAST engine scan C:\WINDOWS
16:15:29.125 AVAST engine scan C:\WINDOWS\system32
16:20:50.203 AVAST engine scan C:\WINDOWS\system32\drivers
16:21:17.281 AVAST engine scan C:\Documents and Settings\Administrator
16:22:50.953 AVAST engine scan C:\Documents and Settings\All Users
16:26:53.734 Scan finished successfully
16:29:41.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
16:29:41.453 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR Brandage.txt"

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f2609cd08f879743a82d47cd6bad9bdf
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-12 11:59:20
# local_time=2012-11-12 05:59:20 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776550 42 92 0 5456098 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134790
# found=2
# cleaned=2
# scan_time=4837
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\3095\RpcPing.exe
a variant of Win32/Kryptik.AONP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\
W206JO8U\e50a02c811e82c1352674433[1].exe
a variant of Win32/Kryptik.AONP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: Study [administrator]

Protection: Enabled

11/12/2012 7:31:33 PM
malwarebytes-log-2012-11-12 (22-05-33).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348197
Time elapsed: 2 hour(s), 9 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MINI Toolbox

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by HP_Administrator (administrator) on 13-11-2012 at 08:36:00
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 168.94.74.68:8080

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Study
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-14-2A-B7-C5-28
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::214:2aff:feb7:c528%4
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Lease Obtained. . . . . . . . . . : Tuesday, November 13, 2012 8:02:56 AM
Lease Expires . . . . . . . . . . : Tuesday, November 13, 2012 10:02:56 AM

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C0-A8-00-64
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.100%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 74.125.140.139, 74.125.140.101, 74.125.140.102, 74.125.140.138
74.125.140.100, 74.125.140.113


Pinging google.com [74.125.137.101] with 32 bytes of data:

Reply from 74.125.137.101: bytes=32 time=37ms TTL=47
Reply from 74.125.137.101: bytes=32 time=33ms TTL=47

Ping statistics for 74.125.137.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 37ms, Average = 35ms
DNS request timed out.
timeout was 2 seconds.
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=70ms TTL=48
Reply from 98.138.253.109: bytes=32 time=80ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 70ms, Maximum = 80ms, Average = 75ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 2a b7 c5 28 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.100 192.168.0.100 30
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll [73728] ()
Catalog9 02 C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll [73728] ()
Catalog9 03 C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll [73728] ()
Catalog9 04 C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll [73728] ()
Catalog9 05 C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll [73728] ()
Catalog9 06 C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll [73728] ()
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll [73728] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/13/2012 07:11:42 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/13/2012 07:11:42 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 passthrough, P4 1.1.8904.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/13/2012 07:11:41 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.8904.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/13/2012 07:11:41 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.8904.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/13/2012 07:11:40 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.8904.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/13/2012 07:11:40 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.8904.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/13/2012 07:11:39 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.8904.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/13/2012 07:11:33 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 0.0.0.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/12/2012 10:27:31 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (11/12/2012 07:28:05 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (11/13/2012 07:11:23 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (11/13/2012 07:11:23 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (11/13/2012 07:11:22 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%834

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%838

Error: (11/13/2012 07:07:21 AM) (Source: Service Control Manager) (User: )
Description: The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error:
%%1070

Error: (11/13/2012 07:07:21 AM) (Source: Service Control Manager) (User: )
Description: The Terminal Services service hung on starting.

Error: (11/13/2012 07:07:21 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
SRTSPX
SymDS
SymEFA
SymIRON
SYMTDI

Error: (11/13/2012 07:07:21 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service hung on starting.

Error: (11/13/2012 07:07:21 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (11/13/2012 07:07:21 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service hung on starting.

Error: (11/13/2012 07:07:21 AM) (Source: Service Control Manager) (User: )
Description: The IPv6 Helper Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (11/13/2012 07:11:42 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.1.522.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (11/13/2012 07:11:42 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0passthrough1.1.8904.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (11/13/2012 07:11:41 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.8904.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (11/13/2012 07:11:41 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.8904.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (11/13/2012 07:11:40 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.8904.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (11/13/2012 07:11:40 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.8904.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (11/13/2012 07:11:39 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.8904.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (11/13/2012 07:11:33 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout0.0.0.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (11/12/2012 10:27:31 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (11/12/2012 07:28:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 7.0.8 (Version: 7.0.8)
Agatha Christie: Dead Mans Folly (remove only)
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan_CDA (Version: 50.0.214.000)
AiOSoftwareNPI (Version: 50.0.214.000)
Alchemy Deluxe 1.6
Altavista Toolbar
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
ATI Control Panel (Version: 6.14.10.5166)
ATI Display Driver (Version: 8.17-050813a1-025991C-HP)
Big Fish Games: Game Manager (Version: 1.5.1.0)
Bonjour (Version: 1.0.102)
BufferChm (Version: 53.0.13.000)
CalorieKing Nutrition and Exercise Manager (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
cp_LightScribeConfig (Version: 53.0.24.000)
cp_LightScribePlugin (Version: 53.0.24.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
CueTour (Version: 53.0.13.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
Deal Info (Version: 2005.2.118.0)
Destinations (Version: 53.0.13.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DISCover (Version: 3.21)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 53.0.13.000)
DocumentViewerQFolder (Version: 1.00.0000)
EarthLink Accelerator (Version: 5.0.1.1054)
EarthLink FastLane (Version: 5.5.100.115)
EarthLink MailBox (Version: 2005.2.108.0)
EarthLink Software (Version: 2005.2.118.0)
EarthLink Toolbar (Version: 2.2.59.0)
EarthLink Wireless High Speed (Version: 1.4.1221)
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Fax_CDA (Version: 50.0.214.000)
GdiplusUpgrade (Version: 1.00.01)
GemMaster Mystic
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer
Google Update Helper (Version: 1.3.21.123)
GoToAssist Corporate (Version: 9.1.0.615)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Boot Optimizer (Version: 2.0.5.1)
HP Deskjet 5400 series (Version: 5.0)
HP Deskjet Printer Preload (Version: 10.1.0)
HP DigitalMedia Archive (Version: 1.2)
HP Document Viewer 5.3 (Version: 5.3)
HP Image Zone 5.3 (Version: 5.3)
HP Image Zone Express (Version: 1.5.1.29)
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3 (Version: 5.3)
HP Product Detection (Version: 11.14.0001)
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Update (Version: 5.003.001.001)
HPDeskjet5400Series (Version: 1.00.0000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 53.0.13.000)
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.896)
iWin Games (remove only)
J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50)
Jewel Quest 2 (remove only)
LightScribe 1.4.52.1 (Version: 1.4.52.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Moto Helper Service (Version: 5.5)
MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mototools Software Update (Version: 3.4.8)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 4.5 (Version: 4.50.050)
muvee autoProducer unPlugged 1.2 (Version: 1.20.100)
Myst III: Exile
NewCopy_CDA (Version: 50.0.214.000)
Otto
PanoStandAlone (Version: 53.0.13.000)
PC-Doctor 5 for Windows (Version: 5.00.3187.03)
PhotoGallery (Version: 53.0.13.000)
Picasa 3 (Version: 3.8)
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2006 (Version: 15.1.2.7)
QuickTime
RandMap (Version: 53.0.13.000)
Realtek High Definition Audio Driver (Version: 2.05)
Redistributed Files (Version: 2.0.46.0)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
SkinsHP1 (Version: 53.0.13.000)
SolutionCenter (Version: 50.0.152.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.4)
Sonic RecordNow Copy (Version: 2.0.4)
Sonic RecordNow Data (Version: 2.0.4)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 53.0.13.000)
Status (Version: 53.0.13.000)
TotalAccess Core Applications (Version: 2005.2.118.0)
TrayApp (Version: 53.0.13.000)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0338)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0218)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0190)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1000)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0428)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.1779)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0311)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0227)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2894)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0463)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Basic 2005
TurboTax Basic 2006
TurboTax Basic 2007
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
Unity Web Player (Version: )
Unload (Version: 5.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
WexTech AnswerWorks (Version: 1.00.000)
Windows Defender Signatures (Version: 1.20.1459.12)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 73%
Total physical RAM: 959.36 MB
Available physical RAM: 258.73 MB
Total Pagefile: 2312.26 MB
Available Pagefile: 1696.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.99 MB

========================= Partitions: =====================================

2 Drive c: (HP_PAVILION) (Fixed) (Total:224.37 GB) (Free:181.54 GB) NTFS
3 Drive d: (HP_RECOVERY) (Fixed) (Total:8.5 GB) (Free:1.11 GB) FAT32

========================= Users: ========================================

User accounts for \\Study

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904

========================= Restore Points ==================================

13-11-2012 01:29:46 System Checkpoint
13-11-2012 01:44:29 Software Distribution Service 3.0

**** End of log ****

Farbar Scanner Service

Farbar Service Scanner Version: 09-11-2012
Ran by HP_Administrator (administrator) on 13-11-2012 at 08:47:03
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(12) Tcpip(3) Tcpip6(9)
0x0B0000000400000001000000020000000300000008000000050000000600000007000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

Adware Cleaner

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 08:50:20
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - Study
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\iWin

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1125 octets] - [13/11/2012 08:50:20]

########## EOF - C:\AdwCleaner[S1].txt - [1185 octets] ##########

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.6 (11.12.2012)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on Tue 11/13/2012 at 9:11:16.87
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/13/2012 at 9:18:31.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:21 PM

Posted 17 November 2012 - 03:16 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 Brandage

Brandage
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 19 November 2012 - 10:40 PM

Here are the Rkill and Autoruns.txt files. The Rkill file is pretty obvious, but the Autoruns.txt looks very tough to read in txt form.

Thanks for your help.


RKILL

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/19/2012 09:20:06 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/19/2012 09:21:16 PM
Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)

AUTORUNS.TXT

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Alcmtr" "Realtek Azalia Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcmtr.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "KBD" "KBD EXE" "Hewlett-Packard Company" "c:\hp\kbd\kbd.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "QuickTime Task" "" "Apple Computer, Inc." "c:\program files\quicktime\qttask.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "TkBellExe" "" "" "File not found: C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Adobe Reader Speed Launch.lnk" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "E6TaskPanel" "" "EarthLink, Inc." "c:\program files\earthlink totalaccess\taskpanl.exe"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "Uniblue Registry Booster2" "" "" "File not found: C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S"
+ "updateMgr" "Adobe Update Manager" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe"
"HKCU\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/html" "" "" "File not found: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\msmonitor."
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
+ "Altavista Toolbar" "Altavista Toolbar from altavista.com " "Overture Services, Inc. " "c:\program files\altavista\altavista.dll"
+ "CNavExtBho Class" "" "" "File not found: C:\Program Files\Norton AntiVirus\NavShExt.dll"
+ "ElnkLegacyUninstBHO Class" "uninsttb" "EarthLink, Inc." "c:\program files\earthlink totalaccess\toolbar\uninsttb.dll"
+ "ElnkProtectionBHO Class" "ProtcIE" "EarthLink, Inc." "c:\program files\earthlink totalaccess\toolbar\protctie.dll"
+ "ElnkPubBHO Class" "Earthlink PopupBlocker" "EarthLink, Inc." "c:\program files\earthlink totalaccess\toolbar\elnkpub.dll"
+ "ElnkScamBHO Class" "Earthlink ScamBlocker" "EarthLink, Inc." "c:\program files\earthlink totalaccess\toolbar\escamblk.dll"
+ "Google Toolbar Helper" "Google IE Client Toolbar" "Google Inc." "c:\program files\google\googletoolbar3.dll"
+ "IE_PopupBlocker Class" "prpl_IePopupBlocker Module" "Propel Software Corporation" "c:\program files\earthlink totalaccess\accelerator\prpl_iepopupblocker.dll"
+ "IEHlprObj Class" "iWin Games manager helper for IE" "iWin Inc." "c:\program files\iwin games\iwingameshookie.dll"
+ "Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "SrchHook Class" "" "EarthLink, Inc." "c:\program files\earthlink totalaccess\elnie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ " " "Altavista Toolbar from altavista.com " "Overture Services, Inc. " "c:\program files\altavista\altavista.dll"
+ "&Google" "Google IE Client Toolbar" "Google Inc." "c:\program files\google\googletoolbar3.dll"
+ "EarthLink Toolbar" "Toolbar" "EarthLink, Inc." "c:\program files\earthlink totalaccess\toolbar\toolbar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Connection Help" "" "" "c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm"
+ "Sun Java Console" "Java Plug-in 1.5.0_05 for Netscape Navigator (DLL Helper)" "Sun Microsystems, Inc." "c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" "" "" "c:\program files\common files\sonic shared\sonic central\main\mediahub.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "MotoHelper MUM.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
+ "MotoHelper Routing.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
+ "MotoHelper Update.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration." "Apple Computer, Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CA_LIC_CLNT" "CA License Client" "Computer Associates International Inc." "c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe"
+ "EarthLinkMonitor" "wmonitor Module" "Boingo Wireless, Inc." "c:\program files\earthlink totalaccess\wengine\wmonitor.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\615\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "IntuitUpdateService" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service\intuitupdateservice.exe"
+ "IntuitUpdateServiceV4" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service v4\intuitupdateservice.exe"
+ "iWinTrusted" "iWin Trusted Game Service" "iWin Inc." "c:\program files\iwin games\iwintrusted.exe"
+ "KodakCCS" "" "" "File not found: C:\WINDOWS\system32\drivers\KodakCCS.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "LogWatch" "Event Log Watch" "Computer Associates" "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MotoHelper" "MotoHelper Service" "" "c:\program files\motorola\motohelper\motohelperservice.exe"
+ "MotoHelper.exe" "Motorala Helper for Phone Support" "Motorola" "c:\program files\motorola\moto helper service\motohelper.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NIS" "Norton Internet Security" "" "File not found: C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\spool\drivers\w32x86\3\hpzipm12.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "BHDrvx86" "SONAR Engine Driver" "" "File not found: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110901.001\BHDrvx86.sys"
+ "BW2NDIS5" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\drivers\bw2ndis5.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "ftsata2" "" "" "File not found: system32\DRIVERS\ftsata2.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "iaStor" "Intel Matrix Storage Manager driver" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "IDSxpx86" "Symantec Intrusion Prevention Driver" "" "File not found: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110909.030\IDSxpx86.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "motccgp" "" "" "File not found: system32\DRIVERS\motccgp.sys"
+ "motccgpfl" "" "" "File not found: system32\DRIVERS\motccgpfl.sys"
+ "MotDev" "" "" "File not found: system32\DRIVERS\motodrv.sys"
+ "motmodem" "" "" "File not found: system32\DRIVERS\motmodem.sys"
+ "NAVENG" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110911.002\NAVENG.SYS"
+ "NAVEX15" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110911.002\NAVEX15.SYS"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ps2" "PS2 SYS" "Hewlett-Packard Company" "c:\windows\system32\drivers\ps2.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTL8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtlnicxp.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SRTSP" "" "" "File not found: C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS"
+ "SRTSPX" "" "" "File not found: C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS"
+ "SymDS" "" "" "File not found: system32\drivers\NIS\1206000.01D\SYMDS.SYS"
+ "SymEFA" "" "" "File not found: system32\drivers\NIS\1206000.01D\SYMEFA.SYS"
+ "SymIRON" "" "" "File not found: C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS"
+ "SYMTDI" "" "" "File not found: C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.LEAD" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\windows\system32\lcodccmp.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DirectShow Tap" "Sonic DirectShow Tap Filter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - hpd\directshowtap.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HP Frame Grabber Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP MPEG-1 Encoder" "Videotoolkit - Directshow Filters" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Resize Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Rotate Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "InterVideo Audio Decoder" "IVIAUDIO LOGID.32319" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Audio Processor" "" "" "c:\program files\intervideo\common\bin\iviaudioprocess.ax"
+ "Intervideo CDSF Filter" "Bouncing Ball Filter (Sample)" "Microsoft Corporation" "c:\program files\intervideo\common\bin\ivicdsf.ax"
+ "InterVideo Navigator" "IVINAV LOGID.32319" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.32319" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "LEAD MCMP/MJPEG Codec" "" "" "File not found: C:\WINDOWS\SYSTEM\LCODCCMP.DLL"
+ "LEAD MCMP/MJPEG Decoder" "" "" "File not found: C:\WINDOWS\SYSTEM\LCODCCMP.DLL"
+ "MainConcept MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcdsmpeg.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcesmpeg.ax"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcspmpeg.ax"
+ "MainConcept MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcdsmpeg.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files\common files\muvee technologies\030625\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "QuickTimeRenderer Filter" "QuickTimeRenderer Filter" "muvee Technologies Pte. Ltd." "c:\program files\common files\muvee technologies\030625\quicktimerenderer.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RTStreamSink" "RTStream Sink Filter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - hpd\rtstreamsink.ax"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Audio Depth Converter" "AudioDepthConverter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - hpd\audiodepthconverter.ax"
+ "Sonic Cinemaster MPEG Splitter" "Sonic MPEG Splitter" "" "c:\program files\muvee technologies\muvee autoproducer 4.5 - hpd\sonicmpegsplitter.dll"
+ "Sonic MPEG Audio Decoder" "SonicMPEGAudio" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - hpd\sonicmpegaudio.dll"
+ "Sonic MPEG Video Decoder" "SonicMPEGVideo" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - hpd\sonicmpegvideo.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Tivo DirectShow Source Filter" "TiVo DirectShow Filter" "TiVo Inc." "c:\program files\common files\tivo shared\directshow\tivodirectshowfilter.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
+ "GoToAssist" "Citrix Online GoToAssist Corporate" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\615\g2awinlogon.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\WINDOWS\system32\GPhotos.scr" "Google Photos Screensaver" "Google Inc." "c:\windows\system32\gphotos.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "000000000001" "" "" "c:\program files\earthlink totalaccess\accelerator\prplsf.dll"
+ "000000000002" "" "" "c:\program files\earthlink totalaccess\accelerator\prplsf.dll"
+ "000000000003" "" "" "c:\program files\earthlink totalaccess\accelerator\prplsf.dll"
+ "000000000004" "" "" "c:\program files\earthlink totalaccess\accelerator\prplsf.dll"
+ "000000000005" "" "" "c:\program files\earthlink totalaccess\accelerator\prplsf.dll"
+ "000000000006" "" "" "c:\program files\earthlink totalaccess\accelerator\prplsf.dll"
+ "000000000031" "" "" "c:\program files\earthlink totalaccess\accelerator\prplsf.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Computer, Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "PCL Language Monitor" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l3xu.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:21 PM

Posted 19 November 2012 - 10:48 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users