Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix causes computer to only boot to Safe Mode


  • Please log in to reply
19 replies to this topic

#1 PaperKiller

PaperKiller

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 07 October 2013 - 10:53 AM

I have a family member who got infected with a few different viruses/malware. I ran the usual scans for malware, but whenever I run ComboFix, the computer will not start in normal mode. I looked through the log, but an not seeing the cause. I created a restore point, so I can get back up and working, but I am wondering if someone could help me get rid of this virus and get the computer back up and running well. Thanks in advance.

 

Here is the log:

**********************************************************************************************************************************************************************

 

ComboFix 13-10-04.02 - Compaq_Owner 10/07/2013   9:28.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.735.171 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
c:\windows\system32\drivers\intelppm.sys was missing 
Restored copy from - c:\windows\ServicePackFiles\i386\intelppm.sys
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-07 to 2013-10-07  )))))))))))))))))))))))))))))))
.
.
2013-10-07 14:35 . 2008-04-14 06:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-10-07 14:35 . 2008-04-14 06:01 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2013-10-05 16:47 . 2013-10-07 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-05 16:46 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-10-05 16:46 . 2013-10-05 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-05 16:31 . 2013-10-05 16:31 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-04 14:48 . 2013-10-04 15:02 -------- d-----w- c:\windows\system32\drivers\NIS\1500020.001
2013-10-04 14:03 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-04 13:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-10-04 13:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2013-10-04 13:38 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-10-04 13:38 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-10-04 13:37 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-10-04 13:37 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2013-10-04 12:49 . 2013-10-04 14:12 -------- d-----w- c:\program files\CCleaner
2013-10-03 20:49 . 2013-10-03 20:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Symantec
2013-10-01 19:18 . 2013-10-01 19:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2013-10-01 19:18 . 2013-10-01 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-01 19:18 . 2013-10-04 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-10 21:30 . 2013-09-15 21:00 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-04 14:59 . 2011-02-11 16:00 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-09-21 16:17 . 2012-11-17 13:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 16:17 . 2012-11-17 13:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2004-08-04 11:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2004-08-04 11:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-08-04 11:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2004-08-04 11:00 406016 ----a-w- c:\windows\system32\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
2005-03-05 16:19 942080 ----a-w- c:\program files\EarthLink TotalAccess\TaskPanl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-28 11:53 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 02:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2013-05-16 15:59 3830224 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-01-28 11:44 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2004-06-17 23:02 64512 ----a-w- c:\program files\WildTangent\Apps\CDA\CDAEngine0400.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1500020.001\SymDS.sys [10/4/2013 9:50 AM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1500020.001\SymEFA.sys [10/4/2013 9:50 AM 935000]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [9/23/2013 11:37 PM 1097304]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1500020.001\ccSetx86.sys [10/4/2013 9:50 AM 117336]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1500020.001\Ironx86.sys [10/4/2013 9:50 AM 206936]
S2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.0.2.1\NIS.exe [10/4/2013 9:49 AM 275696]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/5/2013 11:46 AM 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/5/2013 11:46 AM 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [10/5/2013 11:46 AM 171928]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/4/2013 10:12 AM 108120]
S3 IDSxpx86;IDSxpx86;c:\program files\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSXpx86.sys [10/4/2013 4:54 PM 380832]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 16:17]
.
2013-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-10-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-05 15:58]
.
2013-10-05 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-05 15:57]
.
2013-10-05 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-05 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 167.142.225.3 167.142.225.5
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-07 09:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.0.2.1\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.0.2.1\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1500020.001\SYMTDI.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.0.2.1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(432)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-10-07  09:51:32 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-07 14:51
ComboFix2.txt  2013-10-05 16:23
ComboFix3.txt  2013-10-04 13:09
ComboFix4.txt  2013-10-01 23:35
ComboFix5.txt  2013-10-07 14:23
.
Pre-Run: 50,717,605,888 bytes free
Post-Run: 51,486,932,992 bytes free
.
- - End Of File - - 5C861A3778E552F5CCFBC79CCDEC0ACF
0AC6D996BCE152AED9600E6D6B797E2E
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 AM

Posted 10 October 2013 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

What was the problems you were having with this computer that made you think that ComboFix was the tool to use?
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 11 October 2013 - 03:32 PM

# AdwCleaner v3.007 - Report created 11/10/2013 at 14:57:37
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Owner - LOFT
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Program Files\Viewpoint
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
*************************
 
AdwCleaner[R0].txt - [2569 octets] - [11/10/2013 14:57:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2629 octets] ##########

# AdwCleaner v3.007 - Report created 11/10/2013 at 14:59:04
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Owner - LOFT
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
*************************
 
AdwCleaner[R0].txt - [2709 octets] - [11/10/2013 14:57:37]
AdwCleaner[S0].txt - [2686 octets] - [11/10/2013 14:59:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2746 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Compaq_Owner on Fri 10/11/2013 at 15:05:02.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/11/2013 at 15:16:35.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 15:26:41 on 2013-10-11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.735.362 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: SrchHook Class: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.0.2.1\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.0.2.1\ips\IPSBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.0.2.1\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink totalaccess\toolbar\SearchUI.dll/search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353052966531
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353059216328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 167.142.225.3 167.142.225.5
TCP: Interfaces\{5993040D-8884-4207-AE68-285CAC9F245D} : DHCPNameServer = 167.142.225.3 167.142.225.5
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1500020.001\SymDS.sys [2013-10-4 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1500020.001\SymEFA.sys [2013-10-4 935000]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.0.2.1\definitions\bashdefs\20130924.001\BHDrvx86.sys [2013-9-23 1097304]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1500020.001\ccSetx86.sys [2013-10-4 117336]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1500020.001\Ironx86.sys [2013-10-4 206936]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.0.2.1\NIS.exe [2013-10-4 275696]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-10-5 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-10-5 1033688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-10-4 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton internet security\nortondata\21.0.2.1\definitions\ipsdefs\20131010.001\IDSXpx86.sys [2013-10-11 380824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-10-5 171928]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]
S3 NAVENG;NAVENG;c:\program files\norton internet security\nortondata\21.0.2.1\definitions\virusdefs\20131010.023\NAVENG.SYS [2013-10-11 93272]
S3 NAVEX15;NAVEX15;c:\program files\norton internet security\nortondata\21.0.2.1\definitions\virusdefs\20131010.023\NAVEX15.SYS [2013-10-11 1612376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-10-11 20:17:09 17226632 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-11 20:04:11 -------- d-----w- c:\windows\ERUNT
2013-10-11 19:54:46 -------- d-----w- C:\AdwCleaner
2013-10-11 19:52:57 -------- d-----w- C:\b53c0d4ad39114e7b590148e3110
2013-10-11 19:41:32 446552 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symnets.sys
2013-10-11 19:41:32 421592 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symtdi.sys
2013-10-11 19:41:32 383576 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symtdiv.sys
2013-10-11 19:41:32 21520 ----a-r- c:\windows\system32\drivers\nis\1501000.012\symelam.sys
2013-10-11 19:41:31 935512 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symefa.sys
2013-10-11 19:41:31 651352 ----a-w- c:\windows\system32\drivers\nis\1501000.012\srtsp.sys
2013-10-11 19:41:31 367704 ----a-r- c:\windows\system32\drivers\nis\1501000.012\symds.sys
2013-10-11 19:41:31 32344 ----a-r- c:\windows\system32\drivers\nis\1501000.012\srtspx.sys
2013-10-11 19:41:31 206936 ----a-r- c:\windows\system32\drivers\nis\1501000.012\ironx86.sys
2013-10-11 19:41:31 127064 ----a-w- c:\windows\system32\drivers\nis\1501000.012\ccsetx86.sys
2013-10-11 19:41:06 14818 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symvtcer.dat
2013-10-11 19:41:06 -------- d-----w- c:\windows\system32\drivers\nis\1501000.012
2013-10-07 14:59:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-10-07 14:59:33 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-05 16:47:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-10-05 16:46:47 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-10-05 16:46:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-04 14:50:18 421208 ----a-r- c:\windows\system32\drivers\nis\1500020.001\symtdi.sys
2013-10-04 14:50:18 383064 ----a-r- c:\windows\system32\drivers\nis\1500020.001\symtdiv.sys
2013-10-04 14:50:17 935000 ----a-r- c:\windows\system32\drivers\nis\1500020.001\SymEFA.sys
2013-10-04 14:50:17 446552 ----a-r- c:\windows\system32\drivers\nis\1500020.001\symnets.sys
2013-10-04 14:50:17 367704 ----a-r- c:\windows\system32\drivers\nis\1500020.001\SymDS.sys
2013-10-04 14:50:17 32344 ----a-r- c:\windows\system32\drivers\nis\1500020.001\srtspx.sys
2013-10-04 14:50:17 21520 ----a-r- c:\windows\system32\drivers\nis\1500020.001\SymELAM.sys
2013-10-04 14:50:16 650840 ----a-r- c:\windows\system32\drivers\nis\1500020.001\srtsp.sys
2013-10-04 14:50:16 206936 ----a-r- c:\windows\system32\drivers\nis\1500020.001\Ironx86.sys
2013-10-04 14:50:16 117336 ----a-r- c:\windows\system32\drivers\nis\1500020.001\ccSetx86.sys
2013-10-04 14:48:59 14818 ----a-r- c:\windows\system32\drivers\nis\1500020.001\SymVTcer.dat
2013-10-04 14:48:50 -------- d-----w- c:\windows\system32\drivers\nis\1500020.001
2013-10-04 14:03:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-04 13:38:37 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-10-04 13:38:37 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2013-10-04 13:38:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-10-04 13:38:26 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-10-04 13:37:58 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-10-04 13:37:58 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2013-10-04 12:49:10 -------- d-----w- c:\program files\CCleaner
2013-10-03 20:59:40 -------- d-----w- C:\ComboFix(2)
2013-10-03 20:49:38 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Symantec
2013-10-01 19:18:26 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2013-10-01 19:18:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-10-01 19:18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-10-11 20:17:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 20:17:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-04 14:59:35 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 15:27:41.57 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/7/2005 1:34:00 PM
System Uptime: 10/11/2013 3:00:36 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon 
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 46.636 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.758 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1654: 7/10/2013 7:54:55 PM - System Checkpoint
RP1655: 7/11/2013 8:49:05 PM - System Checkpoint
RP1656: 7/13/2013 10:40:44 AM - System Checkpoint
RP1657: 7/14/2013 8:16:48 PM - System Checkpoint
RP1658: 7/16/2013 11:58:12 AM - System Checkpoint
RP1659: 7/17/2013 7:30:52 PM - System Checkpoint
RP1660: 7/19/2013 3:15:18 PM - System Checkpoint
RP1661: 7/20/2013 8:07:01 PM - System Checkpoint
RP1662: 7/21/2013 8:21:16 PM - System Checkpoint
RP1663: 7/23/2013 8:02:45 PM - System Checkpoint
RP1664: 7/25/2013 10:57:24 AM - System Checkpoint
RP1665: 7/26/2013 6:50:56 PM - System Checkpoint
RP1666: 7/27/2013 12:03:16 PM - Software Distribution Service 3.0
RP1667: 7/29/2013 12:33:23 PM - System Checkpoint
RP1668: 7/30/2013 6:05:29 PM - System Checkpoint
RP1669: 7/31/2013 8:08:56 PM - System Checkpoint
RP1670: 8/2/2013 2:01:38 PM - System Checkpoint
RP1671: 8/3/2013 6:56:49 PM - System Checkpoint
RP1672: 8/5/2013 1:02:54 PM - System Checkpoint
RP1673: 8/8/2013 4:20:07 PM - System Checkpoint
RP1674: 8/9/2013 9:19:46 PM - System Checkpoint
RP1675: 8/13/2013 12:52:09 PM - System Checkpoint
RP1676: 8/15/2013 12:33:45 PM - System Checkpoint
RP1677: 8/16/2013 8:17:11 PM - System Checkpoint
RP1678: 8/18/2013 1:02:51 PM - System Checkpoint
RP1679: 8/18/2013 3:57:37 PM - Software Distribution Service 3.0
RP1680: 8/24/2013 8:40:05 PM - System Checkpoint
RP1681: 8/26/2013 6:54:35 PM - System Checkpoint
RP1682: 8/28/2013 11:03:03 AM - System Checkpoint
RP1683: 8/29/2013 7:09:16 PM - System Checkpoint
RP1684: 8/30/2013 3:49:05 PM - Software Distribution Service 3.0
RP1685: 9/1/2013 6:38:37 PM - System Checkpoint
RP1686: 9/4/2013 1:18:12 PM - System Checkpoint
RP1687: 9/5/2013 7:23:29 PM - System Checkpoint
RP1688: 9/6/2013 2:40:37 PM - Software Distribution Service 3.0
RP1689: 9/7/2013 7:07:47 PM - System Checkpoint
RP1690: 9/9/2013 2:10:55 PM - System Checkpoint
RP1691: 9/10/2013 4:17:26 PM - Software Distribution Service 3.0
RP1692: 9/11/2013 4:46:54 PM - System Checkpoint
RP1693: 9/12/2013 7:49:10 PM - System Checkpoint
RP1694: 9/14/2013 7:46:22 PM - System Checkpoint
RP1695: 9/15/2013 3:57:24 PM - Software Distribution Service 3.0
RP1696: 9/16/2013 4:58:13 PM - System Checkpoint
RP1697: 9/18/2013 2:46:25 PM - System Checkpoint
RP1698: 9/19/2013 3:16:31 PM - System Checkpoint
RP1699: 9/21/2013 12:17:56 PM - System Checkpoint
RP1700: 9/23/2013 4:05:32 PM - System Checkpoint
RP1701: 9/25/2013 11:21:59 AM - System Checkpoint
RP1702: 10/1/2013 1:30:23 PM - ComboFix created restore point
RP1703: 10/3/2013 3:47:41 PM - Restore Operation
RP1704: 10/3/2013 4:53:01 PM - Restore Operation
RP1705: 10/4/2013 8:32:59 AM - Restore Operation
RP1706: 10/4/2013 1:51:03 PM - Software Distribution Service 3.0
RP1707: 10/5/2013 10:27:40 AM - saturday after malware cleanup
RP1708: 10/5/2013 11:30:42 AM - Restore Operation
RP1709: 10/6/2013 11:36:18 AM - System Checkpoint
RP1710: 10/7/2013 9:08:56 AM - Good before Combofix - Josh
RP1711: 10/7/2013 9:59:05 AM - Restore Operation
RP1712: 10/11/2013 2:52:36 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1310
1310_Help
1310Tour
1310Trb
Access Drivers
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.6
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Fish Games Client
Bonjour
CCleaner
Cinderella's Dollhouse
Compaq Organize
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Compaq (remove only)
Deal Info
Diego Dinosaur Rescue
EarthLink Common Authentication
EarthLink FastLane
EarthLink MailBox
EarthLink Software
EarthLink Spyware Blocker
EarthLink Wireless High Speed
Fax
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP PSC & OfficeJet 4.2
HP Software Update
HpSdpAppCoreApp
InterVideo WinDVD Player
iTunes
Java Auto Updater
Java™ 6 Update 23
KBD
Learn2 Player (Uninstall Only)
LSI PCI Soft Modem
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Overland
Polar Golfer from Compaq (remove only)
ProductContext
PS2
QFolder
QuickTime
Readme
RealPlayer
Redistributed Files
Road Ready Streetwise from Compaq (remove only)
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shrek 2 Ogre Bowler from Compaq (remove only)
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow!
Spybot - Search & Destroy
Super Granny from Compaq (remove only)
swMSM
TotalAccess Core Applications
Tradewinds from Compaq (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
10/5/2013 11:47:34 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
10/5/2013 11:47:34 AM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/5/2013 11:24:12 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/5/2013 11:21:35 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM BHDrvx86 ccSet_NIS eeCtrl Fips SRTSPX SymIRON SYMTDI
10/4/2013 9:22:52 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/4/2013 8:33:00 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/4/2013 8:06:02 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM BHDrvx86 eeCtrl Fips SRTSPX SymIRON SYMTDI
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706bf: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2861189).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2883150).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2868038).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2862330).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2861697).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2879017).
10/11/2013 2:17:20 PM, error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the Interface with IP address 192.168.200.154. The machine with the IP address 192.168.200.169 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================


#4 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 11 October 2013 - 03:33 PM

1st response is ADW before clean

2nd response is ADW after clean

3rd response is JRT

4th and 5th is DDS

 

Let me know what to do next.

Thanks for your help.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 AM

Posted 12 October 2013 - 07:21 AM

Open notepad and copy/paste the text in the quote box below into it:
 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-

ClearJavaCache::

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any remaining issues with this computer.

Edited by nasdaq, 12 October 2013 - 07:22 AM.


#6 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 12 October 2013 - 10:36 AM

Combofix still causes computer to reboot into safe mode only. See log below.

 

ComboFix 13-10-12.01 - Compaq_Owner 10/12/2013   9:59.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.735.255 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
c:\windows\system32\drivers\intelppm.sys was missing 
Restored copy from - c:\windows\ServicePackFiles\i386\intelppm.sys
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-12 to 2013-10-12  )))))))))))))))))))))))))))))))
.
.
2013-10-12 15:08 . 2008-04-14 06:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-10-12 15:08 . 2008-04-14 06:01 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2013-10-11 20:17 . 2013-10-11 20:17 17226632 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-11 20:04 . 2013-10-11 20:04 -------- d-----w- c:\windows\ERUNT
2013-10-11 19:54 . 2013-10-11 19:59 -------- d-----w- C:\AdwCleaner
2013-10-11 19:52 . 2013-10-11 19:59 -------- d-----w- C:\b53c0d4ad39114e7b590148e3110
2013-10-11 19:41 . 2013-10-11 19:41 -------- d-----w- c:\windows\system32\drivers\NIS\1501000.012
2013-10-11 19:25 . 2013-07-03 01:59 14976 ------w- c:\windows\system32\dllcache\usbscan.sys
2013-10-11 19:25 . 2013-07-17 00:58 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 19:25 . 2013-07-17 00:58 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 19:24 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-10-11 19:24 . 2013-08-09 00:55 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-10-11 19:24 . 2013-08-09 00:55 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-10-11 19:24 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-10-07 14:59 . 2013-10-07 14:59 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-05 16:47 . 2013-10-07 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-05 16:46 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-10-05 16:46 . 2013-10-05 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-04 14:48 . 2013-10-04 15:02 -------- d-----w- c:\windows\system32\drivers\NIS\1500020.001
2013-10-04 14:03 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-04 13:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-10-04 13:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2013-10-04 13:38 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-10-04 13:38 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-10-04 13:37 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-10-04 13:37 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2013-10-04 12:49 . 2013-10-04 14:12 -------- d-----w- c:\program files\CCleaner
2013-10-03 20:49 . 2013-10-03 20:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Symantec
2013-10-01 19:18 . 2013-10-01 19:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2013-10-01 19:18 . 2013-10-01 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-01 19:18 . 2013-10-04 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 20:17 . 2012-11-17 13:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-11 20:17 . 2012-11-17 13:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-04 14:59 . 2011-02-11 16:00 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-09-23 18:33 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31 . 2004-08-04 11:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2004-08-04 11:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2005-01-28 08:56 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2005-08-07 19:44 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2005-01-28 08:56 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2004-08-04 11:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-19 06:18 . 2013-07-19 06:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58 . 2011-02-11 17:56 123008 ------w- c:\windows\system32\drivers\usbvideo.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
