also @ TechSpot: Google challenges U.S. gag order, citing First Amendment

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Slender Man virus

Discussion in 'Virus and Malware Removal' started by daveed12vas, Dec 16, 2012.

Post New Reply

Page 1 of 3

daveed12vas Newcomer, in training Posts: 31

Dear TechSpot,
I just downloaded The Slender Man free game download from AtomicGamer.com and along with the Slender Man game I was made to download a set of other programs like: Yahoo Toolbar, PC Optimizer, SevenZip, and some others... I have The Slender Man game on my desktop now which is nice, but now I can no longer open programs with a double mouse click and my quick launch icons for Internet Explorer & Mozilla have disappeared from the taskbar. I think I might have a virus. Can you please help and take me through the removal process? Any help would be welcomed.

daveed12vas, Dec 16, 2012

#1
daveed12vas Newcomer, in training Posts: 31

www.malwarebytes.org

Database version: v2012.12.16.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GX620 [administrator]

12/16/2012 11:38:47 AM
mbam-log-2012-12-16 (11-38-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188691
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

daveed12vas, Dec 16, 2012

#2
daveed12vas Newcomer, in training Posts: 31

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Administrator at 11:58:53 on 2012-12-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2887 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\administrator\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Cartwheel: {B50DF051-E1D4-439C-B94E-F4DE82B56542} - c:\documents and settings\administrator\application data\cartwheel\Cartwheel.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
dRun: [Norton Download Manager{N360621005-SHPD-FSD25037}] c:\program files\norton management\engine\3.0.0.133\ccSvcHst.exe /m
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340484126046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350846574421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{2225B3BB-99B4-43AD-B80C-7B7402075F2B} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-2 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\mclient\0302000.013\ccsetx86.sys [2012-10-23 134304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-2 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-2 149624]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\administrator\application data\defaulttab\defaulttab\DTUpdate.exe [2012-12-16 107520]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-9 399432]
R2 MCLIENT;Norton Management;c:\program files\norton management\engine\3.2.0.19\ccsvchst.exe [2012-10-23 143928]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-2 138272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-6-19 103040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20121214.001\IDSXpx86.sys [2012-12-15 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-19 22856]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121215.006\NAVENG.SYS [2012-12-15 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121215.006\NAVEX15.SYS [2012-12-15 1601184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-19 676936]
.
=============== Created Last 30 ================
.
2012-12-16 15:58:14 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro
2012-12-16 15:28:45 -------- d-----w- c:\documents and settings\administrator\application data\DefaultTab
2012-12-16 15:28:32 -------- d-----w- c:\documents and settings\administrator\application data\Cartwheel
2012-12-16 15:28:23 -------- d-----w- c:\program files\Yahoo!
2012-12-14 16:29:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NPE
2012-12-09 21:51:23 -------- d-----w- C:\HOME2
.
==================== Find3M ====================
.
2012-12-12 17:32:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 17:32:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 03:48:47 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 03:48:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\mclient\0302000.013\ccsetx86.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 11:59:22.60 ===============

daveed12vas, Dec 16, 2012

#3
Broni Malware Annihilator Posts: 40,091 +187
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

I still need Attach.txt part of DDS.
Broni, Dec 16, 2012

#4
daveed12vas Newcomer, in training Posts: 31

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2010 5:15:43 PM
System Uptime: 12/16/2012 9:58:34 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 53.931 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP117: 9/19/2012 12:06:56 PM - System Checkpoint
RP118: 9/20/2012 12:41:13 PM - System Checkpoint
RP119: 9/21/2012 2:19:42 PM - System Checkpoint
RP120: 9/22/2012 4:14:18 PM - System Checkpoint
RP121: 9/26/2012 2:02:04 PM - System Checkpoint
RP122: 9/28/2012 3:29:48 PM - System Checkpoint
RP123: 9/29/2012 4:25:53 PM - System Checkpoint
RP124: 9/30/2012 10:04:44 PM - System Checkpoint
RP125: 10/2/2012 10:59:43 AM - System Checkpoint
RP126: 10/4/2012 10:18:39 AM - System Checkpoint
RP127: 10/5/2012 1:32:09 PM - System Checkpoint
RP128: 10/6/2012 5:43:53 PM - System Checkpoint
RP129: 10/6/2012 10:48:41 PM - Installed Java 7 Update 7
RP130: 10/8/2012 10:41:54 AM - System Checkpoint
RP131: 10/9/2012 1:33:42 PM - System Checkpoint
RP132: 10/12/2012 11:45:48 PM - System Checkpoint
RP133: 10/14/2012 12:09:14 AM - System Checkpoint
RP134: 10/16/2012 9:58:56 AM - System Checkpoint
RP135: 10/18/2012 9:17:26 AM - System Checkpoint
RP136: 10/19/2012 1:07:24 PM - System Checkpoint
RP137: 10/21/2012 2:12:41 PM - Software Distribution Service 3.0
RP138: 10/22/2012 10:58:48 AM - Installed Java 7 Update 9
RP139: 10/24/2012 10:12:42 AM - System Checkpoint
RP140: 10/26/2012 9:59:05 AM - System Checkpoint
RP141: 10/27/2012 12:38:19 PM - System Checkpoint
RP142: 10/30/2012 9:16:32 AM - System Checkpoint
RP143: 10/31/2012 11:57:56 AM - System Checkpoint
RP144: 11/1/2012 10:37:42 PM - System Checkpoint
RP145: 11/3/2012 3:30:42 PM - System Checkpoint
RP146: 11/4/2012 4:20:04 PM - System Checkpoint
RP147: 11/9/2012 9:56:23 AM - System Checkpoint
RP148: 11/10/2012 2:08:04 PM - System Checkpoint
RP149: 11/14/2012 5:23:53 PM - System Checkpoint
RP150: 11/15/2012 5:50:42 PM - System Checkpoint
RP151: 11/16/2012 6:14:45 PM - System Checkpoint
RP152: 11/18/2012 9:48:04 AM - System Checkpoint
RP153: 11/19/2012 10:29:12 AM - System Checkpoint
RP154: 11/20/2012 1:07:31 PM - System Checkpoint
RP155: 11/21/2012 4:14:37 PM - System Checkpoint
RP156: 11/22/2012 11:18:17 PM - System Checkpoint
RP157: 11/23/2012 11:38:15 PM - System Checkpoint
RP158: 11/24/2012 11:41:13 PM - System Checkpoint
RP159: 11/27/2012 1:21:50 PM - System Checkpoint
RP160: 11/28/2012 8:35:24 PM - System Checkpoint
RP161: 12/1/2012 9:06:35 PM - System Checkpoint
RP162: 12/3/2012 12:22:02 PM - System Checkpoint
RP163: 12/4/2012 4:38:42 PM - System Checkpoint
RP164: 12/8/2012 10:01:27 PM - System Checkpoint
RP165: 12/9/2012 2:31:25 PM - Software Distribution Service 3.0
RP166: 12/9/2012 5:03:35 PM - Installed LightScribe System Software.
RP167: 12/11/2012 9:52:33 AM - System Checkpoint
RP168: 12/13/2012 12:23:51 AM - System Checkpoint
RP169: 12/14/2012 11:16:06 AM - Norton_Power_Eraser_20121214111602046
RP170: 12/15/2012 9:55:20 PM - System Checkpoint
RP171: 12/16/2012 9:59:23 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD APP SDK Runtime
AMD Catalyst Install Manager
ATI AVIVO Codecs
Broadcom Gigabit Integrated Controller
Cartwheel Shopping
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDisplay 1.8
DefaultTab
Dell Driver Download Manager
DVD Shrink 3.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 26
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Nero 6 Ultra Edition
Norton 360
Norton Management
OpenOffice.org 3.1
PunkBuster Services
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/9/2012 11:26:15 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
12/9/2012 11:26:03 PM, error: Dhcp [1002] - The IP address lease 71.85.230.56 for the Network Card with network address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

daveed12vas, Dec 16, 2012

#5

daveed12vas Newcomer, in training Posts: 31

Oops! Okay Broni, here is the DDS Att.file

Things have only gotten worse with each keystroke on my PC.
When I launch Internet Explorer my entire PC freezes and I must restart. I am attempting to run my Norton360 right now. I will check back here after the Norton scan is complete. Thanks for helping.

daveed12vas, Dec 16, 2012

#6

Broni Malware Annihilator Posts: 40,091 +187

So far I don't see anything malicious there.

Did you try system restore to before installing that game?

Broni, Dec 16, 2012

#7
daveed12vas Newcomer, in training Posts: 31

I went to Add/Remove Programs and uninstalled YahooToolbar and PC Optimizer, and then did a System Restore to restore my PC to yesterdays restore point.

daveed12vas, Dec 16, 2012

#8
Broni Malware Annihilator Posts: 40,091 +187

...and?

Broni, Dec 16, 2012

#9
daveed12vas Newcomer, in training Posts: 31

Using System Restore did nothing to fix the problem. Over half of my desktop programs no longer respond to a double mouse click, when I open Internet Explorer my PC just freezes (mouse arrow becomes an hourglass), and Norton360 does not work. I've tried to run Norton twice and it stalls and freezes after scanning 2790 files. What is going on? Should I delete and reinstall IE Explorer? Should I delete or uninstall The Slender Man? And where did my taskbar icons go?

daveed12vas, Dec 16, 2012

#10
Broni Malware Annihilator Posts: 40,091 +187
Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Broni, Dec 16, 2012

#11
daveed12vas Newcomer, in training Posts: 31

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 12/16/2012 17:41:43

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x8ACAC610)
SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x8ACAC6F0)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8AD5C4A8)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E0F71 -> HOOKED (Unknown @ 0x8ACAD690)
SSDT[31] : NtConnectPort @ 0x80590E5B -> HOOKED (Unknown @ 0x8ABEA1B0)
SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x8ACACEC0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFACA -> HOOKED (Unknown @ 0x8ACADA60)
SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8AC18810)
SSDT[57] : NtDebugActiveProcess @ 0x80663261 -> HOOKED (Unknown @ 0x8ACAD1C0)
SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0x8ACB4878)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8AC592C0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x8ACACF90)
SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x8ACACAD8)
SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (Unknown @ 0x8AC94BC0)
SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x8ADCAAE8)
SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x8AB6F550)
SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0x8AC7E2C8)
SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8AB6E4A8)
SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (Unknown @ 0x8AB6FED8)
SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0x8ADA7308)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F573 -> HOOKED (Unknown @ 0x8ACADB50)
SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x8ACAC220)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x8AB6EA28)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8AD33930)
SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (Unknown @ 0x8ACAD280)
SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x8AB6FA28)
SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8AB6EE18)
SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8ADA52A8)
SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8AB6EED8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x8ADCAA28)
SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x8AC8E530)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AC0C910)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AB09258)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AB049D8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AC7C9D8)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AC6EAF0)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8ADF0D20)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8ADB3270)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8ADE67D0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8ADA9C50)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AC6F3E0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380013AS +++++
--- User ---
[MBR] 68543f0563158d43b37a920b968b72fe
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76293 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7]_D_12162012_02d1741.txt >>
RKreport[1]_S_12162012_02d1739.txt ; RKreport[2]_D_12162012_02d1740.txt ; RKreport[3]_D_12162012_02d1740.txt ; RKreport[4]_D_12162012_02d1741.txt ; RKreport[5]_D_12162012_02d1741.txt ;
RKreport[6]_D_12162012_02d1741.txt ; RKreport[7]_D_12162012_02d1741.txt

daveed12vas, Dec 16, 2012

#12
daveed12vas Newcomer, in training Posts: 31

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 12/16/2012 17:39:17

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x8ACAC610)
SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x8ACAC6F0)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8AD5C4A8)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E0F71 -> HOOKED (Unknown @ 0x8ACAD690)
SSDT[31] : NtConnectPort @ 0x80590E5B -> HOOKED (Unknown @ 0x8ABEA1B0)
SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x8ACACEC0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFACA -> HOOKED (Unknown @ 0x8ACADA60)
SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8AC18810)
SSDT[57] : NtDebugActiveProcess @ 0x80663261 -> HOOKED (Unknown @ 0x8ACAD1C0)
SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0x8ACB4878)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8AC592C0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x8ACACF90)
SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x8ACACAD8)
SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (Unknown @ 0x8AC94BC0)
SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x8ADCAAE8)
SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x8AB6F550)
SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0x8AC7E2C8)
SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8AB6E4A8)
SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (Unknown @ 0x8AB6FED8)
SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0x8ADA7308)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F573 -> HOOKED (Unknown @ 0x8ACADB50)
SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x8ACAC220)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x8AB6EA28)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8AD33930)
SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (Unknown @ 0x8ACAD280)
SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x8AB6FA28)
SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8AB6EE18)
SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8ADA52A8)
SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8AB6EED8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x8ADCAA28)
SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x8AC8E530)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AC0C910)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AB09258)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AB049D8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AC7C9D8)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AC6EAF0)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8ADF0D20)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8ADB3270)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8ADE67D0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8ADA9C50)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AC6F3E0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380013AS +++++
--- User ---
[MBR] 68543f0563158d43b37a920b968b72fe
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76293 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12162012_02d1739.txt >>
RKreport[1]_S_12162012_02d1739.txt

daveed12vas, Dec 16, 2012

#13
daveed12vas Newcomer, in training Posts: 31

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-16 17:45:13
-----------------------------
17:45:13.687 OS Version: Windows 5.1.2600 Service Pack 3
17:45:13.687 Number of processors: 2 586 0x403
17:45:13.687 ComputerName: GX620 UserName:
17:45:16.406 Initialize success
18:00:26.265 AVAST engine defs: 12121601
18:03:00.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:03:00.484 Disk 0 Vendor: ST380013AS 8.12 Size: 76293MB BusType: 3
18:03:00.500 Disk 0 MBR read successfully
18:03:00.500 Disk 0 MBR scan
18:03:00.609 Disk 0 Windows XP default MBR code
18:03:00.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76293 MB offset 63
18:03:00.609 Disk 0 scanning sectors +156248190
18:03:00.671 Disk 0 scanning C:\WINDOWS\system32\drivers
18:03:10.609 Service scanning
18:03:24.734 Modules scanning
18:03:30.125 Disk 0 trace - called modules:
18:03:30.140 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:03:30.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aef5ab8]
18:03:30.140 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8af4db58]
18:03:30.640 AVAST engine scan C:\WINDOWS
18:03:35.328 AVAST engine scan C:\WINDOWS\system32
18:05:30.484 AVAST engine scan C:\WINDOWS\system32\drivers
18:05:43.906 AVAST engine scan C:\Documents and Settings\Administrator
18:07:36.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:07:36.609 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

daveed12vas, Dec 16, 2012

#14
Broni Malware Annihilator Posts: 40,091 +187
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Dec 16, 2012

#15
daveed12vas Newcomer, in training Posts: 31

ComboFix 12-12-14.01 - Administrator 12/16/2012 19:34:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2916 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Administrator\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-17 01:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DefaultTab
2012-12-16 15:28 . 2012-12-16 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cartwheel
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\program files\Yahoo!
2012-12-14 16:29 . 2012-12-14 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2012-12-09 23:03 . 2012-12-09 23:03 -------- d-----w- c:\program files\Common Files\LightScribe
2012-12-09 21:51 . 2012-12-09 22:34 -------- d-----w- C:\HOME2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 17:32 . 2012-04-03 02:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 17:32 . 2011-06-17 22:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 03:48 . 2012-10-07 03:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 03:48 . 2011-06-17 22:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:19 . 2012-10-23 16:21 134304 ----a-w- c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2011-06-19 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16 . 2012-10-22 15:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 18:07 . 2012-12-01 18:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.

daveed12vas, Dec 16, 2012

#16
daveed12vas Newcomer, in training Posts: 31

I suddenly have seven (7) separate RogueKiller reports on my desktop. Do you need to see all of them?

daveed12vas, Dec 16, 2012

#17
Broni Malware Annihilator Posts: 40,091 +187

No, but Combofix log is incomplete.
Repost.
"C:\ComboFix.txt"

Broni, Dec 16, 2012

#18
daveed12vas Newcomer, in training Posts: 31

ComboFix 12-12-17.01 - Administrator 12/16/2012 22:53:37.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3012 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-17 01:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DefaultTab
2012-12-16 15:28 . 2012-12-16 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cartwheel
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\program files\Yahoo!
2012-12-14 16:29 . 2012-12-14 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2012-12-09 23:03 . 2012-12-09 23:03 -------- d-----w- c:\program files\Common Files\LightScribe
2012-12-09 21:51 . 2012-12-09 22:34 -------- d-----w- C:\HOME2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 17:32 . 2012-04-03 02:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 17:32 . 2011-06-17 22:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 03:48 . 2012-10-07 03:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 03:48 . 2011-06-17 22:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:19 . 2012-10-23 16:21 134304 ----a-w- c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2011-06-19 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16 . 2012-10-22 15:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 18:07 . 2012-12-01 18:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542}]
2012-10-17 22:18 231432 ----a-w- c:\documents and settings\Administrator\Application Data\Cartwheel\Cartwheel.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 01:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-25 03:00 32768 ----a-w- c:\windows\system32\rmctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-07-04 04:48 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/2/2012 9:52 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/2/2012 9:52 AM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 12:17 PM 995488]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys [10/23/2012 10:21 AM 134304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/2/2012 9:52 AM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/2/2012 9:52 AM 149624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 3:02 PM 399432]
R2 MCLIENT;Norton Management;c:\program files\Norton Management\Engine\3.2.0.19\ccsvchst.exe [10/23/2012 10:21 AM 143928]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [10/2/2012 9:52 AM 138272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [6/19/2011 11:41 AM 103040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:48 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121214.001\IDSXpx86.sys [12/15/2012 9:51 AM 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2011 3:20 PM 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2011 3:20 PM 676936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 21:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:32]
.
2012-12-17 c:\windows\Tasks\User_Feed_Synchronization-{7F981BCB-ABC9-4C36-9EBA-E7880CC42B20}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,06,89,b7,96,6d,80,42,96,8c,cf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,fa,d3,ba,3d,bf,3c,4e,a6,be,62,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,06,89,b7,96,6d,80,42,96,8c,cf,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-16 23:01:14
ComboFix-quarantined-files.txt 2012-12-17 05:01
ComboFix2.txt 2012-12-17 01:43
ComboFix3.txt 2012-02-06 23:56
ComboFix4.txt 2012-02-02 02:03
.
Pre-Run: 57,647,828,992 bytes free
Post-Run: 57,440,571,392 bytes free
.
- - End Of File - - D87C684EE45A8BB1736157E476EF7B88

daveed12vas, Dec 17, 2012

#19
daveed12vas Newcomer, in training Posts: 31

Oops, sorry about the error with ComboFix. I hope the new log is correct. I am still having all the same problems with Internet Explorer, programs will not start via double mouse click, and Norton360 stalls out just after 2000 files are scanned. Thanks for the help Broni.

daveed12vas, Dec 17, 2012

#20

Page 1 of 3

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.