Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

FBI.Cybercrime lock-out

This is a discussion on FBI.Cybercrime lock-out within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello and thank you in advance for helping me. I am locked out of my computer with a notice from


 
 
Thread Tools Search this Thread
Old 04-17-2013, 02:58 PM   #1
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



Hello and thank you in advance for helping me. I am locked out of my computer with a notice from "FBI.Cybercrime" to pay a fine or the FBI will be here to haul me off to prison.

I received a suggestion that through Bleeping Computers I would find the instructions to follow for self help removal of said virus. I followed those instruction which stated to download Hitman onto a flash drive and after instructing the computer to boot from the flash drive the hitman program would handle removing the virus.

My computer would not recognize the flash drive as bootable. I check the flash info via the run command and it does show up but either I did something wrong or it is more complicated that I thought. I AM the dummie that the "for dummies" books were written for I think and am ashamed to say I applied for and flunked out of security analyst school even before completing the first real task.

I am attaching dds logs per instructions. When I ran gmer the scan started up and ran for maybe a minute or two and the computer rebooted and went to the lock out screen. I am currently using the computer in "safe with networking" mode.

Again, thank you so much for what you do to help. I have much respect for hard work you do!

Cathy
Sacramento, CA
Windows XP, svs pk 3 running on an older eMachine

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/14/2006 9:48:37 PM
System Uptime: 4/17/2013 11:20:36 AM (3 hours ago)
.
Motherboard: First International Computer, Inc. | | K8M-800M
Processor: AMD Sempron(tm) Processor 3300+ | Socket 940 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 103.852 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.722 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP344: 2/12/2013 8:53:26 AM - System Checkpoint
RP345: 2/13/2013 10:23:48 AM - System Checkpoint
RP346: 2/14/2013 1:29:09 AM - Software Distribution Service 3.0
RP347: 2/15/2013 3:01:09 AM - Software Distribution Service 3.0
RP348: 2/16/2013 2:19:12 PM - System Checkpoint
RP349: 2/17/2013 1:00:39 PM - Installed Age of Empires III - The WarChiefs
RP350: 2/17/2013 1:02:22 PM - Installed Age of Empires III - The WarChiefs
RP351: 2/18/2013 9:22:12 PM - System Checkpoint
RP352: 2/20/2013 3:00:53 PM - System Checkpoint
RP353: 2/21/2013 3:31:11 PM - System Checkpoint
RP354: 2/22/2013 4:04:17 PM - System Checkpoint
RP355: 2/23/2013 4:15:51 PM - System Checkpoint
RP356: 2/24/2013 5:02:10 PM - System Checkpoint
RP357: 2/25/2013 5:51:32 PM - System Checkpoint
RP358: 2/26/2013 6:05:50 PM - System Checkpoint
RP359: 2/27/2013 9:27:15 PM - System Checkpoint
RP360: 2/28/2013 11:41:34 PM - System Checkpoint
RP361: 3/2/2013 10:25:17 AM - System Checkpoint
RP362: 3/3/2013 11:51:12 AM - System Checkpoint
RP363: 3/4/2013 1:10:32 PM - System Checkpoint
RP364: 3/5/2013 2:38:32 PM - System Checkpoint
RP365: 3/6/2013 3:27:53 PM - System Checkpoint
RP366: 3/7/2013 3:54:11 PM - System Checkpoint
RP367: 3/8/2013 6:00:11 PM - System Checkpoint
RP368: 3/10/2013 5:16:34 AM - System Checkpoint
RP369: 3/11/2013 12:04:35 PM - System Checkpoint
RP370: 3/12/2013 3:05:11 PM - System Checkpoint
RP371: 3/13/2013 3:01:02 AM - Software Distribution Service 3.0
RP372: 3/14/2013 11:20:31 AM - System Checkpoint
RP373: 3/15/2013 12:39:40 PM - System Checkpoint
RP374: 3/16/2013 1:03:41 PM - System Checkpoint
RP375: 3/17/2013 313 PM - System Checkpoint
RP376: 3/18/2013 3:15:49 PM - System Checkpoint
RP377: 3/19/2013 3:27:57 PM - System Checkpoint
RP378: 3/20/2013 5:18:20 PM - System Checkpoint
RP379: 3/21/2013 3:07:35 AM - Software Distribution Service 3.0
RP380: 3/22/2013 2:26:37 PM - System Checkpoint
RP381: 3/23/2013 2:34:43 PM - System Checkpoint
RP382: 3/24/2013 2:40:41 PM - System Checkpoint
RP383: 3/25/2013 4:22:39 PM - System Checkpoint
RP384: 3/26/2013 4:35:35 PM - System Checkpoint
RP385: 3/27/2013 4:44:56 PM - System Checkpoint
RP386: 3/28/2013 9:52:25 PM - System Checkpoint
RP387: 3/30/2013 1:38:55 AM - System Checkpoint
RP388: 3/31/2013 1:51:03 AM - System Checkpoint
RP389: 4/1/2013 9:58:32 AM - System Checkpoint
RP390: 4/2/2013 10:32:06 AM - System Checkpoint
RP391: 4/3/2013 10:44:37 AM - System Checkpoint
RP392: 4/4/2013 11:04:25 AM - System Checkpoint
RP393: 4/5/2013 11:12:47 AM - System Checkpoint
RP394: 4/6/2013 11:30:37 AM - System Checkpoint
RP395: 4/7/2013 12:34:58 PM - System Checkpoint
RP396: 4/8/2013 12:44:52 PM - System Checkpoint
RP397: 4/9/2013 1:52:25 PM - System Checkpoint
RP398: 4/10/2013 3:01:10 AM - Software Distribution Service 3.0
RP399: 4/11/2013 3:12:32 AM - System Checkpoint
RP400: 4/12/2013 3:46:53 AM - System Checkpoint
RP401: 4/13/2013 4:10:57 AM - System Checkpoint
RP402: 4/14/2013 2:14:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
5 Card Slingo Deluxe
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Type Manager 4.0
Apple Application Support
Apple Software Update
avast! Free Antivirus
Beetle Run 3.0
Bumper Deluxe
CCScore
Chicken Invaders v1.30
Cisco Connect
ClockDomain 1.0
CoolPic - Fun Social Pictures 2.0.0.428
Critical Update for Windows Media Player 11 (KB959772)
Deer Hunter 2
Diamond Drop (CD version)
Digital Media Reader
Disney Pix 2.0
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
File Type Assistant
Flaps 2.0
Free File Viewer 2012
FrostWire 5.3.8
Gem Jam 2.0
GhostMouse 2.0
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2005
HP Product Detection
InCD (Ahead Software)
InCD EasyWrite Reader (Ahead Software)
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Jasc Paint Shop Pro 9
Java 7 Update 11
Java Auto Updater
JavaFX 2.1.1
Juxto 2.0
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lexmark 2600 Series
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Entertainment Pack: The Puzzle Collection
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2000
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
MouseCam
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My DSC
netbrdg
Nickelodeon 3D Movie Maker 1.0
NumZum 2.0
OfotoXMI
Oilcap Pro 3.1
OpenMG Secure Module 4.7.00
Picasa 3
Pivot Stickfigure Animator
PrintKey2000
Quarry v3.0
QuickTime
QuickTime for Windows (32-bit)
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Recovery Software Suite eMachines
Rollem v3.0
S3GSetup
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Slingo Deluxe
Smileycons 6.0.1
SoftV92 Data Fax Modem with SmartCP
Squark 2.0
staticcr
swMSM
Team Apache
tooltips
Trophy Bass 3D Demo
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual Pinball
VIVA MEDIA GAME CENTER
VPRINTOL
Wall-Up v2.0
WebFldrs XP
Windows Backup Utility
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WIRELESS
Word in Works Suite add-in
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
.
==== Event Viewer Messages From Past Week ========
.
4/17/2013 12:31:28 AM, error: ATMhelpr [43] -
4/16/2013 7:40:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/16/2013 11:39:37 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
4/15/2013 10:17:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ATMhelpr Fips Processor
4/15/2013 10:16:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/14/2013 9:12:42 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
4/14/2013 9:12:42 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/14/2013 9:12:19 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Administrator at 14:16:56 on 2013-04-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.203 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.emachines.com/
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: CoolPic - Fun Social Pictures: {FEFE89E5-A43F-4f4b-8211-B11D91D02135} - c:\program files\coolpic - fun social pictures\Extension32.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [VTTimer] VTTimer.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\typeitin.lnk - c:\program files\typeitin\TypeItIn.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2108E348-A0C0-1563-D327-730450CF5E34} - hxxp://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} - hxxp://kraisoft.com/files/online/aquacade.cab
DPF: {41ACD49D-1974-791A-0981-AA9872721044} - hxxp://67.15.101.33/g_bin/eng/boards_2_0_0_35.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352005585978
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/qadummy/abxgh.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://pogoclub.oberon-media.com/online2/pogop/luxor_amun_rising/mjolauncher.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} - hxxp://67.15.101.3/g_bin/eng/hunter_2_0_0_26.cab
DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} - hxxp://download.gamedesire.com/g_bin/eng/pirate_2_0_0_30.cab
DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} - hxxp://67.15.101.3/g_bin/eng/domino_2_0_0_33.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://download.gamedesire.com/g_bin/eng/marbles_2_0_0_32.cab
DPF: {AC120B1D-9411-4111-AF52-118052D85D45} - hxxp://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} - hxxp://67.15.101.3/g_bin/eng/mahjong_2_0_0_29.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sweetopia/Sweetopia.1.0.0.22.cab
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} - hxxp://67.15.101.3/g_bin/eng/billard9_2_0_0_32.cab
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} - hxxp://67.15.101.3/g_bin/eng/billardt_2_0_0_34.cab
TCP: NameServer = 192.168.7.254
TCP: Interfaces\{3F76EB31-84F6-420A-83B1-53BF749BC9DE} : DHCPNameServer = 192.168.7.254
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\29fqmgzs.default\
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-20 02:49; [email protected]; c:\program files\alwil software\avast5\webrep\FF
FF - ExtSQL: 2013-04-12 18:05; [email protected]; c:\program files\mozilla firefox\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-20 49248]
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-1-29 9344]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-25 765736]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-12-14 368176]
S1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2007-2-18 4064]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-14 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-20 66336]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-23 45248]
S2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2008-1-29 448640]
S2 CoolPic - Fun Social Pictures Updater;CoolPic - Fun Social Pictures Updater;c:\program files\coolpic - fun social pictures\ExtensionUpdaterService.exe [2013-1-26 185856]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2011-7-11 94208]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-20 164736]
S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2009-9-2 17432]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2007-12-21 44928]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\iobit\game booster 3\driver\winring0.sys --> c:\program files\iobit\game booster 3\driver\WinRing0.sys [?]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2013-04-17 11:45:27 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-04-15 17:18:28 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2013-04-13 01:05:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2013-04-13 01:05:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2013-04-13 01:05:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-04-13 01:05:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-04-13 01:05:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-04-13 01:05:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-04-13 01:05:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-04-13 01:05:39 186432 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-04-13 01:05:38 163256 ----a-w- c:\program files\mozilla firefox\plugins\np-mswmp.dll
2013-04-13 01:05:16 749568 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\plugins\npGameTapWebPlayer.dll
2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-20 20:24:34 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 20:24:34 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-20 09:50:28 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-20 09:50:25 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-20 09:50:20 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
==================== Find3M ====================
.
2013-04-15 02:17:26 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-15 02:17:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 ------w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ------w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:32:51 41664 ----a-w- c:\windows\avastSS.scr
2013-03-02 0231 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 0230 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 0230 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2004-08-11 22:15:16 1867768 -c--a-r- c:\program files\autorun.exe
.
============= FINISH: 14:18:29.57 ===============
Cathy95820 is offline  
Sponsored Links
Advertisement
 
Old 04-20-2013, 01:25 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Is Administrator your normal userprofile?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal. For some infections, it may do this multiple times.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-20-2013, 07:34 PM   #3
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



Hi chemist and thank you.

Before I do the combo fix, you asked if I usually sign on as administrator and I don't believe so. It usually doesn't ask . Should start over logging in as me, Cathy?

In the meantime I shall look into anything I might need to keep safe and back it up.
Cathy95820 is offline  
Sponsored Links
Advertisement
 
Old 04-20-2013, 08:01 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Cathy. You're welcome. It would be best of you logged on your usual account. It will ask in Safe Mode with Networking.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-20-2013, 08:13 PM   #5
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



ok cool because it keeps telling me the anti virus is active. When I tried to deactivate it shows that IT is in safe mode (avast)??? So if I go on as Cathy per usual I hope I can deactivate it. I was just signing back on to re - read your directions how to deactivate in case I was doing something wrong.

ok wrote down instructions to deactivate and implementing now :)
Cathy95820 is offline  
Old 04-20-2013, 08:39 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know if you have trouble.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-20-2013, 08:46 PM   #7
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



The computer won't let me log in as Cathy...it starts up...I request safe mode but instead of the virus fbi screen it shuts down. Combo fix says the anti virus is running. I followed the TSF instructions to open avast troubleshooting, disable by unticking self defense module, click ok (then it says click yes but that option didn't come up) right click tray and I chose disable permanently (there was no stop on access protection option - just disable for hour - disable until restarted - disable permanently). Then I get the avast safe mode screen.

Maybe I should not have done this but I had the task manager running when I was trying to figure out why i couldn't turn it off so I told it to end program, which it did. However when trying combo fix again it says avast still running. (is it running in under the Cathy login that I cant get to?)

I am so sorry and waiting for you to advise me how to proceed.
Cathy95820 is offline  
Old 04-20-2013, 08:48 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Ignore the message and run ComboFix. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-20-2013, 08:50 PM   #9
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



okay thank you
Cathy95820 is offline  
Old 04-20-2013, 09:57 PM   #10
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



Combo fix log:

ComboFix 13-04-20.02 - Administrator 04/20/2013 21:25:55.7.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.262 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Documents\dll
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\LADII FRESH\WINDOWS
c:\documents and settings\Owner\Application Data\skype.dat
c:\documents and settings\Owner\Application Data\skype.ini
c:\documents and settings\Owner\My Documents\~WRD0004.tmp
c:\documents and settings\Owner\My Documents\~WRL0005.tmp
c:\documents and settings\Owner\My Documents\~WRL0677.tmp
c:\documents and settings\Owner\WINDOWS
C:\Install.exe
C:\Microsoft
c:\microsoft\Protect\CREDHIST
c:\program files\Retrogamer_2zEI
c:\program files\Windows Searchqu Toolbar
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
c:\windows\WINSOCK.DLL
.
.
((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-17 23:55 . 2013-04-17 23:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Unity
2013-04-17 23:54 . 2013-04-17 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2013-04-17 11:45 . 2013-04-17 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-04-15 17:18 . 2013-04-15 17:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-27 01:35 . 2013-03-27 01:35 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 02:17 . 2012-04-03 16:08 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-15 02:17 . 2011-11-11 01:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2004-08-26 16:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-26 16:12 2193408 ------w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 05:59 2070016 ------w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2013-03-20 09:50 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 22:33 . 2013-03-20 09:50 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 22:33 . 2011-06-25 11:07 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2008-12-14 19:31 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2008-12-14 19:31 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2008-12-14 19:31 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2013-03-20 09:50 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:33 . 2008-12-14 19:31 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2010-08-24 07:44 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2008-12-14 19:31 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:06 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-26 16:12 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-26 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-09-07 19:53 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-26 16:12 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2004-08-26 16:12 552448 ------w- c:\windows\system32\oleaut32.dll
2004-08-11 22:15 . 2004-08-11 22:15 1867768 -c--a-r- c:\program files\autorun.exe
2013-04-13 01:06 . 2013-04-13 01:06 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FEFE89E5-A43F-4f4b-8211-B11D91D02135}]
2013-01-09 20:51 167424 ----a-w- c:\program files\CoolPic - Fun Social Pictures\Extension32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-12 1101824]
"VTTrayp"="VTtrayp.exe" [2005-03-12 147456]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SoundMan"="SOUNDMAN.EXE" [2005-05-13 67584]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2012-7-24 189952]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-9-4 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-4 53317]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2007-1-17 869376]
TypeItIn.lnk - c:\program files\TypeItIn\TypeItIn.exe [2010-2-10 1266744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/20/2013 2:50 AM 49248]
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [1/29/2008 10:31 AM 9344]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/25/2011 4:07 AM 765736]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/14/2008 12:31 PM 368176]
S1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2/18/2007 7:55 PM 4064]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/14/2008 12:31 PM 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/20/2013 2:50 AM 66336]
S2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [1/29/2008 10:31 AM 448640]
S2 CoolPic - Fun Social Pictures Updater;CoolPic - Fun Social Pictures Updater;c:\program files\CoolPic - Fun Social Pictures\ExtensionUpdaterService.exe [1/26/2013 12:43 AM 185856]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [7/11/2011 10:44 AM 94208]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/20/2013 2:50 AM 164736]
S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [9/2/2009 1:37 AM 17432]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [12/21/2007 2:58 PM 44928]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:17]
.
2013-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-04-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03 22:32]
.
2013-04-21 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-09-23 22:24]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 19:07]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 19:07]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644218502-4249284583-2859340457-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-18 19:56]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644218502-4249284583-2859340457-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-18 19:56]
.
2013-04-21 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2011-09-23 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.7.254
DPF: {2108E348-A0C0-1563-D327-730450CF5E34} - hxxp://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} - hxxp://kraisoft.com/files/online/aquacade.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/qadummy/abxgh.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} - hxxp://67.15.101.3/g_bin/eng/hunter_2_0_0_26.cab
DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} - hxxp://download.gamedesire.com/g_bin/eng/pirate_2_0_0_30.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://download.gamedesire.com/g_bin/eng/marbles_2_0_0_32.cab
DPF: {AC120B1D-9411-4111-AF52-118052D85D45} - hxxp://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} - hxxp://67.15.101.3/g_bin/eng/mahjong_2_0_0_29.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} - hxxp://67.15.101.3/g_bin/eng/billardt_2_0_0_34.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\29fqmgzs.default\
FF - ExtSQL: 2013-03-20 02:49; [email protected]; c:\program files\Alwil Software\Avast5\WebRep\FF
FF - ExtSQL: 2013-04-12 18:05; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-NetZero_uoltray - c:\program files\NetZero\exec.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
AddRemove-Trophy Bass 3D Demo - c:\dynamix\Trophy Bass 3D Demo\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-20 21:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3644218502-4249284583-2859340457-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,4a,ac,30,56,63,00,4d,a6,a1,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,4a,ac,30,56,63,00,4d,a6,a1,c1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-20 21:50:56
ComboFix-quarantined-files.txt 2013-04-21 04:50
ComboFix2.txt 2011-03-09 00:31
.
Pre-Run: 111,204,204,544 bytes free
Post-Run: 115,137,933,312 bytes free
.
- - End Of File - - DB55DEF7CE06496D416124B2042C7A0C
Cathy95820 is offline  
Old 04-20-2013, 10:10 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cathy95820. Please tell us how your system is behaving.

Is Owner your normal userprofile? Are you logged on as Owner now?

------------------------------------------------------

I see you have P2P software ( FrostWire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Add or Remove Programs.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Your Java is out of date.

Java(TM) 7 Update 11 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-21-2013, 12:17 AM   #12
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



Preliminary report... (btw I didn't know it was going to be time to test drive already!!) When I restarted it logged me in as Cathy (not administrator) and I am not locked out anymore! The one thing I notice is that it was hella s-l-o-w like more than I have ever seen it be slow (but that is not to diminish the fact that I can open the computer up now!) I will work on the list of things you have asked me to do, I almost went to bed as I figured you probably were ready to call it a day. So if you would be so kind as to give me a little time to work on these things I will get back to you as soon as I can. I don't know if you are a pet owner, but we have a VERY old black lab (around 13 I think) When I stay up late he walks around huffing and puffing and sometimes from the sound of it he throws himself down on the floor behind my chair (just like a moody little kid) and this means HE wants to go to bed but won't till I do. Well, he is doing that LOL My point is, I almost went in the room but decided to check in here one more time and I am glad I did. You have been so great standing by for this process! I will promise to have these things available by the crack of dawn oK?

Before I forget do you know I actually received a recorded phone call yesterday from "the FBI"...I listened to a little of it before I hung up. I wonder if I am going to be in for more harrassment? Have others had this happen? I feel bad for the people that surely do think they have to play this game with these dirt bags! OK I'll be back
Cathy95820 is offline  
Old 04-21-2013, 04:14 AM   #13
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



Having a difficult time right off the bat. When I click to download Malwarebytes it doesn't download and my download window says blocked by my security zone policy. How do I change that?
Cathy95820 is offline  
Old 04-21-2013, 09:12 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cathy95820. Yes, others have had phone calls from the bad guys.

I'm not familiar with avast!. I used it a long time ago, but it has changed. You'll have to check all your settings. Odd it would let you download ComboFix, but not MBAM.

Otherwise, you can download MBAM to USB drive on another computer and transfer it to your desktop.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-21-2013, 10:14 AM   #15
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



I think I should have shared this info last night. Maybe this had something to do with it. When I was logged in as the Administrator, and I was getting ready to run the program ComboFix, as I mentioned the computer said Avast was still running. I had to access Avast via the start>all programs>avast and when it opened up, it was showing the main Avast screen as if I were a new avast customer saying it was not registered and the registration period had expired. I have been using Avast since first becoming a TSF member back in 07.

I don't see the icon in the tray but I left the computer running when I went to bed. I am going to try to open it right now and see what happens. brb
Cathy95820 is offline  
Old 04-21-2013, 10:29 AM   #16
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



I have looked through the various options in the troubleshooting menu and see options in the "Browser Integration" category listing ie/firefox/chrome and next to each browser listed are 2 boxes to check :

security plugin (installed)
Ad blocker (not installed)

Could this be the setting it is referring to?

Should I un-tick security plugin and see if that lets me grab the program?
Cathy95820 is offline  
Old 04-21-2013, 11:02 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cathy95820. Yes, try un-ticking security plugin and see if that lets you download MBAM.

This sounds like a login issue.

If you are in Normal Mode, you should be logged on to your usual account, which I assume is Owner, correct?

You can go start > Shutdown > Logoff and see what account you are logged onto.

Ideally, we want you to be logged onto your usual account when running tools.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-21-2013, 11:58 AM   #18
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



ok here we go it dawned on me to check the settings on the browser itself. The Avast WebRep was disabled. As soon as I reactivated it, the Avast opened window saying scan in progress 90% complete, so I let it finish.

I tried to capture a screen shot of it but for some reason everything but the result page shows up. The end result was: 1 infected file
C:\Qoobox\...\skype.dat.vir
Status
Threat:Win32.LockScreen-TV[Trj]
Action: Move to chest

Also now have copy of malwarebytes. I had to open

control panel>internet options>security>internet>custom>misc>launching apps>prompt and it allowed the download no problem

Installed and running Malwarebytes now
Cathy95820 is offline  
Old 04-21-2013, 12:08 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cathy95820. Good job! That ESET find is just a file ComboFix quarantined. No worries.

Let me know when MBAM is finished. Also, did you update your Java?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-22-2013, 12:14 PM   #20
TSF Enthusiast
 
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 2,579
OS: Windows 7



Hi Chemist - I'm sorry I didn't get back to you yesterday , I got shanghai'd for a welcome home celebration for our friend. She is a below knee amputee (diabetes complication). She went to the VA hospital before Christmas to learn how to use her prosthesis and has FINALLY come home. We went to the Indian Casino (and lost should have stayed here and finished this).

OK computer is doing great as reported previous, it starts up as normal. There was a glitch this morning after it started I was hung up with the cursor showing the little hourglass thingy. I ended up pushing the power button off and trying again and seem to be good to go.

Here are the logs. I uninstalled the unmentionable P2P program. I did notice mention of one of them while watching one of the scans scroll through programs, but I know I uninstalled that long ago. Are there always going to be little scraps of things I have long ago deleted?

The eset scan said that "user stopped scan", but I know I didn't - I left yesterday while it was doing it's thing. No one disturbed the computer while I was gone, it was just as I left it. Hubby knew I was working (or rather YOU) on fixing it.

I updated the JAVA. Was that everything you needed?


Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.04.21.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-7C60552B9E [administrator]

4/21/2013 12:56:14 PM
mbam-log-2013-04-21 (12-56-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267910
Time elapsed: 36 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Documents and Settings\Owner\Application Data\skype.dat -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WiIQfraud9.zip Win32/Bagle.gen.zip worm

===============++++++++++++==========

Do you want me to try the eset scan again in case something DID interrupt it?

Thanks
Cathy95820 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with Caps Lock Key?
Hey everyone, just a quick question about something that's been really bugging me, whenever I press my caps lock key it does put caps lock on as it's supposed to but it also exits the box of whatever I'm typing in at the time, so whilst typing in this box here if I put caps lock on I have to click...
Jadams Laptop Support 25 10-23-2013 05:06 AM
Folder Lock locked inside itself.
Hi, I've been using the trial version of a product called Folder Lock on another computer than the one I'm using right now to type this message. I got a little too enthusiastic about locking away folders into Folder Lock on that other computer, and I think I locked away Folder Lock itself. ...
traeh Security and Firewalls 3 04-09-2013 10:13 AM
Jelly Bean - Lock Screen broken
Just got a 2nd hand Samsung s2, i cannot get the screen lock to work tried everything. This is a replacement for my last s2 that got wet on a boat. I know how to use the lock screen something is just broken here. Any help on how to activate the screen lock? it shows that it is locked under PIN mode...
domatic Android OS 4 02-16-2013 01:18 PM
Viper 5301 Lock Status with 2 way and 1 way remotes
With my 2 way remote I can hit function twice, followed by holding it down and it will display the "lock status". Using the 2 way remote, this seems to work fine. With the remote, if I lock the vehicle and then execute the buttons as described above, it shows locked. I unlock the vehicle with...
Viper5301 Car Audio and Alarms 2 10-18-2011 04:18 PM
disabling caps lock function (not the key itself)
Hello A week ago I spilled some water inside my laptop keyboard. At the beginning I couldn't type at all, but now the only problem I have is whenever I click the "n" or "b" keys the caps lock turns on (but the letters appear). Clicking on the actual caps lock key doesn't work. I think the...
tomchook Other Hardware Support 1 02-09-2011 03:50 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:28 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts