Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected XP Computer


  • This topic is locked This topic is locked
22 replies to this topic

#1 JakerADog

JakerADog

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 31 May 2013 - 07:18 AM

Hi Everyone,

 

I have an infected IBM Thinkpad.  The computer will not connect to the internet wirelessly.  It does connect with a ethernet cable, but it is really slow.  I uninstalled the antivirus with the thought to reinstalling it for a fresh copy.  After I uninstalled it, it will not let me reinstall it.  It gives me an error during setup.  Any help would be apprieciated.

 

Thank you for your support!

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Eric at 19:39:26 on 2013-05-30
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpgreetingrule1
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{D21F676E-0E4B-44D1-A666-75C5C3283D59} : DHCPNameServer = 10.0.1.1
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? DNINDIS5;DNINDIS5 NDIS Protocol Driver
R? vToolbarUpdater13.3.2;vToolbarUpdater13.3.2
R? WPN111;Wireless USB 2.0 Adapter with RangeMax Service
S? avgtp;avgtp
.
=============== File Associations ===============
.
.bat: <filetype is not registered>
.cmd: <filetype is not registered>
.com: <filetype is not registered>
.pif: <filetype is not registered>
.scr: <filetype is not registered>
.reg: <filetype is not registered>
.txt: <filetype is not registered>
.chm: <filetype is not registered>
.ini: <filetype is not registered>
.inf: <filetype is not registered>
.vbe: <filetype is not registered>
.vbs: <filetype is not registered>
.js: <filetype is not registered>
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-05-27 02:35:19    77824    ----a-w-    c:\windows\system32\athcfg11res.dll
2013-05-27 02:35:19    372736    ----a-w-    c:\windows\system32\athcfg11.dll
2013-05-27 02:35:19    36864    ----a-w-    c:\windows\system32\acs.exe
2013-05-27 02:35:19    233472    ----a-w-    c:\windows\system32\wgapi.dll
2013-05-27 02:35:19    233472    ----a-w-    c:\windows\system32\wcapi.dll
2013-05-27 02:34:56    472224    ----a-w-    c:\windows\system32\ar5211.sys
2013-05-27 02:34:56    --------    d-----w-    c:\program files\Lenovo
2013-05-27 02:34:32    1396835    ----a-w-    c:\windows\system32\AegisE5.dll
2013-05-27 02:34:32    118784    ----a-w-    c:\windows\system32\ATHCFG10.DLL
2013-05-27 02:34:18    77824    ----a-w-    c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-05-27 02:34:18    32768    ----a-w-    c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-05-27 02:34:18    225280    ----a-w-    c:\program files\common files\installshield\iscript\iscript.dll
2013-05-27 02:34:18    176128    ----a-w-    c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-05-27 02:34:17    614532    ----a-w-    c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-05-27 02:28:02    116224    -c--a-w-    c:\windows\system32\dllcache\xrxwiadr.dll
2013-05-27 02:28:01    23040    -c--a-w-    c:\windows\system32\dllcache\xrxwbtmp.dll
2013-05-27 02:28:00    18944    -c--a-w-    c:\windows\system32\dllcache\xrxscnui.dll
2013-05-27 02:26:59    64605    -c--a-w-    c:\windows\system32\dllcache\vvoice.sys
2013-05-27 02:25:59    15232    -c--a-w-    c:\windows\system32\dllcache\streamip.sys
2013-05-27 02:24:59    23936    -c--a-w-    c:\windows\system32\dllcache\sccmusbm.sys
2013-05-27 02:23:59    259328    -c--a-w-    c:\windows\system32\dllcache\perm3dd.dll
2013-05-27 02:22:54    5504    -c--a-w-    c:\windows\system32\dllcache\mstee.sys
2013-05-27 02:21:58    34688    -c--a-w-    c:\windows\system32\dllcache\lbrtfdc.sys
2013-05-27 02:20:55    372824    -c--a-w-    c:\windows\system32\dllcache\iconf32.dll
2013-05-27 02:19:53    92160    -c--a-w-    c:\windows\system32\dllcache\fuusd.dll
2013-05-27 02:18:59    8704    -c--a-w-    c:\windows\system32\dllcache\dot4scan.sys
2013-05-27 02:17:56    8192    -c--a-w-    c:\windows\system32\dllcache\changer.sys
2013-05-27 02:16:58    871388    -c--a-w-    c:\windows\system32\dllcache\bcmdm.sys
2013-05-27 02:09:47    101888    -c--a-w-    c:\windows\system32\dllcache\adpu160m.sys
2013-05-27 00:56:46    943856    ----a-w-    C:\WindowsXP-KB894543-x86-Symbols-ENU.exe
2013-05-27 00:56:46    1372912    ----a-w-    C:\WindowsXP-KB894543-x86-ENU.exe
2013-05-27 00:26:14    --------    d-----w-    C:\FRST
.
==================== Find3M  ====================
.
2013-05-27 02:34:47    21275    ----a-w-    c:\windows\system32\drivers\AegisP.sys
2013-05-27 00:58:22    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-27 00:58:22    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-03 01:28:00    115    ----a-w-    c:\windows\DeleteOnReboot.bat
.
============= FINISH: 19:40:06.37 ===============
 