2005-03-05 16:19 942080 ----a-w- c:\program files\EarthLink TotalAccess\TaskPanl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-28 11:53 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 02:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2013-05-16 15:59 3830224 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-01-28 11:44 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2004-06-17 23:02 64512 ----a-w- c:\program files\WildTangent\Apps\CDA\CDAEngine0400.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1500020.001\SymDS.sys [10/4/2013 9:50 AM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1500020.001\SymEFA.sys [10/4/2013 9:50 AM 935000]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [9/23/2013 11:37 PM 1097304]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1500020.001\ccSetx86.sys [10/4/2013 9:50 AM 117336]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1500020.001\Ironx86.sys [10/4/2013 9:50 AM 206936]
S2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.0.2.1\NIS.exe [10/4/2013 9:49 AM 275696]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/5/2013 11:46 AM 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/5/2013 11:46 AM 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [10/5/2013 11:46 AM 171928]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/4/2013 10:12 AM 108120]
S3 IDSxpx86;IDSxpx86;c:\program files\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131011.001\IDSXpx86.sys [10/11/2013 6:22 PM 380824]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:17]
.
2013-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-10-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-05 15:58]
.
2013-10-05 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-05 15:57]
.
2013-10-05 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-05 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-12 10:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.0.2.1\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.0.2.1\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1500020.001\SYMTDI.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.0.2.1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\WININET.dll
.
Completion time: 2013-10-12  10:27:33 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-12 15:27
ComboFix2.txt  2013-10-07 14:51
ComboFix3.txt  2013-10-05 16:23
ComboFix4.txt  2013-10-04 13:09
ComboFix5.txt  2013-10-12 14:54
.
Pre-Run: 49,613,750,272 bytes free
Post-Run: 50,414,112,768 bytes free
.
- - End Of File - - 7DF53EE352BA5190F9517B7E178E60BF
0AC6D996BCE152AED9600E6D6B797E2E


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 AM

Posted 12 October 2013 - 10:53 AM

Please locate this file [b]ComboFix-quarantined-files.txt[/quote
It should be in the ComboFix Quarantine folder.

Copy the content and post it in your next reply.

#8 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 12 October 2013 - 10:58 AM

2013-10-12 15:05:08 . 2013-10-12 15:05:08            8,369 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-10-12 14:59:37 . 2013-10-12 14:59:37                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2013-10-07 14:50:59 . 2013-10-07 14:50:59              618 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Notify-SDWinLogon.reg.dat
2013-10-01 18:54:31 . 2013-10-01 18:54:31            1,020 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-LSI Soft Modem.reg.dat
2013-10-01 18:54:14 . 2013-10-01 18:54:14               96 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-SpySweeper.reg.dat
2013-10-01 18:54:12 . 2013-10-12 15:26:53              118 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497}.reg.dat
2013-10-01 18:51:01 . 2004-04-30 11:01:14               53 ----a-w-  C:\Qoobox\Quarantine\D\Autorun.inf.vir
2013-10-01 18:32:43 . 2013-10-12 14:59:35              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-10-01 18:29:57 . 2013-10-12 14:54:12              357 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2009-02-08 18:25:49 . 2009-02-08 18:25:49              641 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk.vir
2009-02-08 18:25:49 . 2009-02-08 18:25:49              667 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Start Menu\A360\Help.lnk.vir
2009-02-08 18:25:49 . 2009-02-08 18:25:49              657 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Start Menu\A360\A360.lnk.vir
2006-10-19 03:47:20 . 2006-10-19 03:47:20          937,984 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB89.tmp.vir
2006-10-19 03:47:18 . 2006-10-19 03:47:18          222,208 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB84.tmp.vir
2005-01-28 11:39:42 . 2003-09-12 19:13:20           98,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\ps2.bat.vir


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 AM

Posted 12 October 2013 - 01:00 PM

Nothing at all indicates that ComboFix removed a file that caused your computer to not boot normally.

===

Looking at your Extra.txt log. I found this error.

10/5/2013 11:21:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BHDrvx86 ccSet_NIS eeCtrl Fips SRTSPX SymIRON SYMTDI

3 of these drivers are associated with Norton.

I suggest you remove the program using their uninstaller.
Download and run the Norton Removal Tool FOR YOUR CURRENT PROGRAM.
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

When finished restart the computer normally.

If all is well re-install Norton.

Keep me posted.

#10 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 14 October 2013 - 11:07 AM

I uninstalled Norton, ran Combofix and it needed to restart, upon restart, still only goes into safe mode.



#11 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 14 October 2013 - 11:12 AM

Here is the Combofix log:
 
ComboFix 13-10-12.01 - Compaq_Owner 10/14/2013  10:50:49.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.735.410 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
c:\windows\system32\drivers\intelppm.sys was missing 
Restored copy from - c:\windows\ServicePackFiles\i386\intelppm.sys
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 15:56 . 2008-04-14 06:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-10-14 15:56 . 2008-04-14 06:01 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2013-10-14 15:44 . 2013-10-14 15:44 -------- d-----w- c:\windows\LastGood.Tmp
2013-10-12 15:37 . 2013-10-12 15:37 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-12 15:36 . 2013-10-12 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2013-10-12 15:36 . 2013-10-12 15:36 -------- d-----w- c:\program files\Viewpoint
2013-10-11 20:04 . 2013-10-11 20:04 -------- d-----w- c:\windows\ERUNT
2013-10-11 19:54 . 2013-10-11 19:59 -------- d-----w- C:\AdwCleaner
2013-10-11 19:52 . 2013-10-12 15:36 -------- d-----w- C:\b53c0d4ad39114e7b590148e3110
2013-10-11 19:41 . 2013-10-11 19:41 -------- d-----w- c:\windows\system32\drivers\NIS\1501000.012
2013-10-05 16:47 . 2013-10-07 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-05 16:46 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-10-05 16:46 . 2013-10-05 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-04 14:48 . 2013-10-14 15:30 -------- d-----w- c:\windows\system32\drivers\NIS\1500020.001
2013-10-04 14:03 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-04 13:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-10-04 13:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2013-10-04 13:38 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-10-04 13:38 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-10-04 13:37 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-10-04 13:37 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2013-10-04 12:49 . 2013-10-04 14:12 -------- d-----w- c:\program files\CCleaner
2013-10-03 20:49 . 2013-10-03 20:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Symantec
2013-10-01 19:18 . 2013-10-01 19:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2013-10-01 19:18 . 2013-10-01 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-01 19:18 . 2013-10-04 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-23 18:06 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-09-21 16:17 . 2012-11-17 13:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 16:17 . 2012-11-17 13:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2004-08-04 11:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-08-08 06:05 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-04 11:00 25600 ----a-w- c:\windows\system32\jsproxy(2).dll
2013-08-08 06:05 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-04 11:00 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-08-08 06:05 . 2004-08-04 11:00 105984 ----a-w- c:\windows\system32\url(3).dll
2013-08-08 06:05 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2004-08-04 11:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 13:30 . 2004-08-04 11:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
2005-03-05 16:19 942080 ----a-w- c:\program files\EarthLink TotalAccess\TaskPanl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-28 11:53 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 02:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2013-05-16 15:59 3830224 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-01-28 11:44 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2004-06-17 23:02 64512 ----a-w- c:\program files\WildTangent\Apps\CDA\CDAEngine0400.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
S2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/5/2013 11:46 AM 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/5/2013 11:46 AM 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [10/5/2013 11:46 AM 171928]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 16:17]
.
2013-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-10-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-05 15:58]
.
2013-10-05 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-05 15:57]
.
2013-10-05 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-05 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-14 11:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1720)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-10-14  11:12:09 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-14 16:12
ComboFix2.txt  2013-10-12 15:27
ComboFix3.txt  2013-10-07 14:51
ComboFix4.txt  2013-10-05 16:23
ComboFix5.txt  2013-10-14 15:49
.
Pre-Run: 49,688,838,144 bytes free
Post-Run: 50,472,968,192 bytes free
.
- - End Of File - - EFB69282B2D1307A950EC98029ACBA9E
0AC6D996BCE152AED9600E6D6B797E2E


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 AM

Posted 14 October 2013 - 12:13 PM

If you restore the computer to this state.

RP1702: 10/1/2013 1:30:23 PM - ComboFix created restore point

Is Normal Mode available?

If yes just run this tool for now. Post the logs and let me know what problems you are having with this computer.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

#13 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 14 October 2013 - 12:58 PM

Computer restored fine. See logs below.


DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 12:53:00 on 2013-10-14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.735.337 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x86.exe
c:\4250726cfc1098f20f9f96\Setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uProxyServer = :0
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: SrchHook Class: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink totalaccess\toolbar\SearchUI.dll/search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353052966531
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353059216328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-10-14 17:49:37 -------- d-----w- C:\4250726cfc1098f20f9f96
2013-10-14 17:38:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-10-14 17:38:51 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-12 15:36:09 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2013-10-12 15:36:07 -------- d-----w- c:\program files\Viewpoint
2013-10-11 20:04:11 -------- d-----w- c:\windows\ERUNT
2013-10-11 19:54:46 -------- d-----w- C:\AdwCleaner
2013-10-11 19:52:57 -------- d-----w- C:\b53c0d4ad39114e7b590148e3110
2013-10-11 19:41:32 446552 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symnets.sys
2013-10-11 19:41:32 421592 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symtdi.sys
2013-10-11 19:41:32 383576 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symtdiv.sys
2013-10-11 19:41:32 21520 ----a-r- c:\windows\system32\drivers\nis\1501000.012\symelam.sys
2013-10-11 19:41:31 935512 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symefa.sys
2013-10-11 19:41:31 651352 ----a-w- c:\windows\system32\drivers\nis\1501000.012\srtsp.sys
2013-10-11 19:41:31 367704 ----a-r- c:\windows\system32\drivers\nis\1501000.012\symds.sys
2013-10-11 19:41:31 32344 ----a-r- c:\windows\system32\drivers\nis\1501000.012\srtspx.sys
2013-10-11 19:41:31 206936 ----a-r- c:\windows\system32\drivers\nis\1501000.012\ironx86.sys
2013-10-11 19:41:31 127064 ----a-w- c:\windows\system32\drivers\nis\1501000.012\ccsetx86.sys
2013-10-11 19:41:06 14818 ----a-w- c:\windows\system32\drivers\nis\1501000.012\symvtcer.dat
2013-10-11 19:41:06 -------- d-----w- c:\windows\system32\drivers\nis\1501000.012
2013-10-05 16:47:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-10-05 16:46:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-04 14:48:50 -------- d-----w- c:\windows\system32\drivers\nis\1500020.001
2013-10-04 14:03:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-04 13:38:37 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-10-04 13:38:37 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2013-10-04 13:38:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-10-04 13:38:26 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-10-04 13:37:58 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-10-04 13:37:58 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2013-10-04 12:49:10 -------- d-----w- c:\program files\CCleaner
2013-10-03 20:59:40 -------- d-----w- C:\ComboFix(2)
2013-10-03 20:49:38 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Symantec
2013-10-01 19:18:26 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2013-10-01 19:18:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-10-01 19:18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-09-21 16:17:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 16:17:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-08-08 06:05:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 25600 ----a-w- c:\windows\system32\jsproxy(2).dll
2013-08-08 06:05:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:59 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-08-08 06:05:59 105984 ----a-w- c:\windows\system32\url(3).dll
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 12:55:28.64 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/7/2005 1:34:00 PM
System Uptime: 10/14/2013 12:42:57 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon 
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 46.17 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.758 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1658: 7/16/2013 11:58:12 AM - System Checkpoint
RP1659: 7/17/2013 7:30:52 PM - System Checkpoint
RP1660: 7/19/2013 3:15:18 PM - System Checkpoint
RP1661: 7/20/2013 8:07:01 PM - System Checkpoint
RP1662: 7/21/2013 8:21:16 PM - System Checkpoint
RP1663: 7/23/2013 8:02:45 PM - System Checkpoint
RP1664: 7/25/2013 10:57:24 AM - System Checkpoint
RP1665: 7/26/2013 6:50:56 PM - System Checkpoint
RP1666: 7/27/2013 12:03:16 PM - Software Distribution Service 3.0
RP1667: 7/29/2013 12:33:23 PM - System Checkpoint
RP1668: 7/30/2013 6:05:29 PM - System Checkpoint
RP1669: 7/31/2013 8:08:56 PM - System Checkpoint
RP1670: 8/2/2013 2:01:38 PM - System Checkpoint
RP1671: 8/3/2013 6:56:49 PM - System Checkpoint
RP1672: 8/5/2013 1:02:54 PM - System Checkpoint
RP1673: 8/8/2013 4:20:07 PM - System Checkpoint
RP1674: 8/9/2013 9:19:46 PM - System Checkpoint
RP1675: 8/13/2013 12:52:09 PM - System Checkpoint
RP1676: 8/15/2013 12:33:45 PM - System Checkpoint
RP1677: 8/16/2013 8:17:11 PM - System Checkpoint
RP1678: 8/18/2013 1:02:51 PM - System Checkpoint
RP1679: 8/18/2013 3:57:37 PM - Software Distribution Service 3.0
RP1680: 8/24/2013 8:40:05 PM - System Checkpoint
RP1681: 8/26/2013 6:54:35 PM - System Checkpoint
RP1682: 8/28/2013 11:03:03 AM - System Checkpoint
RP1683: 8/29/2013 7:09:16 PM - System Checkpoint
RP1684: 8/30/2013 3:49:05 PM - Software Distribution Service 3.0
RP1685: 9/1/2013 6:38:37 PM - System Checkpoint
RP1686: 9/4/2013 1:18:12 PM - System Checkpoint
RP1687: 9/5/2013 7:23:29 PM - System Checkpoint
RP1688: 9/6/2013 2:40:37 PM - Software Distribution Service 3.0
RP1689: 9/7/2013 7:07:47 PM - System Checkpoint
RP1690: 9/9/2013 2:10:55 PM - System Checkpoint
RP1691: 9/10/2013 4:17:26 PM - Software Distribution Service 3.0
RP1692: 9/11/2013 4:46:54 PM - System Checkpoint
RP1693: 9/12/2013 7:49:10 PM - System Checkpoint
RP1694: 9/14/2013 7:46:22 PM - System Checkpoint
RP1695: 9/15/2013 3:57:24 PM - Software Distribution Service 3.0
RP1696: 9/16/2013 4:58:13 PM - System Checkpoint
RP1697: 9/18/2013 2:46:25 PM - System Checkpoint
RP1698: 9/19/2013 3:16:31 PM - System Checkpoint
RP1699: 9/21/2013 12:17:56 PM - System Checkpoint
RP1700: 9/23/2013 4:05:32 PM - System Checkpoint
RP1701: 9/25/2013 11:21:59 AM - System Checkpoint
RP1702: 10/1/2013 1:30:23 PM - ComboFix created restore point
RP1703: 10/3/2013 3:47:41 PM - Restore Operation
RP1704: 10/3/2013 4:53:01 PM - Restore Operation
RP1705: 10/4/2013 8:32:59 AM - Restore Operation
RP1706: 10/4/2013 1:51:03 PM - Software Distribution Service 3.0
RP1707: 10/5/2013 10:27:40 AM - saturday after malware cleanup
RP1708: 10/5/2013 11:30:42 AM - Restore Operation
RP1709: 10/6/2013 11:36:18 AM - System Checkpoint
RP1710: 10/7/2013 9:08:56 AM - Good before Combofix - Josh
RP1711: 10/7/2013 9:59:05 AM - Restore Operation
RP1712: 10/11/2013 2:52:36 PM - Software Distribution Service 3.0
RP1713: 10/11/2013 3:30:36 PM - Software Distribution Service 3.0
RP1714: 10/11/2013 4:51:09 PM - After running ADW, JRT, and DDS -Josh 2013-10-11
RP1715: 10/11/2013 5:01:48 PM - Software Distribution Service 3.0
RP1716: 10/12/2013 10:33:02 AM - Restore Operation
RP1717: 10/14/2013 8:50:16 AM - System Checkpoint
RP1718: 10/14/2013 10:46:22 AM - After removing Norton. -Josh 2013-10-14
RP1719: 10/14/2013 12:38:24 PM - Restore Operation
RP1720: 10/14/2013 12:49:25 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1310
1310_Help
1310Tour
1310Trb
Access Drivers
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.6
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Fish Games Client
Bonjour
CCleaner
Cinderella's Dollhouse
Compaq Organize
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Compaq (remove only)
Deal Info
Diego Dinosaur Rescue
EarthLink Common Authentication
EarthLink FastLane
EarthLink MailBox
EarthLink Software
EarthLink Spyware Blocker
EarthLink Wireless High Speed
Fax
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP PSC & OfficeJet 4.2
HP Software Update
HpSdpAppCoreApp
InterVideo WinDVD Player
iTunes
Java Auto Updater
Java™ 6 Update 23
KBD
Learn2 Player (Uninstall Only)
LSI PCI Soft Modem
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Overland
Polar Golfer from Compaq (remove only)
ProductContext
PS2
QFolder
QuickTime
Readme
RealPlayer
Redistributed Files
Road Ready Streetwise from Compaq (remove only)
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shrek 2 Ogre Bowler from Compaq (remove only)
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow!
Super Granny from Compaq (remove only)
swMSM
TotalAccess Core Applications
Tradewinds from Compaq (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
10/7/2013 9:59:07 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/7/2013 9:49:44 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM BHDrvx86 ccSet_NIS eeCtrl Fips SRTSPX SymIRON SYMTDI
10/14/2013 11:08:33 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM Fips
10/12/2013 10:32:38 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/11/2013 3:01:25 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
10/11/2013 3:01:25 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706bf: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2861189).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2883150).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2868038).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2862330).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2861697).
10/11/2013 2:59:15 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2879017).
10/11/2013 2:17:20 PM, error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the Interface with IP address 192.168.200.154. The machine with the IP address 192.168.200.169 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 AM

Posted 14 October 2013 - 01:35 PM

This process is running . It's a patch by Microsoft.
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x86.exe
Not sure if it should be running.

Restart that computer and see if it's still running.
===


--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Please post the log for my review.

Let me know what problem you are having with this computer.

#15 PaperKiller

PaperKiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 14 October 2013 - 04:58 PM

RogueKiller V8.7.2 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Compaq_Owner [Admin rights]
Mode : Scan -- Date : 10/14/2013 16:57:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG SP0802N +++++
--- User ---
[MBR] 917f06c4041b7eb797a498805924b149
[BSP] 74cdfd2884eb3210c20e92864c293918 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 5382 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11022480 | Size: 70963 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10142013_165722.txt >>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users