Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

services.exe 100% cpu


  • This topic is locked This topic is locked
32 replies to this topic

#1 joepal

joepal

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 27 May 2013 - 05:03 AM

im at wits end. service.exe running at 100% cpu all the time in the normal mode. 50 to 70 % in safe mode. I've scaned using avira, spybot, malawarebytes, tdskiller, superantispyware and ran combofix. Any thoughts to resolve this? Thanks! Sorry about the cobfix log, i couldn't help myself, thought i could fix the problem on my own!
 
 
Logfile of HijackThis v1.99.1
Scan saved at 3:13:53 PM, on 5/26/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Joseph Palatucci\My Documents\Downloads\avira_free_antivirus (1).exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\RarSFX1\avwebloader.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\avnwldrtemp\setup\presetup.exe
C:\Documents and Settings\Joseph Palatucci\Desktop\Clean Support & Repair\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: msconfig.lnk = C:\WINDOWS\SYSTEM32\rundll32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -   (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -   (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://www.*.honda.com
O15 - Trusted Zone: *.intuit.com
O16 - DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (13.0)) - http://aceonline.asicentral.com/ace/ltocx13n.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369387310640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356446473312
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3518.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
023 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
 
 
 
ComboFix 13-05-25.02 - Joseph Palatucci 05/26/2013  13:15:56.25.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.304 [GMT -4:00]
Running from: c:\documents and settings\Joseph Palatucci\My Documents\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-26 to 2013-05-26  )))))))))))))))))))))))))))))))
.
.
2013-05-24 02:31 . 2013-05-24 02:31 -------- d-----w- c:\documents and settings\Joseph Palatucci\Application Data\SUPERAntiSpyware.com
2013-05-23 09:34 . 2013-05-23 09:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-05-23 09:32 . 2013-05-23 09:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-23 09:32 . 2013-05-23 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-05-23 02:29 . 2013-05-23 02:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-05-23 00:12 . 2013-05-23 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2013-05-22 23:52 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 23:52 . 2013-05-23 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-22 22:23 . 2013-05-22 22:23 -------- d-----w- c:\windows\system32\xircom
2013-05-22 22:23 . 2013-05-22 22:23 -------- d-----w- c:\program files\microsoft frontpage
2013-05-22 21:48 . 2013-05-22 22:25 -------- d-----w- c:\windows\system32\wbem\mof
2013-05-22 21:14 . 2013-05-22 21:14 98992 ----a-w- c:\windows\system32\drivers\69764372.sys
2013-05-15 16:58 . 2013-05-23 02:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-15 00:59 . 2013-05-19 15:58 17613192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-05 19:21 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-05-05 19:21 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 15:58 . 2012-04-04 15:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-19 15:58 . 2011-06-17 15:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2004-02-06 23:05 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2003-07-15 21:01 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 1980-01-01 05:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 1980-01-01 05:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-04 14:32 . 2013-03-04 14:32 10 ----a-w- c:\windows\Fonts\wfonts.key
2013-02-27 07:56 . 2002-08-29 10:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
.
c:\documents and settings\Joseph Palatucci\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\SYSTEM32\rundll32.exe [2002-8-29 33280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk.disabled]
path= 
backup=c:\windows\pss\Google Updater.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path= 
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path= 
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^LimeWire On Startup.lnk.disabled]
path= 
backup=c:\windows\pss\LimeWire On Startup.lnk.disabledStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path= 
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 17:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-07-14 13:02 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 09:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 03:04 1087752 -c--a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 16:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 ----a-w- c:\windows\SYSTEM32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c98efd2ec61b98"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"szserver"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
"iPod Service"=3 (0x3)
"gupdatem"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"DSBrokerService"=3 (0x3)
"WANMiniportService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"SpybotSD TeaTimer"= 
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"DVDSentry"=c:\windows\System32\DSentry.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"= 
"dla"=c:\windows\system32\dla\tfswctrl.exe
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"HostManager"="c:\program files\Common Files\AOL\1120154090\ee\AOLSoftware.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 rrqru;rrqru;c:\windows\System32\drivers\hvjp.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [x]
R4 gupdate1c98efd2ec61b98;Google Update Service (gupdate1c98efd2ec61b98);c:\program files\Google\Update\GoogleUpdate.exe [x]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 15:36 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:58]
.
2013-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 23:37]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 23:37]
.
2013-05-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2013-04-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-16 22:00]
.
2013-05-24 c:\windows\Tasks\User_Feed_Synchronization-{F012BC2D-6554-4179-9F75-FFBAC6DAE3B6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchURL = about:blank
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: honda.com\www.*
Trusted Zone: intuit.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-26 13:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448257576-2347270504-1485716567-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-448257576-2347270504-1485716567-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,39,76,5d,7b,05,44,87,71,17,74,8c,56,46,1e,e4,f0,28,48,d0,7a,9c,b0,
   80,70,fe,04,26,56,e0,ca,5e,55,dc,0b,38,61,a9,34,eb,87,a5,b1,8d,66,5c,6e,14,\
"??"=hex:79,82,4a,3a,c6,79,08,59,9b,a3,d0,6b,64,89,9b,d5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\System32\l3codeca.acm
c:\windows\System32\ctmp3.acm
.
- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-05-26  13:52:56
ComboFix-quarantined-files.txt  2013-05-26 17:52
ComboFix2.txt  2013-05-22 23:14
ComboFix3.txt  2013-05-09 01:59
ComboFix4.txt  2012-10-17 17:53
ComboFix5.txt  2013-05-26 17:07
.
Pre-Run: 28,289,806,336 bytes free
Post-Run: 28,298,051,584 bytes free
.
- - End Of File - - 6C8D33AD2705D1C460C9838881C37C7E

Edited by Orange Blossom, 27 May 2013 - 11:24 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 AM

Posted 29 May 2013 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete tab follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
    ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
    • Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.
    ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.
  • Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
    ====

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#3 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 29 May 2013 - 12:21 PM

Thanks for your help a and support below are the requested logs.e The issue is not resolved. Please advise next steps. joe.
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Remove -- Date : 05/29/2013 11:53:06
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\81474378 (C:\WINDOWS\system32\drivers\69764372.sys) -> DELETED
[STARTUP][SUSP PATH] msconfig.lnk @Joseph Palatucci : C:\WINDOWS\SYSTEM32\rundll32.exe|C:\DOCUME~1\ALLUSE~1\APPLIC~1\4qgri.dat,FG00 [7] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST380011A +++++
--- User ---
[MBR] 214a0ea60655085b3446fb0b3bae47a1
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 76245 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_05292013_02d1153.txt >>
RKreport[1]_S_05292013_02d1151.txt ; RKreport[2]_D_05292013_02d1153.txt
 
 
 
# AdwCleaner v2.301 - Logfile created 05/29/2013 at 11:57:22
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - PC1
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Documents and Settings\Joseph Palatucci\Application Data\Mozilla\Firefox\Profiles\m6mgsvjt.default\searchplugins\search.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2pt373y7.default\extensions\crossriderapp4479@crossrider.com
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Joseph Palatucci\Application Data\Mozilla\Firefox\Profiles\m6mgsvjt.default\extensions\crossriderapp4479@crossrider.com
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ds6iv7uu.default\extensions\crossriderapp4479@crossrider.com
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\Viewpoint
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\S-1-5-21-448257576-2347270504-1485716567-1008\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKU\S-1-5-21-448257576-2347270504-1485716567-1008\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v [Unable to get version]
 
File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ds6iv7uu.default\prefs.js
 
Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
 
File : C:\Documents and Settings\Joseph Palatucci\Application Data\Mozilla\Firefox\Profiles\m6mgsvjt.default\prefs.js
 
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?o=20011&l=dis");
Deleted : user_pref("foxytunes.recent_players", "@foxytunes.org/FoxyTunes/WinAmp;1,@foxytunes.org/FoxyTunes/Wi[...]
Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?invocationType=bu10a[...]
Deleted : user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=20011&l=dis");
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2pt373y7.default\prefs.js
 
Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
 
-\\ Google Chrome v27.0.1453.94
 
File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Joseph Palatucci\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [5470 octets] - [29/05/2013 11:57:22]
 
########## EOF - C:\AdwCleaner[S1].txt - [5530 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Wed 05/29/2013 at 12:28:00.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\prefetch\APNSTUB.EXE-1F34187E.pf
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/29/2013 at 12:36:38.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/14/2004 10:59:23 PM
System Uptime: 5/29/2013 12:21:08 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0F4491
Processor:               Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 25.994 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP729: 4/8/2013 4:02:45 AM - Software Distribution Service 3.0
RP730: 4/9/2013 5:06:35 AM - System Checkpoint
RP731: 4/10/2013 5:32:24 AM - System Checkpoint
RP732: 4/11/2013 8:07:28 AM - Software Distribution Service 3.0
RP733: 4/12/2013 9:50:39 AM - System Checkpoint
RP734: 4/13/2013 1:47:57 PM - System Checkpoint
RP735: 4/14/2013 2:44:20 PM - System Checkpoint
RP736: 4/15/2013 12:20:33 AM - Installed TurboTax 2012 wrapper
RP737: 4/15/2013 12:46:11 AM - Installed TurboTax 2012 wnyiper
RP738: 4/15/2013 7:55:20 AM - Removed Full Tilt Poker
RP739: 4/15/2013 8:39:47 AM - Installed Driver Manager.
RP740: 4/15/2013 10:26:02 PM - Software Distribution Service 3.0
RP741: 4/16/2013 5:12:22 AM - DMX_DriverMax Driver Installation
RP742: 4/17/2013 6:10:52 AM - System Checkpoint
RP743: 4/18/2013 11:10:52 PM - System Checkpoint
RP744: 4/20/2013 12:08:46 AM - System Checkpoint
RP745: 4/21/2013 12:50:22 AM - System Checkpoint
RP746: 4/26/2013 12:15:02 PM - System Checkpoint
RP747: 4/27/2013 6:52:51 PM - System Checkpoint
RP748: 4/28/2013 8:12:24 PM - System Checkpoint
RP749: 4/30/2013 11:57:04 AM - System Checkpoint
RP750: 5/1/2013 4:59:30 PM - System Checkpoint
RP751: 5/2/2013 5:15:15 PM - System Checkpoint
RP752: 5/3/2013 5:16:21 PM - System Checkpoint
RP753: 5/4/2013 6:04:19 PM - System Checkpoint
RP754: 5/5/2013 6:37:34 PM - System Checkpoint
RP755: 5/6/2013 6:44:49 PM - System Checkpoint
RP756: 5/7/2013 6:50:22 PM - System Checkpoint
RP757: 5/8/2013 6:51:51 PM - System Checkpoint
RP758: 5/9/2013 7:20:33 PM - System Checkpoint
RP759: 5/10/2013 8:38:07 PM - System Checkpoint
RP760: 5/11/2013 8:56:59 PM - System Checkpoint
RP761: 5/12/2013 9:26:36 PM - System Checkpoint
RP762: 5/13/2013 10:29:38 PM - System Checkpoint
RP763: 5/19/2013 11:54:03 AM - Software Distribution Service 3.0
RP764: 5/22/2013 3:32:17 PM - System Checkpoint
RP765: 5/22/2013 6:20:20 PM - Restore Operation
RP766: 5/22/2013 6:28:35 PM - Restore Operation
.
==== Installed Programs ======================
.
A960ENG3
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
CCleaner
CDCheck
Company of Heroes - FAKEMSI
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Conexant SmartHSFi V.9x 56K DF PCI Modem
Dell AIO Printer A960
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Networking Guide
Dell ResourceCD
Dell Solution Center
Dell Support
Dell Support Center
DellSupport
Digital Line Detect
DVDSentry
EZ Guitar Tabs
EZ Lyrics
Google Chrome
Google Earth
Google Update Helper
Graboid Video 2.2
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Intel® PRO Network Connections Drivers
Intel® PROSet
Internet Explorer Default Page
iPhone Configuration Utility
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 7 Update 7
Java Auto Updater
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.75.0.1300
MathPlayer
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Sounds
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft Store Download Manager
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works 6-9 Converter
MobileMe Control Panel
Modem Helper
MSN Gaming Zone
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NetWaiting
OGA Notifier 2.0.0048.0
Pacific Poker
PowerDVD 5.2
QuickBooks
QuickBooks Pro 2010
QuickTime
Remove Empty Directories version 2.2
Ricochet Lost Worlds
Safari
Seagate Dashboard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spybot - Search & Destroy
SUPERAntiSpyware
SupportSoft Assisted Service
System Requirements Lab
TaxACT 2003
TaxACT New York 2003
TBS WMP Plug-in
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnciper
TurboTax 2010 wnhiper
TurboTax 2010 wnycbpm
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnyiper
TurboTax 2012 wrapper
TweakNow PowerPack 2011
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
WebFldrs XP
WebIQ Client Software
WexTech AnswerWorks
Windows Defender Signatures
Windows Easy Transfer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/26/2013 1:04:38 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm SASDIFSV SASKUTIL
5/26/2013 1:00:16 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
5/25/2013 7:42:19 AM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
5/25/2013 7:36:40 AM, error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/24/2013 4:49:34 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/23/2013 9:22:39 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate1c98efd2ec61b98 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
5/23/2013 8:36:48 AM, error: Service Control Manager [7022]  - The Intuit Update Service v4 service hung on starting.
5/23/2013 8:36:45 AM, error: Service Control Manager [7022]  - The Intuit Update Service service hung on starting.
5/23/2013 6:15:18 AM, error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
5/23/2013 6:02:45 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/23/2013 5:24:50 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/23/2013 10:06:43 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/23/2013 10:03:03 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avipbb avkmgr Fips intelppm SASDIFSV SASKUTIL ssmdrv
5/22/2013 9:54:41 PM, error: Service Control Manager [7034]  - The Seagate Dashboard Service service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 9:54:41 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/22/2013 9:54:32 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 9:54:13 PM, error: Service Control Manager [7034]  - The LexBce Server service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 9:54:08 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 9:54:03 PM, error: Service Control Manager [7034]  - The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 9:53:59 PM, error: Service Control Manager [7034]  - The Intuit Update Service service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 9:53:41 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/22/2013 9:53:36 PM, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 9:18:42 AM, error: Service Control Manager [7011]  - Timeout (120000 milliseconds) waiting for a transaction response from the stisvc service.
5/22/2013 8:27:23 PM, error: Service Control Manager [7022]  - The Windows Image Acquisition (WIA) service hung on starting.
5/22/2013 8:23:49 PM, error: Service Control Manager [7000]  - The hardlock service failed to start due to the following error:  The system cannot find the file specified.
5/22/2013 8:23:44 PM, error: Service Control Manager [7000]  - The Haspnt service failed to start due to the following error:  The system cannot find the file specified.
5/22/2013 7:40:39 PM, error: Service Control Manager [7034]  - The SNMP Service service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 7:39:34 PM, error: Service Control Manager [7034]  - The WAN Miniport (ATW) Service service terminated unexpectedly.  It has done this 1 time(s).
5/22/2013 6:50:12 PM, error: NetBT [4321]  - The name "MSHOME         :1d" could not be registered on the Interface with IP address 192.168.1.101. The machine with the IP address 192.168.1.112 did not allow the name to be claimed by this machine.
5/22/2013 6:14:20 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/22/2013 6:02:47 PM, error: WMPNetworkSvc [14344]  - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
5/22/2013 11:26:22 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer PC3 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{59C0FE5E-F16B-47D2-8659. The master browser is stopping or an election is being forced.
5/22/2013 11:26:21 PM, error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
5/22/2013 10:29:04 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/22/2013 10:25:55 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\system32\NWC.CPL.manifest. Reference error message: The operation completed successfully. .
5/22/2013 10:25:55 PM, error: SideBySide [58]  - Syntax error in manifest or policy file "C:\WINDOWS\system32\NWC.CPL.manifest" on line 0.
5/22/2013 10:25:49 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avipbb avkmgr Fips intelppm ssmdrv
5/22/2013 10:25:49 PM, error: Service Control Manager [7003]  - The Simple Mail Transfer Protocol (SMTP) service depends on the following nonexistent service: IISADMIN
5/22/2013 10:22:55 PM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by Administrator at 12:50:06 on 2013-05-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.305 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {E3215F20-3212-11D6-9F8B-00D0B743919D} - <orphaned>
TB: MSN Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn toolbar\01.01.1629.0\en-us\msntb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Report] C:\AdwCleaner[S2].txt
mRun: [Dell AIO Printer A960] "c:\program files\dell aio printer a960\dlbfbmgr.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://aceonline.asicentral.com/ace/ltocx13n.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369387310640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356446473312
DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - hxxp://entimg.msn.com/client/msnediag3518.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{59C0FE5E-F16B-47D2-8659-B62944744F16} : DHCPNameServer = 167.206.251.129 167.206.251.130
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - <orphaned>
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Notify: sclgntfy - wlnotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-22 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-29 40776]
.
=============== Created Last 30 ================
.
2013-05-29 16:27:34 -------- d-----w- c:\windows\ERUNT
2013-05-29 16:26:53 -------- dc----w- C:\JRT
2013-05-29 16:23:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2013-05-29 16:23:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2013-05-29 16:07:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-05-23 09:34:56 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2013-05-23 09:32:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-23 09:32:36 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-05-23 02:29:15 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
2013-05-22 23:52:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 23:52:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-22 22:25:33 -------- d-----w- c:\windows\system32\wbem\mof\good
2013-05-22 22:25:33 -------- d-----w- c:\windows\system32\wbem\mof\bad
2013-05-22 22:23:47 -------- d-----w- c:\windows\system32\xircom
2013-05-22 22:23:47 -------- d-----w- c:\windows\system32\ime
2013-05-22 22:23:47 -------- d-----w- c:\windows\system32\drivers\disdn
2013-05-22 21:48:06 -------- d-----w- c:\windows\system32\wbem\mof
2013-05-22 21:14:23 98992 ----a-w- c:\windows\system32\drivers\69764372.sys
2013-05-15 16:58:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-15 00:59:33 17613192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-05 19:21:42 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-05-05 19:21:42 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
.
==================== Find3M  ====================
.
2013-05-19 15:58:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-19 15:58:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:57:42.75 ===============


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 AM

Posted 29 May 2013 - 01:02 PM


Looking better.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 29 May 2013 - 04:41 PM

here are the results, took hours to run. issue still exists. 

 

ComboFix 13-05-29.01 - Administrator 05/29/2013  15:06:00.26.2 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-29  )))))))))))))))))))))))))))))))
.
.
2013-05-29 16:27 . 2013-05-29 16:27 -------- d-----w- c:\windows\ERUNT
2013-05-29 16:26 . 2013-05-29 16:26 -------- dc----w- C:\JRT
2013-05-29 16:23 . 2013-05-29 16:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2013-05-29 16:23 . 2013-05-29 16:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2013-05-29 16:07 . 2013-05-29 16:07 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-05-23 09:34 . 2013-05-23 09:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-05-23 09:32 . 2013-05-23 09:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-23 09:32 . 2013-05-23 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-05-23 02:29 . 2013-05-23 02:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-05-23 00:12 . 2013-05-23 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2013-05-22 23:52 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 23:52 . 2013-05-23 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-22 22:23 . 2013-05-22 22:23 -------- d-----w- c:\windows\system32\xircom
2013-05-22 22:23 . 2013-05-22 22:23 -------- d-----w- c:\program files\microsoft frontpage
2013-05-22 21:48 . 2013-05-22 22:25 -------- d-----w- c:\windows\system32\wbem\mof
2013-05-22 21:14 . 2013-05-22 21:14 98992 ----a-w- c:\windows\system32\drivers\69764372.sys
2013-05-15 16:58 . 2013-05-23 02:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-15 00:59 . 2013-05-19 15:58 17613192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-05 19:21 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-05-05 19:21 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 15:58 . 2012-04-04 15:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-19 15:58 . 2011-06-17 15:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2004-02-06 23:05 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2003-07-15 21:01 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 1980-01-01 05:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 1980-01-01 05:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-04 14:32 . 2013-03-04 14:32 10 ----a-w- c:\windows\Fonts\wfonts.key
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk.disabled]
path= 
backup=c:\windows\pss\Google Updater.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path= 
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path= 
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^LimeWire On Startup.lnk.disabled]
path= 
backup=c:\windows\pss\LimeWire On Startup.lnk.disabledStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path= 
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 17:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-07-14 13:02 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 09:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 03:04 1087752 -c--a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 16:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 ----a-w- c:\windows\SYSTEM32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c98efd2ec61b98"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"szserver"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
"iPod Service"=3 (0x3)
"gupdatem"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"DSBrokerService"=3 (0x3)
"WANMiniportService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" -b
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"DVDSentry"=c:\windows\System32\DSentry.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"= 
"dla"=c:\windows\system32\dla\tfswctrl.exe
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"HostManager"="c:\program files\Common Files\AOL\1120154090\ee\AOLSoftware.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 rrqru;rrqru;c:\windows\System32\drivers\hvjp.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [x]
R4 gupdate1c98efd2ec61b98;Google Update Service (gupdate1c98efd2ec61b98);c:\program files\Google\Update\GoogleUpdate.exe [x]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 15:36 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:58]
.
2013-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 23:37]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 23:37]
.
2013-05-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2013-04-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-16 22:00]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F012BC2D-6554-4179-9F75-FFBAC6DAE3B6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
mSearchURL = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-EZ Lyrics - c:\progra~1\Freeze.com\EZ Lyrics\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-29 16:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448257576-2347270504-1485716567-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,32,e4,df,68,a9,fe,40,95,91,f1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,32,e4,df,68,a9,fe,40,95,91,f1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\System32\l3codeca.acm
c:\windows\System32\ctmp3.acm
.
- - - - - - - > 'explorer.exe'(1012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2013-05-29  17:30:44
ComboFix-quarantined-files.txt  2013-05-29 21:30
ComboFix2.txt  2013-05-26 17:52
ComboFix3.txt  2013-05-22 23:14
ComboFix4.txt  2013-05-09 01:59
ComboFix5.txt  2013-05-29 18:51
.
Pre-Run: 27,884,044,288 bytes free
Post-Run: 27,894,259,712 bytes free
.
- - End Of File - - 869E6405FB97E739A7DD64599319253B


#6 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 29 May 2013 - 10:31 PM

here is the security check log, also note that when i ran combofix there was no mention of the recovery console. let me know if there was something else i should have done, thanks.
 
 
 Results of screen317's Security Check version 0.99.64  
 Windows XP Service Pack 3 x86   
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files. 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 Windows Defender Signatures   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 7  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Google Chrome 27.0.1453.93  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 36% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 AM

Posted 30 May 2013 - 07:57 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 7

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

If not using a Solid State Disk (SSD) I suggest you defrag your computer when you will have some 2 hours of free time.

Any ofhter issues with this computer.

p.s.
For your information.
Windows XP SP3 and Office 2003
Support Ends April 8, 2014

http://www.microsoft.com/en-us/windows/endofsupport.aspx

#8 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 02 June 2013 - 12:25 PM

so. the issue is still not resolved. also I cannot install the update to java. internet explorer will not boot up in the normal mode. using chrome i was able to download the java update but it wont run. i was also able to download the update using IE in the safe mode. then in the normal mode tried to run the file but it wont run.  services.exe still taking all the CPU. 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 AM

Posted 02 June 2013 - 12:50 PM

Try this tool.

Download the latest version of Kaspersky Virus Removal Tool
  • Close all other applications and double-click and run the installer.
  • When AVPTool starts, select all the scanable items except for CD-ROM drives.
  • Then please choose Security level: Recommended and perform the following actions.
    6zvqld.gif
  • Click the Start scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.


#10 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 05 June 2013 - 08:43 AM

i was able to download the file but i wont install



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 AM

Posted 05 June 2013 - 10:03 AM

Lets check the integrity of the file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#12 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 05 June 2013 - 10:20 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 11:11 on 05/06/2013 by Joseph Palatucci
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "services.exe"
C:\I386\SERVICES.EXE --a--c- 101376 bytes [03:10 15/04/2004] [10:00 29/08/2002] E3DF4A0252D287C44606EE55355E1623
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a--c- 110592 bytes [18:27 15/04/2009] [11:06 06/02/2009] 020CEAAEDC8EB655B6506B8C70D53BB6
C:\WINDOWS\$NtServicePackUninstall$\services.exe -----c- 108032 bytes [03:50 21/05/2008] [07:56 04/08/2004] C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\erdnt\cache\services.exe --a--c- 110592 bytes [02:57 19/10/2009] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
C:\WINDOWS\ServicePackFiles\i386\services.exe -----c- 108544 bytes [07:56 04/08/2004] [00:12 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\SYSTEM32\services.exe ------- 110592 bytes [10:00 29/08/2002] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
C:\WINDOWS\SYSTEM32\DLLCACHE\services.exe -----c- 110592 bytes [18:27 15/04/2009] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
 
-= EOF =-


#13 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 05 June 2013 - 10:24 AM

i ran look in the safe mode. if it makes any difference let me know. thanks.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 AM

Posted 05 June 2013 - 10:38 AM

Open notepad and copy/paste the text in the quote box below into it:
 
FCOPY::
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe | C:\WINDOWS\SYSTEM32\services.exe
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

Restart the computer normally.

Then post the resultant log.

Let me know if the problem persists.

#15 joepal

joepal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:White Plains NY
  • Local time:03:46 AM

Posted 05 June 2013 - 11:58 AM

the problem still exists. here  is the combofix log

 

ComboFix 13-05-25.02 - Joseph Palatucci 06/05/2013  12:01:10.27.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.274 [GMT -4:00]
Running from: c:\documents and settings\Joseph Palatucci\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joseph Palatucci\Desktop\CFScriptB-4.gif
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-05 to 2013-06-05  )))))))))))))))))))))))))))))))
.
.
2013-06-05 14:56 . 2013-06-05 14:56 -------- d-----w- c:\windows\LastGood
2013-06-03 10:34 . 2013-06-03 16:31 133208 ----a-w- c:\windows\system32\drivers\98780763.sys
2013-05-31 02:51 . 2013-05-31 02:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-05-31 01:52 . 2013-05-31 01:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-05-29 16:27 . 2013-05-29 16:27 -------- d-----w- c:\windows\ERUNT
2013-05-29 16:26 . 2013-05-29 16:26 -------- dc----w- C:\JRT
2013-05-29 16:23 . 2013-05-29 16:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2013-05-29 16:23 . 2013-05-29 16:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2013-05-24 02:31 . 2013-05-24 02:31 -------- d-----w- c:\documents and settings\Joseph Palatucci\Application Data\SUPERAntiSpyware.com
2013-05-23 09:34 . 2013-05-23 09:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-05-23 09:32 . 2013-05-23 09:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-23 09:32 . 2013-05-23 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-05-23 02:29 . 2013-05-23 02:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-05-23 00:12 . 2013-05-23 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2013-05-22 23:52 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 23:52 . 2013-05-23 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-22 22:23 . 2013-05-22 22:23 -------- d-----w- c:\windows\system32\xircom
2013-05-22 22:23 . 2013-05-22 22:23 -------- d-----w- c:\program files\microsoft frontpage
2013-05-22 21:48 . 2013-05-22 22:25 -------- d-----w- c:\windows\system32\wbem\mof
2013-05-22 21:14 . 2013-05-22 21:14 98992 ----a-w- c:\windows\system32\drivers\69764372.sys
2013-05-15 16:58 . 2013-05-23 02:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-15 00:59 . 2013-05-19 15:58 17613192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 15:58 . 2012-04-04 15:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-19 15:58 . 2011-06-17 15:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2004-02-06 23:05 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2003-07-15 21:01 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
.
c:\documents and settings\Joseph Palatucci\Start Menu\Programs\Startup\
_uninst_98780763.lnk - c:\documents and settings\Joseph Palatucci\Local Settings\temp\_uninst_98780763.bat [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk.disabled]
path= 
backup=c:\windows\pss\Google Updater.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path= 
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path= 
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^LimeWire On Startup.lnk.disabled]
path= 
backup=c:\windows\pss\LimeWire On Startup.lnk.disabledStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Palatucci^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path= 
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 17:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-07-14 13:02 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 09:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 03:04 1087752 -c--a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 16:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 ----a-w- c:\windows\SYSTEM32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c98efd2ec61b98"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"szserver"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
"iPod Service"=3 (0x3)
"gupdatem"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"DSBrokerService"=3 (0x3)
"WANMiniportService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"SpybotSD TeaTimer"= 
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"DVDSentry"=c:\windows\System32\DSentry.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"= 
"dla"=c:\windows\system32\dla\tfswctrl.exe
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"HostManager"="c:\program files\Common Files\AOL\1120154090\ee\AOLSoftware.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 rrqru;rrqru;c:\windows\System32\drivers\hvjp.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [x]
R4 gupdate1c98efd2ec61b98;Google Update Service (gupdate1c98efd2ec61b98);c:\program files\Google\Update\GoogleUpdate.exe [x]
S0 98780763;98780763;c:\windows\system32\DRIVERS\98780763.sys [x]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPOD_SERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 15:36 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:58]
.
2013-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 23:37]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 23:37]
.
2013-06-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2013-04-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-16 22:00]
.
2013-06-05 c:\windows\Tasks\User_Feed_Synchronization-{F012BC2D-6554-4179-9F75-FFBAC6DAE3B6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchURL = about:blank
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: honda.com\www.*
Trusted Zone: intuit.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 12:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448257576-2347270504-1485716567-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-448257576-2347270504-1485716567-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,39,76,5d,7b,05,44,87,71,17,74,8c,56,46,1e,e4,f0,28,48,d0,7a,9c,b0,
   80,70,fe,04,26,56,e0,ca,5e,55,dc,0b,38,61,a9,34,eb,87,a5,b1,8d,66,5c,6e,14,\
"??"=hex:79,82,4a,3a,c6,79,08,59,9b,a3,d0,6b,64,89,9b,d5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\System32\l3codeca.acm
c:\windows\System32\ctmp3.acm
.
- - - - - - - > 'explorer.exe'(1496)
c:\windows\system32\WININET.dll
.
Completion time: 2013-06-05  12:38:13
ComboFix-quarantined-files.txt  2013-06-05 16:37
ComboFix2.txt  2013-05-29 21:30
ComboFix3.txt  2013-05-26 17:52
ComboFix4.txt  2013-05-22 23:14
ComboFix5.txt  2013-06-05 15:47
.
Pre-Run: 27,075,641,344 bytes free
Post-Run: 27,631,738,880 bytes free
.
- - End Of File - - 4F6F951486FAC7DE4C5A8DA32A4C40AE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users