 

 

 

.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Agere Systems AC'97 Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bonjour
CCleaner
Defraggler
ESET Online Scanner v3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
IBM ThinkPad Power Management Driver
IBM ThinkPad UltraNav Driver
Intel® PROSet/Wireless Software
iTunes
Java Auto Updater
Java™ 6 Update 35
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
QuickTime
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== End Of File ===========================
 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 PM

Posted 05 June 2013 - 07:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/496538 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 06 June 2013 - 09:26 PM

Yes, I am still waiting for help. I cannot connect to the Internet wirelessly, but It will connect by ethernet cable. I have ran malwarebytes and uninstalled my antivirus so I could reinstall a clean copy. When I try to reinstall the antivirus it crashes, I get a setup error.


Here is my dss and attach logs

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Eric at 21:13:32 on 2013-06-06
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpgreetingrule1
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? DNINDIS5;DNINDIS5 NDIS Protocol Driver
R? vToolbarUpdater13.3.2;vToolbarUpdater13.3.2
R? WPN111;Wireless USB 2.0 Adapter with RangeMax Service
S? avgtp;avgtp
.
=============== File Associations ===============
.
.bat: <filetype is not registered>
.cmd: <filetype is not registered>
.com: <filetype is not registered>
.pif: <filetype is not registered>
.scr: <filetype is not registered>
.reg: <filetype is not registered>
.txt: <filetype is not registered>
.chm: <filetype is not registered>
.ini: <filetype is not registered>
.inf: <filetype is not registered>
.vbe: <filetype is not registered>
.vbs: <filetype is not registered>
.js: <filetype is not registered>
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-05-27 02:35:19 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2013-05-27 02:35:19 372736 ----a-w- c:\windows\system32\athcfg11.dll
2013-05-27 02:35:19 36864 ----a-w- c:\windows\system32\acs.exe
2013-05-27 02:35:19 233472 ----a-w- c:\windows\system32\wgapi.dll
2013-05-27 02:35:19 233472 ----a-w- c:\windows\system32\wcapi.dll
2013-05-27 02:34:56 472224 ----a-w- c:\windows\system32\ar5211.sys
2013-05-27 02:34:56 -------- d-----w- c:\program files\Lenovo
2013-05-27 02:34:32 1396835 ----a-w- c:\windows\system32\AegisE5.dll
2013-05-27 02:34:32 118784 ----a-w- c:\windows\system32\ATHCFG10.DLL
2013-05-27 02:34:18 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-05-27 02:34:18 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-05-27 02:34:18 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-05-27 02:34:18 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-05-27 02:34:17 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-05-27 02:28:02 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-05-27 02:28:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-05-27 02:28:00 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-05-27 02:26:59 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2013-05-27 02:25:59 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2013-05-27 02:24:59 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2013-05-27 02:23:59 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2013-05-27 02:22:54 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2013-05-27 02:21:58 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2013-05-27 02:20:55 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-05-27 02:19:53 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-05-27 02:18:59 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2013-05-27 02:17:56 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2013-05-27 02:16:58 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2013-05-27 02:09:47 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2013-05-27 00:56:46 943856 ----a-w- C:\WindowsXP-KB894543-x86-Symbols-ENU.exe
2013-05-27 00:56:46 1372912 ----a-w- C:\WindowsXP-KB894543-x86-ENU.exe
2013-05-27 00:26:14 -------- d-----w- C:\FRST
.
==================== Find3M ====================
.
2013-05-27 02:34:47 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-05-27 00:58:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-27 00:58:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-03 01:28:00 115 ----a-w- c:\windows\DeleteOnReboot.bat
.
============= FINISH: 21:14:14.12 ===============


.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Agere Systems AC'97 Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bonjour
CCleaner
Defraggler
ESET Online Scanner v3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
IBM ThinkPad Power Management Driver
IBM ThinkPad UltraNav Driver
Intel® PROSet/Wireless Software
iTunes
Java Auto Updater
Java™ 6 Update 35
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
QuickTime
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== End Of File ===========================

#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 07 June 2013 - 05:23 AM

Hy there and sorry for the delay.

My name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.
:spacer:
:spacer:
:spacer:
Please download Rkill by Grinler and save it to your desktop.
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Win 7: Right-click on it and Run As Administrator.
    ( Not possible if you run the .com file )
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

A logfile ( rkill.txt ) will be created on your desktop. Please post the contents in your next reply.
:spacer:
:spacer:
:spacer:
Download OTL to your Desktop.
  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please post both logfiles in your next reply.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 07 June 2013 - 08:06 PM

First off thanks for the help,
When I try to run krill it says "windows cannot open this file: to open this file, windows needs to know what program created it..."
I can either "use the web service to find the appropriate program" or "select the program from a list". I have not tried OTL yet

#6 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 08 June 2013 - 04:47 AM

Hy there.
Did you try both files from rKill ? One should be with an .exe extension and should run. Please let me know.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#7 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 08 June 2013 - 10:37 AM

I was able to run the exe file for krill but when I run the OTL I get a windows error that the program has encountered a problem and needs to close. And they are sorry for the inconvenience.

Here is the rkill log

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/08/2013 08:13:58 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.bat did not exist and was recreated!

* HKLM\batfile\shell\edit\command "@" was changed.
It was reset to "%1" %*!

* HKLM\batfile\shell\print\command "@" was changed.
It was reset to "%1" %*!

* HKLM\Software\Classes\.com did not exist and was recreated!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost


Program finished at: 06/08/2013 08:14:46 AM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)

#8 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 08 June 2013 - 01:16 PM

Download & SAVE to your Desktop RogueKiller for 32bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Launch RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Then Click on Scan button.
  • Wait until the Status box shows "Scan Finished".
  • Click on Delete.
  • Wait until the Status box shows "Deleting Finished".
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop.
  • Exit/Close RogueKiller.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#9 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 08 June 2013 - 02:59 PM

There was 2 logs for that one


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Eric [Admin rights]
Mode : Scan -- Date : 06/08/2013 14:39:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] b5f654e614ae6639c2b204da54b125b9
[BSP] 15ff7bddd55e6432223993c5ca6e73df : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06082013_02d1439.txt >>
RKreport[1]_S_06082013_02d1439.txt




RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Eric [Admin rights]
Mode : Remove -- Date : 06/08/2013 14:40:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] b5f654e614ae6639c2b204da54b125b9
[BSP] 15ff7bddd55e6432223993c5ca6e73df : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_06082013_02d1440.txt >>
RKreport[1]_S_06082013_02d1439.txt ; RKreport[2]_D_06082013_02d1440.txt

#10 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 08 June 2013 - 03:20 PM

This log looks good for me but there are still unregistered data types.


Download ComboFix from this location:

Link 1


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic %5BB%5D How to disable your security applications[/b]


====================================================


Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#11 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 09 June 2013 - 08:33 AM

combofix log

 

ComboFix 13-06-08.02 - Eric 06/09/2013   8:04.1.1 - x86
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-09 to 2013-06-09  )))))))))))))))))))))))))))))))
.
.
2013-05-27 02:35 . 2005-11-22 21:20 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2013-05-27 02:35 . 2005-11-22 21:20 372736 ----a-w- c:\windows\system32\athcfg11.dll
2013-05-27 02:35 . 2005-11-22 21:20 36864 ----a-w- c:\windows\system32\acs.exe
2013-05-27 02:35 . 2005-11-22 21:20 233472 ----a-w- c:\windows\system32\wgapi.dll
2013-05-27 02:35 . 2005-11-22 21:20 233472 ----a-w- c:\windows\system32\wcapi.dll
2013-05-27 02:34 . 2013-05-27 02:34 -------- d-----w- c:\program files\Lenovo
2013-05-27 02:34 . 2007-05-02 14:54 472224 ----a-w- c:\windows\system32\ar5211.sys
2013-05-27 02:34 . 2013-05-27 02:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2013-05-27 02:34 . 2005-11-22 21:20 1396835 ----a-w- c:\windows\system32\AegisE5.dll
2013-05-27 02:34 . 2005-08-31 20:55 118784 ----a-w- c:\windows\system32\ATHCFG10.DLL
2013-05-27 02:34 . 2013-05-27 02:34 -------- d-----w- c:\program files\Common Files\InstallShield
2013-05-27 02:28 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-05-27 02:28 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-05-27 02:28 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-05-27 02:26 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2013-05-27 02:25 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2013-05-27 02:24 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2013-05-27 02:23 . 2008-04-14 00:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2013-05-27 02:22 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2013-05-27 02:21 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2013-05-27 02:20 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-05-27 02:19 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-05-27 02:18 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2013-05-27 02:17 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2013-05-27 02:16 . 2008-04-13 18:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2013-05-27 02:09 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2013-05-27 00:56 . 2005-02-14 17:33 1372912 ----a-w- C:\WindowsXP-KB894543-x86-ENU.exe
2013-05-27 00:56 . 2005-02-14 17:32 943856 ----a-w- C:\WindowsXP-KB894543-x86-Symbols-ENU.exe
2013-05-27 00:26 . 2013-05-27 00:26 -------- d-----w- C:\FRST
2013-05-23 01:20 . 2013-05-23 01:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-27 02:34 . 2012-03-25 13:05 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-05-27 00:58 . 2012-04-01 17:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-27 00:58 . 2012-04-01 17:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-03 01:28 . 2013-04-03 01:27 115 ----a-w- c:\windows\DeleteOnReboot.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [x]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-15 26984]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-25 18:29 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:58]
.
2013-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 16:40]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 16:40]
.
2013-06-09 c:\windows\Tasks\User_Feed_Synchronization-{988BF6A3-32CF-4CB9-8D55-2003928C00C9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpgreetingrule1
uInternet Settings,ProxyOverride = *.local
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ProInst - c:\windows\Installer\iProInst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-09 08:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-06-09  08:11:44
ComboFix-quarantined-files.txt  2013-06-09 13:11
.
Pre-Run: 47,746,723,840 bytes free
Post-Run: 48,568,352,768 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 9CFABBB1D207F7C18BB3B138D9481A69
8F558EB6672622401DA993E1E865C861
 



#12 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 09 June 2013 - 10:10 AM

Hy there.
Still unable to connect wirelessly ?
Any problems when opening some .txt files ?


Please download Farbar's Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#13 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 09 June 2013 - 11:47 AM

no wireless, only works with cable plugged in.  The icon for wireless is missing completely, so I went control panel and then network connections and I don't see any icons there at all. 

 

Here is FSS Log

 

Farbar Service Scanner Version: 14-04-2013
Ran by Eric (administrator) on 09-06-2013 at 11:45:08
Running from "E:\Tools"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(11) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x0B0000000600000001000000020000000300000004000000050000000A0000000700000008000000090000000B000000
IpSec Tag value is correct.

**** End of log ****



#14 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 09 June 2013 - 12:37 PM

I doubt that this is a Malware Problem so lets see if I am able to fix this.

Please press the Windows + R Key and type in the following single-line command into the Run box and click OK

cmd

Into the command window type in sc query wzcsvc and hit OK
Verify if the state is RUNNING.


Could you post a screenshot of how it looks like in Control Panel -> Network Connections Window ?

How to create a Screen Shot on Windows XP

Please press the Print Key on your Keyboard. This will create a snapshot from your current desktop and save it to clip-board.
Nowfollow these steps.
  • Press the Windows + R Key ( or use Start --> Run )
  • Into the commandline type pbrush and press OK.
  • Now make one mouse-click into the Paint-window and press Ctrl + V. This will paste the current picture from your clip-board into your Paint window.
  • Here you can crop/resize the picture if you want.
  • Save the picture on a location where it is easy to find.
Please attach this picture in your next reply

If you have any problems, feel free to ask.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#15 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 09 June 2013 - 02:18 PM

ok here is the screen shot

 

 

Attached Files


Edited by JakerADog, 09 June 2013 - 02:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users