[RESOLVED] win32:malware-gen
Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: [RESOLVED] win32:malware-gen

  1. #1
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615

    Resolved [RESOLVED] win32:malware-gen

    i have the malware-gen in quarantine in avast. also win32:toggleA

    i ran the three scans....here's the mbam log
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.17.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: DELL-PC1 [administrator]

    1/17/2013 9:52:39 AM
    mbam-log-2013-01-17 (09-52-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 279573
    Time elapsed: 21 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    here's the aswMBR.txt

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-17 10:47:28
    -----------------------------
    10:47:28.531 OS Version: Windows 5.1.2600 Service Pack 3
    10:47:28.531 Number of processors: 1 586 0x209
    10:47:28.531 ComputerName: DELL-PC1 UserName: Owner
    10:47:30.093 Initialize success
    10:47:37.421 AVAST engine defs: 13011700
    10:47:41.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    10:47:41.062 Disk 0 Vendor: Maxtor_2F040L0 VAM51JJ0 Size: 39205MB BusType: 3
    10:47:41.093 Disk 0 MBR read successfully
    10:47:41.093 Disk 0 MBR scan
    10:47:41.109 Disk 0 Windows XP default MBR code
    10:47:41.109 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
    10:47:41.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 39166 MB offset 64260
    10:47:41.171 Disk 0 scanning sectors +80276805
    10:47:41.296 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:48:07.140 Service scanning
    10:48:43.531 Modules scanning
    10:49:18.453 Disk 0 trace - called modules:
    10:49:18.484 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    10:49:18.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a0e6ab8]
    10:49:18.484 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a0e7b00]
    10:49:18.859 AVAST engine scan C:\WINDOWS
    10:49:52.203 AVAST engine scan C:\WINDOWS\system32
    10:53:24.375 AVAST engine scan C:\WINDOWS\system32\drivers
    10:53:46.609 AVAST engine scan C:\Documents and Settings\Owner
    11:04:17.609 AVAST engine scan C:\Documents and Settings\All Users
    11:05:47.718 Scan finished successfully
    11:06:29.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    11:06:29.843 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


    will send next 2 next post
    TIA
    the more you make...
    the more they take.

  2. #2
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    here's the attach.txt
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/4/2008 10:28:25 PM
    System Uptime: 1/17/2013 7:11:35 AM

    (8 hours ago)
    .
    Motherboard: Dell Computer Corp. | |

    0G1548
    Processor: Intel(R)

    Pentium(R) 4 CPU 2.40GHz |

    Microprocessor | 2392/533mhz
    .
    ==== Disk Partitions

    =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 38 GiB total,

    13.884 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items

    =============
    .
    ==== System Restore Points

    ===================
    .
    RP1410: 1/17/2013 2:59:17 AM -

    Software Distribution Service 3.0
    RP1411: 1/17/2013 4:21:36 AM -

    Installed Java 7 Update 11
    .
    ==== Installed Programs

    ======================
    .
    Acrobat.com
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.3
    Adobe Shockwave Player 11.6
    aiofw
    aioprnt
    aioscnnr
    avast! Free Antivirus
    BCM V.92 56K Modem
    Blue Coat® K9 Web Protection 4.0.288
    Broadcom 440x 10/100 Integrated

    Controller
    Broadcom Management Programs
    C4USelfUpdater
    center
    Clone Wars
    Compatibility Pack for the 2007 Office

    system
    Coupon Printer for Windows
    Critical Update for Windows Media

    Player 11 (KB959772)
    Dell ResourceCD
    Diskeeper 2009 Home
    EVEREST Home Edition v2.20
    Geek Squad POWER MANAGEMENT

    SOFTWARE
    Hotfix for Microsoft .NET Framework 3.0

    (KB932471)
    Hotfix for Microsoft .NET Framework 3.5

    SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5

    SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7

    (KB947864)
    Hotfix for Windows Media Format 11

    SDK (KB929399)
    Hotfix for Windows Media Player 11

    (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Icon Restore 1.0
    Intel(R) Extreme Graphics Driver
    Java 7 Update 11
    Java Auto Updater
    KODAK AiO Home Center
    ksDIP
    Lagarith lossless video codec (Remove

    Only)
    Malwarebytes Anti-Malware version

    1.70.0.1100
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security

    Update (KB2742597)
    Microsoft .NET Framework 1.1 Security

    Update (KB979906)
    Microsoft .NET Framework 2.0 Service

    Pack 2
    Microsoft .NET Framework 3.0 Service

    Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0

    for Windows XP
    Microsoft Encarta Encyclopedia Standard

    2004
    Microsoft Internationalized Domain

    Names Mitigation APIs
    Microsoft National Language Support

    Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007

    (English)
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework

    Feature Pack 1.0
    Microsoft Visual C++ 2005

    Redistributable
    Microsoft Visual C++ 2008

    Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008

    Redistributable - x86 9.0.30729.6161
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for

    Microsoft Word
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 16.0.2 (x86 en-US)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    NETGEAR WNDA3100v2 wireless USB

    2.0 adapter
    Picasa 3
    PreReq
    Secunia PSI
    Security Update for Microsoft .NET

    Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET

    Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET

    Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Windows

    (KB2564958)
    Security Update for Windows Internet

    Explorer 7 (KB938127)
    Security Update for Windows Internet

    Explorer 7 (KB942615)
    Security Update for Windows Internet

    Explorer 7 (KB944533)
    Security Update for Windows Internet

    Explorer 7 (KB950759)
    Security Update for Windows Internet

    Explorer 7 (KB953838)
    Security Update for Windows Internet

    Explorer 7 (KB958215)
    Security Update for Windows Internet

    Explorer 7 (KB960714)
    Security Update for Windows Internet

    Explorer 7 (KB961260)
    Security Update for Windows Internet

    Explorer 7 (KB963027)
    Security Update for Windows Internet

    Explorer 7 (KB974455)
    Security Update for Windows Internet

    Explorer 8 (KB2183461)
    Security Update for Windows Internet

    Explorer 8 (KB2360131)
    Security Update for Windows Internet

    Explorer 8 (KB2482017)
    Security Update for Windows Internet

    Explorer 8 (KB2510531)
    Security Update for Windows Internet

    Explorer 8 (KB2544521)
    Security Update for Windows Internet

    Explorer 8 (KB2559049)
    Security Update for Windows Internet

    Explorer 8 (KB2722913)
    Security Update for Windows Internet

    Explorer 8 (KB2744842)
    Security Update for Windows Internet

    Explorer 8 (KB2761465)
    Security Update for Windows Internet

    Explorer 8 (KB2799329)
    Security Update for Windows Internet

    Explorer 8 (KB971961)
    Security Update for Windows Internet

    Explorer 8 (KB974455)
    Security Update for Windows Internet

    Explorer 8 (KB976325)
    Security Update for Windows Internet

    Explorer 8 (KB978207)
    Security Update for Windows Internet

    Explorer 8 (KB981332)
    Security Update for Windows Media

    Player (KB2378111)
    Security Update for Windows Media

    Player (KB911564)
    Security Update for Windows Media

    Player (KB952069)
    Security Update for Windows Media

    Player (KB954155)
    Security Update for Windows Media

    Player (KB968816)
    Security Update for Windows Media

    Player (KB973540)
    Security Update for Windows Media

    Player (KB975558)
    Security Update for Windows Media

    Player (KB978695)
    Security Update for Windows Media

    Player 11 (KB954154)
    Security Update for Windows Media

    Player 6.4 (KB925398)
    Security Update for Windows Media

    Player 8 (KB917734)
    Security Update for Windows Media

    Player 9 (KB936782)
    Security Update for Windows Search 4 -

    KB963093
    Security Update for Windows XP

    (KB2079403)
    Security Update for Windows XP

    (KB2115168)
    Security Update for Windows XP

    (KB2121546)
    Security Update for Windows XP

    (KB2160329)
    Security Update for Windows XP

    (KB2229593)
    Security Update for Windows XP

    (KB2259922)
    Security Update for Windows XP

    (KB2279986)
    Security Update for Windows XP

    (KB2286198)
    Security Update for Windows XP

    (KB2296011)
    Security Update for Windows XP

    (KB2347290)
    Security Update for Windows XP

    (KB2360937)
    Security Update for Windows XP

    (KB2387149)
    Security Update for Windows XP

    (KB2393802)
    Security Update for Windows XP

    (KB2412687)
    Security Update for Windows XP

    (KB2419632)
    Security Update for Windows XP

    (KB2423089)
    Security Update for Windows XP

    (KB2440591)
    Security Update for Windows XP

    (KB2443105)
    Security Update for Windows XP

    (KB2476490)
    Security Update for Windows XP

    (KB2476687)
    Security Update for Windows XP

    (KB2478960)
    Security Update for Windows XP

    (KB2478971)
    Security Update for Windows XP

    (KB2479628)
    Security Update for Windows XP

    (KB2479943)
    Security Update for Windows XP

    (KB2481109)
    Security Update for Windows XP

    (KB2483185)
    Security Update for Windows XP

    (KB2485376)
    Security Update for Windows XP

    (KB2485663)
    Security Update for Windows XP

    (KB2503665)
    Security Update for Windows XP

    (KB2506212)
    Security Update for Windows XP

    (KB2507618)
    Security Update for Windows XP

    (KB2507938)
    Security Update for Windows XP

    (KB2508272)
    Security Update for Windows XP

    (KB2508429)
    Security Update for Windows XP

    (KB2509553)
    Security Update for Windows XP

    (KB2524375)
    Security Update for Windows XP

    (KB2535512)
    Security Update for Windows XP

    (KB2536276-v2)
    Security Update for Windows XP

    (KB2544893-v2)
    Security Update for Windows XP

    (KB2544893)
    Security Update for Windows XP

    (KB2555917)
    Security Update for Windows XP

    (KB2562937)
    Security Update for Windows XP

    (KB2566454)
    Security Update for Windows XP

    (KB2567680)
    Security Update for Windows XP

    (KB2570222)
    Security Update for Windows XP

    (KB2570947)
    Security Update for Windows XP

    (KB2584146)
    Security Update for Windows XP

    (KB2585542)
    Security Update for Windows XP

    (KB2592799)
    Security Update for Windows XP

    (KB2598479)
    Security Update for Windows XP

    (KB2603381)
    Security Update for Windows XP

    (KB2618451)
    Security Update for Windows XP

    (KB2619339)
    Security Update for Windows XP

    (KB2620712)
    Security Update for Windows XP

    (KB2624667)
    Security Update for Windows XP

    (KB2631813)
    Security Update for Windows XP

    (KB2646524)
    Security Update for Windows XP

    (KB2653956)
    Security Update for Windows XP

    (KB2655992)
    Security Update for Windows XP

    (KB2659262)
    Security Update for Windows XP

    (KB2661637)
    Security Update for Windows XP

    (KB2676562)
    Security Update for Windows XP

    (KB2686509)
    Security Update for Windows XP

    (KB2691442)
    Security Update for Windows XP

    (KB2698365)
    Security Update for Windows XP

    (KB2705219)
    Security Update for Windows XP

    (KB2707511)
    Security Update for Windows XP

    (KB2712808)
    Security Update for Windows XP

    (KB2719985)
    Security Update for Windows XP

    (KB2723135)
    Security Update for Windows XP

    (KB2724197)
    Security Update for Windows XP

    (KB2727528)
    Security Update for Windows XP

    (KB2731847)
    Security Update for Windows XP

    (KB2753842-v2)
    Security Update for Windows XP

    (KB2757638)
    Security Update for Windows XP

    (KB2758857)
    Security Update for Windows XP

    (KB2770660)
    Security Update for Windows XP

    (KB2779030)
    Security Update for Windows XP

    (KB923561)
    Security Update for Windows XP

    (KB923789)
    Security Update for Windows XP

    (KB938464)
    Security Update for Windows XP

    (KB941569)
    Security Update for Windows XP

    (KB946648)
    Security Update for Windows XP

    (KB950760)
    Security Update for Windows XP

    (KB950762)
    Security Update for Windows XP

    (KB950974)
    Security Update for Windows XP

    (KB951066)
    Security Update for Windows XP

    (KB951376-v2)
    Security Update for Windows XP

    (KB951698)
    Security Update for Windows XP

    (KB951748)
    Security Update for Windows XP

    (KB952004)
    Security Update for Windows XP

    (KB952954)
    Security Update for Windows XP

    (KB953839)
    Security Update for Windows XP

    (KB954211)
    Security Update for Windows XP

    (KB954459)
    Security Update for Windows XP

    (KB954600)
    Security Update for Windows XP

    (KB955069)
    Security Update for Windows XP

    (KB956391)
    Security Update for Windows XP

    (KB956572)
    Security Update for Windows XP

    (KB956744)
    Security Update for Windows XP

    (KB956802)
    Security Update for Windows XP

    (KB956803)
    Security Update for Windows XP

    (KB956841)
    Security Update for Windows XP

    (KB956844)
    Security Update for Windows XP

    (KB957095)
    Security Update for Windows XP

    (KB957097)
    Security Update for Windows XP

    (KB958644)
    Security Update for Windows XP

    (KB958687)
    Security Update for Windows XP

    (KB958690)
    Security Update for Windows XP

    (KB958869)
    Security Update for Windows XP

    (KB959426)
    Security Update for Windows XP

    (KB960225)
    Security Update for Windows XP

    (KB960715)
    Security Update for Windows XP

    (KB960803)
    Security Update for Windows XP

    (KB960859)
    Security Update for Windows XP

    (KB961371-v2)
    Security Update for Windows XP

    (KB961373)
    Security Update for Windows XP

    (KB961501)
    Security Update for Windows XP

    (KB968537)
    Security Update for Windows XP

    (KB969059)
    Security Update for Windows XP

    (KB969947)
    Security Update for Windows XP

    (KB970238)
    Security Update for Windows XP

    (KB970430)
    Security Update for Windows XP

    (KB971468)
    Security Update for Windows XP

    (KB971486)
    Security Update for Windows XP

    (KB971557)
    Security Update for Windows XP

    (KB971633)
    Security Update for Windows XP

    (KB971657)
    Security Update for Windows XP

    (KB971961)
    Security Update for Windows XP

    (KB972270)
    Security Update for Windows XP

    (KB973354)
    Security Update for Windows XP

    (KB973507)
    Security Update for Windows XP

    (KB973525)
    Security Update for Windows XP

    (KB973869)
    Security Update for Windows XP

    (KB973904)
    Security Update for Windows XP

    (KB974112)
    Security Update for Windows XP

    (KB974318)
    Security Update for Windows XP

    (KB974392)
    Security Update for Windows XP

    (KB974571)
    Security Update for Windows XP

    (KB975025)
    Security Update for Windows XP

    (KB975467)
    Security Update for Windows XP

    (KB975560)
    Security Update for Windows XP

    (KB975561)
    Security Update for Windows XP

    (KB975562)
    Security Update for Windows XP

    (KB975713)
    Security Update for Windows XP

    (KB977165-v2)
    Security Update for Windows XP

    (KB977816)
    Security Update for Windows XP

    (KB977914)
    Security Update for Windows XP

    (KB978037)
    Security Update for Windows XP

    (KB978251)
    Security Update for Windows XP

    (KB978262)
    Security Update for Windows XP

    (KB978338)
    Security Update for Windows XP

    (KB978542)
    Security Update for Windows XP

    (KB978601)
    Security Update for Windows XP

    (KB978706)
    Security Update for Windows XP

    (KB979309)
    Security Update for Windows XP

    (KB979482)
    Security Update for Windows XP

    (KB979687)
    Security Update for Windows XP

    (KB980195)
    Security Update for Windows XP

    (KB980218)
    Security Update for Windows XP

    (KB980232)
    Security Update for Windows XP

    (KB980436)
    Security Update for Windows XP

    (KB981322)
    Security Update for Windows XP

    (KB981852)
    Security Update for Windows XP

    (KB981957)
    Security Update for Windows XP

    (KB981997)
    Security Update for Windows XP

    (KB982132)
    Security Update for Windows XP

    (KB982214)
    Security Update for Windows XP

    (KB982665)
    Security Update for Windows XP

    (KB982802)
    Self-Teaching Program: MS Word 97 and

    2000
    Sony USB Driver
    SoundMAX
    Spelling Dictionaries Support For Adobe

    Reader 9
    SUPERAntiSpyware Free Edition
    swMSM
    Update for Microsoft .NET Framework

    3.5 SP1 (KB963707)
    Update for Microsoft Windows

    (KB971513)
    Update for Windows Internet Explorer 8

    (KB975364)
    Update for Windows Internet Explorer 8

    (KB976662)
    Update for Windows Internet Explorer 8

    (KB976749)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Feature Pack for Storage

    (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation

    Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    XML Paper Specification Shared

    Components Pack 1.0
    Zoo Tycoon 2
    .
    ==== Event Viewer Messages From

    Past Week ========
    .
    1/17/2013 9:07:35 AM, error: Service

    Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the

    Kodak AiO Device Service service to

    connect.
    1/17/2013 9:07:35 AM, error: Service

    Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the

    GoToAssist Remote Support Customer

    service to connect.
    1/17/2013 9:07:35 AM, error: Service

    Control Manager [7003] - The Kodak

    AiO Network Discovery Service service

    depends on the following nonexistent

    service: Bonjour Service
    1/17/2013 9:07:35 AM, error: Service

    Control Manager [7000] - The Kodak

    AiO Device Service service failed to start

    due to the following error: The service

    did not respond to the start or control

    request in a timely fashion.
    1/17/2013 9:07:35 AM, error: Service

    Control Manager [7000] - The

    GoToAssist Remote Support Customer

    service failed to start due to the

    following error: The service did not

    respond to the start or control request

    in a timely fashion.
    1/17/2013 10:11:56 AM, error: Service

    Control Manager [7001] - The Remote

    Access Connection Manager service

    depends on the Telephony service which

    failed to start because of the following

    error: The service cannot be started,

    either because it is disabled or because

    it has no enabled devices associated

    with it.
    .
    ==== End Of File

    =========================

    ==
    the more you make...
    the more they take.

  3. #3
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    here's the dds.txt
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
    Run by Owner at 15:52:59 on 2013-01-17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.948 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\GeekSquad\upssrv.exe
    C:\GeekSquad\upsio.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\System32\locator.exe
    C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Kodak\AiO\PrinterDriver\i386\EKIJ5000MUI.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.thefreedictionary.com/
    uWindow Title = IE
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [Conime] c:\windows\system32\conime.exe
    mRun: [EKIJ5000StatusMonitor] c:\program files\kodak\aio\printerdriver\i386\EKIJ5000MUI.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.10.1
    TCP: Interfaces\{32E1B3A4-385C-4FE5-B0FC-1260C5A6AF33} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3AF73393-2CD3-4FA5-9A48-4770C4D88581} : DHCPNameServer = 192.168.10.1
    TCP: Interfaces\{55A757A1-39AA-46C5-9F58-363DF1FB0790} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{6CAFF290-48C2-466C-80E2-428C5E7279E6} : DHCPNameServer = 192.168.1.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\m4da88p4.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.thefreedictionary.com/
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\m4da88p4.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\m4da88p4.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: !HIDDEN! 2009-10-20 14:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-9 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-5 361032]
    R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-5 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-5 44808]
    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-13 1078560]
    R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-9-18 303360]
    R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2010-11-9 36224]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-17 40776]
    R4 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
    R4 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]
    S2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-4-17 32768]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-9-18 1034240]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-9-18 50704]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
    .
    =============== Created Last 30 ================
    .
    2013-01-17 20:19:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-17 10:25:16 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
    2013-01-17 10:22:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-17 10:22:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2013-01-17 10:21:48 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-17 10:21:48 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-15 17:11:49 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-15 17:11:47 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2007-11-13 19:47:02 4364800 ----a-w- c:\program files\openofficeorg23.msi
    2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
    .
    ============= FINISH: 15:54:04.95 ===============
    the more you make...
    the more they take.

  4. #4
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    TIA broni . i'm hoping avast and malwarebytes took care of it,
    the more you make...
    the more they take.

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================== Let's run couple more checks...
    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ======================= Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

  6. #6
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    here's 2 roguekiller reports

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Scan -- Date : 01/18/2013 02:08:17

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] aswMBR.exe -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] videopadShakeIcon.job : C:\Documents and Settings\the 6 kids\Application Data\NCH Software\Program Files\VideoPad\videopad.exe -shakeicon -> FOUND
    [TASK][SUSP PATH] videopadDowngrade.job : C:\Documents and Settings\the 6 kids\Application Data\NCH Software\Program Files\VideoPad\videopad.exe -downgrade -> FOUND
    [TASK][SUSP PATH] AiO Home Center Registration Remind Task.job : C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Registration.exe -Gui -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys @ 0xB0A44620)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.132.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Maxtor 2F040L0 +++++
    --- User ---
    [MBR] 84a6e417466e6d3869fcef9f55122705
    [BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 39166 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01182013_02d0208.txt >>
    RKreport[1]_S_01182013_02d0208.txt

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 01/18/2013 02:09:08

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] aswMBR.exe -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] videopadShakeIcon.job : C:\Documents and Settings\the 6 kids\Application Data\NCH Software\Program Files\VideoPad\videopad.exe -shakeicon -> DELETED
    [TASK][SUSP PATH] videopadDowngrade.job : C:\Documents and Settings\the 6 kids\Application Data\NCH Software\Program Files\VideoPad\videopad.exe -downgrade -> DELETED
    [TASK][SUSP PATH] AiO Home Center Registration Remind Task.job : C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Registration.exe -Gui -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys @ 0xB0A44620)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.132.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Maxtor 2F040L0 +++++
    --- User ---
    [MBR] 84a6e417466e6d3869fcef9f55122705
    [BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 39166 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_01182013_02d0209.txt >>
    RKreport[1]_S_01182013_02d0208.txt ; RKreport[2]_D_01182013_02d0209.txt
    the more you make...
    the more they take.

  7. #7
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    good news?
    the mbar reports clean. no malware found
    the more you make...
    the more they take.

  8. #8
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    I always need to see logs even if they're clean.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
    - XP: http://support.microsoft.com/kb/948247

    =======================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  9. #9
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    ok will look for it
    it didn't generate a log that was obvious
    the more you make...
    the more they take.

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Go ahead with Combofix.

  11. #11
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    here's the 2 mbars....

    Malwarebytes Anti-Rootkit BETA 1.01.0.1016
    www.malwarebytes.org

    Database version: v2013.01.18.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: DELL-PC1 [administrator]

    1/18/2013 4:08:19 AM
    mbar-log-2013-01-18 (04-08-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27121
    Time elapsed: 1 hour(s), 43 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Malwarebytes Anti-Rootkit BETA 1.01.0.1016
    www.malwarebytes.org

    Database version: v2013.01.18.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: DELL-PC1 [administrator]

    1/18/2013 5:36:49 AM
    mbar-log-2013-01-18 (05-36-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27121
    Time elapsed: 1 hour(s), 24 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    the more you make...
    the more they take.

  12. #12
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    copy that
    the more you make...
    the more they take.

  13. #13
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    here's the combofix report
    ComboFix 13-01-17.04 - Owner 01/18/2013 18:07:13.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.965 [GMT -6:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Owner\g2ax_customer_downloadhelper_win32_x86.exe
    c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
    c:\documents and settings\Owner\WINDOWS
    c:\documents and settings\the 6 kids\System
    c:\documents and settings\the 6 kids\System\win_qs8.jqx
    c:\windows\COUPon~1.ocx
    c:\windows\expert
    c:\windows\expert\X2604.INI
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\SET81.tmp
    c:\windows\system32\SET86.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-17 10:25 . 2013-01-17 10:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
    2013-01-17 10:22 . 2013-01-17 10:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-17 10:22 . 2013-01-17 10:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-17 00:20 . 2013-01-17 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
    2013-01-16 18:51 . 2013-01-16 18:51 -------- d-sh--w- c:\documents and settings\Guest\IECompatCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 10:21 . 2012-11-07 19:02 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-17 10:21 . 2010-08-18 15:56 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-15 17:11 . 2012-11-07 21:42 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-15 17:11 . 2011-09-11 16:29 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 12:23 . 2003-07-16 20:24 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 22:49 . 2010-08-24 02:39 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25 . 2003-07-16 20:51 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01 . 2007-05-15 21:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02 . 2003-07-16 20:27 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2006-06-23 17:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-30 23:51 . 2011-06-09 13:22 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51 . 2010-03-05 06:30 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 23:51 . 2010-03-05 06:30 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-10-30 23:51 . 2010-03-05 06:30 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 23:51 . 2010-03-05 06:30 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-10-30 23:51 . 2010-03-05 06:30 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-10-30 23:51 . 2010-03-05 06:30 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 23:51 . 2010-03-05 06:30 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-10-30 23:51 . 2010-08-24 01:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 23:50 . 2010-03-05 06:30 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2007-11-13 19:47 . 2007-11-13 19:47 4364800 ----a-w- c:\program files\openofficeorg23.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
    2013-01-05 03:45 . 2013-01-17 09:31 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-08 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "EKIJ5000StatusMonitor"="c:\program files\Kodak\AiO\PrinterDriver\i386\EKIJ5000MUI.exe" [2009-04-07 1511424]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\the 6 kids\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WNDA3100v2 Genie.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-9-18 8453376]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
    backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
    backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
    backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
    2009-07-31 21:00 1626112 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9322:TCP"= 9322:TCP:EKDiscovery
    "9323:TCP"= 9323:TCP:EKDiscovery
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/9/2011 7:22 AM 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/5/2010 12:30 AM 361032]
    R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 5:39 PM 72992]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 8:24 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/5/2010 12:30 AM 21256]
    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 5:39 PM 1078560]
    R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [11/9/2010 1:31 PM 36224]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
    S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08 PM 32768]
    S2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [9/18/2012 1:49 PM 303360]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [9/18/2012 1:49 PM 1034240]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 2:47 PM 14336]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 12872]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 17:11]
    .
    2013-01-19 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 23:50]
    .
    2013-01-19 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\smartd~1\Messages\SDNotify.exe [2011-11-08 18:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.thefreedictionary.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.10.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m4da88p4.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.thefreedictionary.com/
    FF - ExtSQL: !HIDDEN! 2009-10-20 14:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-EzPrint - c:\program files\Lexmark 4300 Series\ezprint.exe
    MSConfigStartUp-lxcemon - c:\program files\Lexmark 4300 Series\lxcemon.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
    MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-18 18:27
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(512)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(756)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\geeksquad\upssrv.exe
    c:\geeksquad\upsio.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\windows\System32\locator.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\BCMSMMSG.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-18 18:39:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-19 00:39
    .
    Pre-Run: 14,794,067,968 bytes free
    Post-Run: 18,057,416,704 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 7A7255350479DF6D2D6ADF9BD69361CF
    the more you make...
    the more they take.

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Looks good.

    How is computer doing?

    =====================

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ======================

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    ===================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  15. #15
    Join Date
    Jun 2001
    Location
    wi,usa
    Posts
    615
    the computer is working much better...quicker for such an 'oldie'
    starting the next...
    the more you make...
    the more they take.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •