Whichie

please close this i'll manage without any help from here whichie

please close this whichie

Hi There! I still have an open topic problem for my XP and no one has help yet, but this PC vista has also been affected. I need one working to fix the other one. This one is running but at times takes up to five min or more to load. Thank you ahead of time if you take a look. Here are the initial reports: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.15.2 Run by holy at 18:14:20 on 2013-03-13 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.447.70 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE C:\Windows\system32\PSIService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{F62C4470-9CA5-4842-A9E8-DDB9838C16BC} : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2007-10-29 40928] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2007-10-29 27776] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000] . =============== Created Last 30 ================ . 2013-03-13 21:55:30 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f29e2719-578b-437f-8119-45e47f18d785}\mpengine.dll 2013-03-12 21:15:53 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2013-03-12 21:15:42 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8261ea7c-b507-4d48-adc7-7cfa6e8cfe27}\gapaengine.dll 2013-03-12 21:09:33 6954968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-03-04 18:33:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-16 23:04:09 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-02-16 15:56:38 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-16 15:56:35 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-16 15:56:34 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-16 15:56:26 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-16 15:55:57 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-16 15:55:56 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ==================== Find3M ==================== . 2013-03-12 23:56:56 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-12 23:56:55 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-04 18:33:04 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-04 18:33:03 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 18:17:19.09 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume1 Install Date: 12/26/2006 4:51:59 PM System Uptime: 3/13/2013 10:56:42 AM (8 hours ago) . Motherboard: ECS | | Alhena5 Processor: Intel® Celeron® D CPU 3.33GHz | CPU 1 | 3325/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 106 GiB total, 54.446 GiB free. D: is FIXED (NTFS) - 6 GiB total, 0.589 GiB free. E: is CDROM () F: is FIXED (NTFS) - 49 GiB total, 21.203 GiB free. G: is FIXED (NTFS) - 6 GiB total, 0.573 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Microsoft Tun Miniport Adapter #2 PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . ==== System Restore Points =================== . RP1786: 3/9/2013 7:27:57 PM - Scheduled Checkpoint RP1787: 3/10/2013 5:31:47 PM - Scheduled Checkpoint RP1789: 3/10/2013 5:47:38 PM - Revo Uninstaller's restore point - TightVNC 1.3.10 RP1790: 3/11/2013 1:22:10 PM - Scheduled Checkpoint RP1791: 3/12/2013 8:08:46 PM - Windows Update RP1792: 3/13/2013 11:15:19 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 9.0 Sprint Adobe AIR Adobe Flash Player 11 Plugin Adobe Shockwave Player 12.0 Apple Application Support Apple Software Update CCleaner Compaq Connections (remove only) D3DX10 DVD Play Epson Customer Participation Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 435 Series Printer Uninstall EpsonNet Print Ethereal 0.10.12 Foxit Reader getPlus® for Adobe Google Updater Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Feedback HP Easy Setup - Core HP Easy Setup - Frontend HP Product Detection HP Total Care Advisor HP Update innotek VirtualBox Java 7 Update 15 Java Auto Updater Junk Mail filter update LightScribe 1.4.124.1 Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox 10.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.4 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nvu 1.0 OGA Notifier 2.0.0048.0 PuTTY version 0.60 Python 2.4.3 QuickTime Realtek High Definition Audio Driver Revo Uninstaller 1.94 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI Soft Data Fax Modem with SmartCP swMSM Try Corel Snapfire muvee autoProducer add on Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.0 . ==== End Of File ===========================

Hiya, XP media center slowed down, then got several error msg. Microsoft explorer shuts down if I try to open anything on the hard drive, but I think the internet is still working. Here is a list of what I know. error xxx stop : 0x00000077 and same with F4 instead of 77. Didn't write down the rest of the error codes but they were similar. Received a DrWatson Postmorten Debugger. Went into msconfig and start tab and unchecked from start up itcm\Scheduler, itcm\Client and jusched. Ran windows essentials and malware bytes no detection of malware. Also the name of "my pc or computer" on desk top has changed to look like a strange bar code with strange symbols. Not able to reconize a name. The name of the recycle bin changed to something entirely different. I lost several documents off desk top. Can't look for them in search or open control panel cause the windows explorer stuts it down. Help please. Whichie Does anyone think this matter may call for a reinstall of OS? Appreciate your thoughts. Whichie

Gringo, I believe I have the same problem as Jimcat. Miniclip site, same date, so should I do as you have instructed Jimcat or start a new topic? I've had your help before. I found itcm\sheduler, itcm\Client, and Jusched.exe in start up and disabled them. But get the microsoft explorer has an unexpected error and needs to shut down. Can't do anything except be on internet. Thanks ahead of time. Whichie

Dear Gringo, Working on this last part for desk top XP. I see that I never did download Revo. I tried to do it now but not able maybe try later not sure, the page says thank you for downloading free version but it's not been downloaded I've checked and checked. I still have programs on pc like hiJack this and Security Check. Should I wait until I can download Revo cause I'd like to keep it for one, and maybe I need it to uninstall these other programs. Sure is running like a new pc. Whichie

Dear Gringo, Desk top Xp is doing much better. However when I opened email my AV popped up with a notice of a virus and removed it. ? coming from email apparently do I need to track down where this is coming or who this is coming from not sure. here are reports, ESET found problems. Also I left out the step of clicking on Advance etc. I didn't see that option. Whichie Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:51:48 PM, on 11/26/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17114) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\LTCM Client\ltcmScheduler.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Susan\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxfire.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1271891029375 O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell....lSystemLite.CAB O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- End of file - 7067 bytes C:\Documents and Settings\Susan\My Documents\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.AY application C:\System Volume Information\_restore{711D1841-40D6-4A14-9202-94D28AE8BE5C}\RP444\A0042055.exe a variant of Win32/Toolbar.Funmoods application F:\Program Files\eFax Messenger Plus\Faxwiz.exe probably a variant of Win32/Agent.MZYNNXP trojan F:\Program Files\eFax Messenger Plus\setup.exe probably a variant of Win32/Agent.MZYNNXP trojan

Dear Gringo, Reports from Whichie XP desk top is running fast now! Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.24.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Susan :: 21ST-J9NP6C9EM2 [administrator] 11/24/2012 4:30:35 PM mbam-log-2012-11-24 (16-30-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209188 Time elapsed: 8 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:55:53 PM, on 11/24/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17114) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\LTCM Client\ltcmScheduler.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Susan\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxfire.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271891029375 O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- End of file - 7153 bytes

Gringo, Things are working much faster eureka type moments. Whats next ? Whichie

Gringo, I used the prompt to reset the DMA and it did a report looking thing that looked like it reset or dos like that had information about the hdd master and slave. But if not I can do it the other way your showed. Let me no if you think this was wrong. I did a combofix and do not believe I dropped the java cashe in correctly the first time. So I did it again. Desk Top is much quicker. thanks can you say what has been wrong i.e. virus trojan malware just interested. Whichie ComboFix 12-11-20.02 - Susan 11/20/2012 23:18:43.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.450 [GMT -5:00] Running from: c:\documents and settings\Susan\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Susan\Desktop\CFScript.txt AV: CenturyLink™ Online Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: CenturyLink™ Online Security 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} . . ((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 ))))))))))))))))))))))))))))))) . . 2012-11-09 21:18 . 2012-11-09 21:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-09 21:18 . 2012-11-09 21:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2003-08-13 19:34 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2003-08-13 19:30 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 23:54 . 2012-06-20 23:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 03:16 . 2012-10-16 22:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-13 17:41 . 2012-09-13 17:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-13 17:41 . 2012-09-13 17:42 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-27 19:12 . 2006-06-23 15:33 832512 ----a-w- c:\windows\system32\wininet.dll 2012-08-27 19:12 . 2003-08-13 19:18 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-08-27 19:12 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll 2012-08-27 19:12 . 2003-08-13 19:16 17408 ----a-w- c:\windows\system32\corpol.dll 2012-08-24 13:53 . 2003-08-13 19:34 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-10-28 00:49 . 2012-10-28 00:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ltcmScheduler"="c:\program files\LTCM Client\ltcmScheduler.exe" [2009-08-05 105664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784] "F-Secure TNB"="c:\program files\CenturyLink Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "F-Secure Manager"="c:\program files\CenturyLink Online Security\Common\FSM32.EXE" [2009-08-05 199264] "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"= . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/21/2010 5:00 PM 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [4/21/2010 4:59 PM 82120] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\CenturyLink Online Security\HIPS\drivers\fshs.sys [4/21/2010 4:59 PM 68064] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [8/1/2012 6:21 PM 156160] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/1/2012 6:21 PM 125440] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 12:01 PM 521600] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [4/21/2010 4:58 PM 144440] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\CenturyLink Online Security\ORSP Client\fsorsp.exe [4/21/2010 4:59 PM 61088] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 66909248 *NewlyCreated* - ASWMBR *Deregistered* - 66909248 *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 21:18] . 2012-11-20 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\CENTUR~1\ANTI-V~1\fsav.exe [2010-04-21 15:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxfire.com/ LSP: c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-11-16 15:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: !HIDDEN! 2011-08-02 21:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-20 23:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1275210071-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(660) c:\program files\centurylink online security\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(716) c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL c:\program files\centurylink online security\hips\fshook32.dll . - - - - - - - > 'explorer.exe'(2512) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL c:\program files\centurylink online security\scanner-interface\fsgkiapi.dll . Completion time: 2012-11-20 23:26:53 ComboFix-quarantined-files.txt 2012-11-21 04:26 ComboFix2.txt 2012-11-21 03:55 ComboFix3.txt 2012-11-18 09:49 . Pre-Run: 27,659,046,912 bytes free Post-Run: 27,651,624,960 bytes free . - - End Of File - - 6DD514B8174112F8D60CFD166F518711 reset the DMA

Gringo, Whichie 18:43:23.0718 3568 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:43:25.0718 3568 ============================================================ 18:43:25.0718 3568 Current date / time: 2012/11/20 18:43:25.0718 18:43:25.0718 3568 SystemInfo: 18:43:25.0718 3568 18:43:25.0718 3568 OS Version: 5.1.2600 ServicePack: 3.0 18:43:25.0718 3568 Product type: Workstation 18:43:25.0718 3568 ComputerName: 21ST-J9NP6C9EM2 18:43:25.0718 3568 UserName: Susan 18:43:25.0718 3568 Windows directory: C:\WINDOWS 18:43:25.0718 3568 System windows directory: C:\WINDOWS 18:43:25.0718 3568 Processor architecture: Intel x86 18:43:25.0718 3568 Number of processors: 1 18:43:25.0718 3568 Page size: 0x1000 18:43:25.0718 3568 Boot type: Normal boot 18:43:25.0718 3568 ============================================================ 18:43:40.0375 3568 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:43:40.0421 3568 Drive \Device\Harddisk1\DR1 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:43:40.0500 3568 ============================================================ 18:43:40.0500 3568 \Device\Harddisk0\DR0: 18:43:40.0546 3568 MBR partitions: 18:43:40.0546 3568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F 18:43:40.0546 3568 \Device\Harddisk1\DR1: 18:43:40.0546 3568 MBR partitions: 18:43:40.0546 3568 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4C7F241 18:43:40.0546 3568 ============================================================ 18:43:40.0656 3568 C: <-> \Device\Harddisk0\DR0\Partition1 18:43:40.0828 3568 F: <-> \Device\Harddisk1\DR1\Partition1 18:43:40.0906 3568 ============================================================ 18:43:40.0906 3568 Initialize success 18:43:40.0906 3568 ============================================================ 18:44:19.0031 3000 ============================================================ 18:44:19.0031 3000 Scan started 18:44:19.0031 3000 Mode: Manual; 18:44:19.0031 3000 ============================================================ 18:44:20.0640 3000 ================ Scan system memory ======================== 18:44:29.0156 3000 System memory - ok 18:44:29.0156 3000 ================ Scan services ============================= 18:44:29.0375 3000 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe 18:44:29.0406 3000 ABBYY.Licensing.FineReader.Sprint.9.0 - ok 18:44:30.0125 3000 Abiosdsk - ok 18:44:30.0140 3000 abp480n5 - ok 18:44:30.0187 3000 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:44:30.0218 3000 ACPI - ok 18:44:30.0265 3000 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 18:44:30.0265 3000 ACPIEC - ok 18:44:30.0375 3000 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 18:44:30.0500 3000 AdobeFlashPlayerUpdateSvc - ok 18:44:30.0500 3000 adpu160m - ok 18:44:30.0546 3000 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 18:44:30.0562 3000 aec - ok 18:44:30.0625 3000 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 18:44:30.0703 3000 AFD - ok 18:44:30.0718 3000 Aha154x - ok 18:44:30.0734 3000 aic78u2 - ok 18:44:30.0734 3000 aic78xx - ok 18:44:30.0859 3000 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 18:44:30.0921 3000 Alerter - ok 18:44:30.0984 3000 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 18:44:30.0984 3000 ALG - ok 18:44:31.0000 3000 AliIde - ok 18:44:31.0015 3000 amsint - ok 18:44:31.0125 3000 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 18:44:31.0234 3000 AppMgmt - ok 18:44:31.0234 3000 asc - ok 18:44:31.0250 3000 asc3350p - ok 18:44:31.0265 3000 asc3550 - ok 18:44:31.0453 3000 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:44:31.0609 3000 aspnet_state - ok 18:44:31.0640 3000 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:44:31.0687 3000 AsyncMac - ok 18:44:31.0703 3000 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 18:44:31.0703 3000 atapi - ok 18:44:31.0718 3000 Atdisk - ok 18:44:31.0781 3000 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:44:31.0796 3000 Atmarpc - ok 18:44:31.0875 3000 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 18:44:31.0890 3000 AudioSrv - ok 18:44:31.0937 3000 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 18:44:31.0953 3000 audstub - ok 18:44:32.0109 3000 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys 18:44:32.0453 3000 BCMModem - ok 18:44:32.0531 3000 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 18:44:32.0546 3000 Beep - ok 18:44:32.0625 3000 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 18:44:32.0656 3000 BITS - ok 18:44:32.0718 3000 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 18:44:32.0718 3000 Browser - ok 18:44:32.0765 3000 [ C915A416F265149471D74E0815C928B2 ] bvrp_pci C:\WINDOWS\System32\drivers\bvrp_pci.sys 18:44:32.0812 3000 bvrp_pci - ok 18:44:33.0000 3000 catchme - ok 18:44:33.0093 3000 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 18:44:33.0109 3000 cbidf2k - ok 18:44:33.0125 3000 cd20xrnt - ok 18:44:33.0203 3000 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 18:44:33.0203 3000 Cdaudio - ok 18:44:33.0265 3000 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 18:44:33.0281 3000 Cdfs - ok 18:44:33.0296 3000 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:44:33.0328 3000 Cdrom - ok 18:44:33.0343 3000 Changer - ok 18:44:33.0390 3000 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 18:44:33.0390 3000 CiSvc - ok 18:44:33.0421 3000 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 18:44:33.0421 3000 ClipSrv - ok 18:44:33.0468 3000 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:44:33.0671 3000 clr_optimization_v2.0.50727_32 - ok 18:44:33.0671 3000 CmdIde - ok 18:44:33.0687 3000 COMSysApp - ok 18:44:33.0703 3000 Cpqarray - ok 18:44:33.0781 3000 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 18:44:33.0781 3000 CryptSvc - ok 18:44:33.0781 3000 dac2w2k - ok 18:44:33.0796 3000 dac960nt - ok 18:44:34.0062 3000 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 18:44:34.0062 3000 DcomLaunch - ok 18:44:34.0125 3000 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 18:44:34.0125 3000 Dhcp - ok 18:44:34.0187 3000 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 18:44:34.0187 3000 Disk - ok 18:44:34.0203 3000 dmadmin - ok 18:44:34.0343 3000 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 18:44:34.0390 3000 dmboot - ok 18:44:34.0453 3000 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 18:44:34.0453 3000 dmio - ok 18:44:34.0531 3000 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 18:44:34.0531 3000 dmload - ok 18:44:34.0593 3000 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 18:44:34.0593 3000 dmserver - ok 18:44:34.0656 3000 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 18:44:34.0656 3000 DMusic - ok 18:44:34.0718 3000 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 18:44:34.0718 3000 Dnscache - ok 18:44:34.0781 3000 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 18:44:34.0781 3000 Dot3svc - ok 18:44:34.0796 3000 dpti2o - ok 18:44:34.0890 3000 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 18:44:34.0890 3000 drmkaud - ok 18:44:34.0953 3000 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys 18:44:35.0046 3000 E100B - ok 18:44:35.0109 3000 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 18:44:35.0109 3000 EapHost - ok 18:44:35.0328 3000 [ F6D494D609D52A0E9596756C5540A978 ] ehSched C:\WINDOWS\ehome\ehSched.exe 18:44:35.0343 3000 ehSched - ok 18:44:35.0437 3000 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 18:44:35.0453 3000 EpsonBidirectionalService - ok 18:44:35.0531 3000 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe 18:44:35.0531 3000 EpsonCustomerParticipation - ok 18:44:35.0609 3000 [ 0786BF6298B4927FCFBB0B34614AEC79 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE 18:44:35.0609 3000 EPSON_EB_RPCV4_04 - ok 18:44:35.0625 3000 [ 41655972D8829F0974812FFE342031B5 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE 18:44:35.0625 3000 EPSON_PM_RPCV4_04 - ok 18:44:35.0656 3000 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 18:44:35.0656 3000 ERSvc - ok 18:44:35.0703 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 18:44:35.0703 3000 Eventlog - ok 18:44:35.0781 3000 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll 18:44:35.0781 3000 EventSystem - ok 18:44:35.0890 3000 [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys 18:44:35.0890 3000 F-Secure Gatekeeper - ok 18:44:35.0953 3000 [ A9BE66E05254B20DF82E0F7CDDECA7DD ] F-Secure Gatekeeper Handler Starter C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe 18:44:35.0953 3000 F-Secure Gatekeeper Handler Starter - ok 18:44:36.0031 3000 [ F5ACA65237C7511D5803CDC5E7003D75 ] F-Secure HIPS C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys 18:44:36.0031 3000 F-Secure HIPS - ok 18:44:36.0093 3000 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 18:44:36.0109 3000 Fastfat - ok 18:44:36.0171 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 18:44:36.0187 3000 FastUserSwitchingCompatibility - ok 18:44:36.0203 3000 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 18:44:36.0203 3000 Fdc - ok 18:44:36.0218 3000 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 18:44:36.0218 3000 Fips - ok 18:44:36.0234 3000 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:44:36.0234 3000 Flpydisk - ok 18:44:36.0296 3000 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 18:44:36.0312 3000 FltMgr - ok 18:44:36.0406 3000 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 18:44:36.0406 3000 FontCache3.0.0.0 - ok 18:44:36.0453 3000 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys 18:44:36.0468 3000 fsbts - ok 18:44:36.0593 3000 [ 8E0BF7478CC3BAED48282ADBC97ADAFB ] FSDFWD C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe 18:44:36.0593 3000 FSDFWD - ok 18:44:36.0656 3000 [ ACA3910A53A057B8C3A6EBF4EF788C7C ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys 18:44:36.0671 3000 FSFW - ok 18:44:36.0734 3000 [ 392E85687A902239C01BADDF212B1A36 ] FSMA C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE 18:44:36.0734 3000 FSMA - ok 18:44:36.0875 3000 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe 18:44:36.0875 3000 FSORSPClient - ok 18:44:36.0890 3000 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:44:36.0890 3000 Fs_Rec - ok 18:44:36.0921 3000 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:44:36.0921 3000 Ftdisk - ok 18:44:36.0984 3000 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:44:36.0984 3000 Gpc - ok 18:44:37.0125 3000 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:44:37.0125 3000 helpsvc - ok 18:44:37.0140 3000 HidServ - ok 18:44:37.0203 3000 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:44:37.0218 3000 HidUsb - ok 18:44:37.0265 3000 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 18:44:37.0281 3000 hkmsvc - ok 18:44:37.0281 3000 hpn - ok 18:44:37.0359 3000 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 18:44:37.0359 3000 HTTP - ok 18:44:37.0421 3000 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 18:44:37.0421 3000 HTTPFilter - ok 18:44:37.0437 3000 i2omgmt - ok 18:44:37.0453 3000 i2omp - ok 18:44:37.0468 3000 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:44:37.0468 3000 i8042prt - ok 18:44:37.0562 3000 [ DA58A8BE6A445835F603720C4BC8837E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 18:44:37.0625 3000 ialm - ok 18:44:37.0734 3000 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:44:37.0812 3000 idsvc - ok 18:44:37.0859 3000 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 18:44:37.0859 3000 Imapi - ok 18:44:37.0921 3000 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 18:44:37.0937 3000 ImapiService - ok 18:44:37.0953 3000 ini910u - ok 18:44:37.0968 3000 IntelIde - ok 18:44:38.0015 3000 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:44:38.0015 3000 intelppm - ok 18:44:38.0062 3000 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys 18:44:38.0062 3000 ip6fw - ok 18:44:38.0093 3000 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:44:38.0093 3000 IpFilterDriver - ok 18:44:38.0109 3000 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:44:38.0109 3000 IpInIp - ok 18:44:38.0156 3000 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:44:38.0171 3000 IpNat - ok 18:44:38.0187 3000 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:44:38.0203 3000 IPSec - ok 18:44:38.0250 3000 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 18:44:38.0250 3000 IRENUM - ok 18:44:38.0296 3000 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:44:38.0296 3000 isapnp - ok 18:44:38.0468 3000 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 18:44:38.0468 3000 JavaQuickStarterService - ok 18:44:38.0500 3000 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:44:38.0500 3000 Kbdclass - ok 18:44:38.0531 3000 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 18:44:38.0531 3000 kmixer - ok 18:44:38.0593 3000 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 18:44:38.0609 3000 KSecDD - ok 18:44:38.0671 3000 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 18:44:38.0671 3000 lanmanserver - ok 18:44:38.0734 3000 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 18:44:38.0734 3000 lanmanworkstation - ok 18:44:38.0750 3000 lbrtfdc - ok 18:44:38.0812 3000 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 18:44:38.0812 3000 LmHosts - ok 18:44:38.0859 3000 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 18:44:38.0859 3000 Messenger - ok 18:44:38.0906 3000 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 18:44:38.0906 3000 mnmdd - ok 18:44:38.0953 3000 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe 18:44:38.0968 3000 mnmsrvc - ok 18:44:39.0015 3000 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 18:44:39.0015 3000 Modem - ok 18:44:39.0062 3000 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 18:44:39.0078 3000 MODEMCSA - ok 18:44:39.0125 3000 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:44:39.0140 3000 Mouclass - ok 18:44:39.0203 3000 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:44:39.0218 3000 mouhid - ok 18:44:39.0234 3000 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 18:44:39.0234 3000 MountMgr - ok 18:44:39.0296 3000 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 18:44:39.0359 3000 MozillaMaintenance - ok 18:44:39.0375 3000 mraid35x - ok 18:44:39.0390 3000 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:44:39.0390 3000 MRxDAV - ok 18:44:39.0468 3000 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:44:39.0500 3000 MRxSmb - ok 18:44:39.0546 3000 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe 18:44:39.0546 3000 MSDTC - ok 18:44:39.0578 3000 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 18:44:39.0578 3000 Msfs - ok 18:44:39.0593 3000 MSIServer - ok 18:44:39.0656 3000 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:44:39.0656 3000 MSKSSRV - ok 18:44:39.0671 3000 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:44:39.0671 3000 MSPCLOCK - ok 18:44:39.0687 3000 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 18:44:39.0687 3000 MSPQM - ok 18:44:39.0734 3000 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:44:39.0734 3000 mssmbios - ok 18:44:39.0781 3000 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 18:44:39.0781 3000 Mup - ok 18:44:39.0859 3000 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 18:44:39.0890 3000 napagent - ok 18:44:39.0953 3000 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 18:44:39.0953 3000 NDIS - ok 18:44:40.0031 3000 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:44:40.0031 3000 NdisTapi - ok 18:44:40.0046 3000 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:44:40.0046 3000 Ndisuio - ok 18:44:40.0062 3000 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:44:40.0078 3000 NdisWan - ok 18:44:40.0140 3000 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 18:44:40.0140 3000 NDProxy - ok 18:44:40.0156 3000 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 18:44:40.0156 3000 NetBIOS - ok 18:44:40.0187 3000 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 18:44:40.0203 3000 NetBT - ok 18:44:40.0265 3000 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 18:44:40.0265 3000 NetDDE - ok 18:44:40.0281 3000 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 18:44:40.0281 3000 NetDDEdsdm - ok 18:44:40.0328 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 18:44:40.0343 3000 Netlogon - ok 18:44:40.0359 3000 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 18:44:40.0359 3000 Netman - ok 18:44:40.0421 3000 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:44:40.0437 3000 NetTcpPortSharing - ok 18:44:40.0484 3000 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 18:44:40.0484 3000 Nla - ok 18:44:40.0546 3000 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 18:44:40.0578 3000 Npfs - ok 18:44:40.0640 3000 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 18:44:40.0671 3000 Ntfs - ok 18:44:40.0687 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 18:44:40.0687 3000 NtLmSsp - ok 18:44:40.0765 3000 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 18:44:40.0796 3000 NtmsSvc - ok 18:44:40.0859 3000 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 18:44:40.0859 3000 Null - ok 18:44:40.0921 3000 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll 18:44:40.0921 3000 NWCWorkstation - ok 18:44:40.0968 3000 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:44:40.0968 3000 NwlnkFlt - ok 18:44:40.0984 3000 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:44:40.0984 3000 NwlnkFwd - ok 18:44:41.0031 3000 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 18:44:41.0031 3000 NwlnkIpx - ok 18:44:41.0062 3000 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 18:44:41.0062 3000 NwlnkNb - ok 18:44:41.0078 3000 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 18:44:41.0078 3000 NwlnkSpx - ok 18:44:41.0109 3000 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys 18:44:41.0125 3000 NWRDR - ok 18:44:41.0187 3000 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 18:44:41.0218 3000 OMCI - ok 18:44:41.0296 3000 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 18:44:41.0296 3000 Parport - ok 18:44:41.0312 3000 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 18:44:41.0312 3000 PartMgr - ok 18:44:41.0375 3000 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 18:44:41.0375 3000 ParVdm - ok 18:44:41.0390 3000 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 18:44:41.0390 3000 PCI - ok 18:44:41.0406 3000 PCIDump - ok 18:44:41.0468 3000 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 18:44:41.0468 3000 PCIIde - ok 18:44:41.0515 3000 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 18:44:41.0515 3000 Pcmcia - ok 18:44:41.0531 3000 PDCOMP - ok 18:44:41.0546 3000 PDFRAME - ok 18:44:41.0562 3000 PDRELI - ok 18:44:41.0562 3000 PDRFRAME - ok 18:44:41.0578 3000 perc2 - ok 18:44:41.0593 3000 perc2hib - ok 18:44:41.0656 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 18:44:41.0656 3000 PlugPlay - ok 18:44:41.0671 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 18:44:41.0671 3000 PolicyAgent - ok 18:44:41.0703 3000 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:44:41.0703 3000 PptpMiniport - ok 18:44:41.0765 3000 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 18:44:41.0765 3000 Processor - ok 18:44:41.0781 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 18:44:41.0781 3000 ProtectedStorage - ok 18:44:41.0796 3000 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 18:44:41.0796 3000 PSched - ok 18:44:41.0859 3000 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:44:41.0859 3000 Ptilink - ok 18:44:41.0875 3000 ql1080 - ok 18:44:41.0875 3000 Ql10wnt - ok 18:44:41.0890 3000 ql12160 - ok 18:44:41.0906 3000 ql1240 - ok 18:44:41.0921 3000 ql1280 - ok 18:44:41.0953 3000 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:44:41.0953 3000 RasAcd - ok 18:44:42.0015 3000 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 18:44:42.0015 3000 RasAuto - ok 18:44:42.0062 3000 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:44:42.0062 3000 Rasl2tp - ok 18:44:42.0125 3000 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 18:44:42.0125 3000 RasMan - ok 18:44:42.0156 3000 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:44:42.0171 3000 RasPppoe - ok 18:44:42.0171 3000 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 18:44:42.0187 3000 Raspti - ok 18:44:42.0203 3000 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:44:42.0218 3000 Rdbss - ok 18:44:42.0234 3000 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:44:42.0234 3000 RDPCDD - ok 18:44:42.0312 3000 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:44:42.0312 3000 rdpdr - ok 18:44:42.0390 3000 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 18:44:42.0390 3000 RDPWD - ok 18:44:42.0453 3000 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 18:44:42.0453 3000 RDSessMgr - ok 18:44:42.0484 3000 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 18:44:42.0500 3000 redbook - ok 18:44:42.0546 3000 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 18:44:42.0562 3000 RemoteAccess - ok 18:44:42.0625 3000 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 18:44:42.0625 3000 RemoteRegistry - ok 18:44:42.0640 3000 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe 18:44:42.0640 3000 RpcLocator - ok 18:44:42.0968 3000 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 18:44:42.0984 3000 RpcSs - ok 18:44:43.0031 3000 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe 18:44:43.0046 3000 RSVP - ok 18:44:43.0078 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 18:44:43.0078 3000 SamSs - ok 18:44:43.0125 3000 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 18:44:43.0125 3000 SCardSvr - ok 18:44:43.0171 3000 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 18:44:43.0171 3000 Schedule - ok 18:44:43.0234 3000 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:44:43.0234 3000 Secdrv - ok 18:44:43.0281 3000 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 18:44:43.0281 3000 seclogon - ok 18:44:43.0375 3000 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys 18:44:43.0437 3000 senfilt - ok 18:44:43.0500 3000 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 18:44:43.0515 3000 SENS - ok 18:44:43.0531 3000 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 18:44:43.0531 3000 serenum - ok 18:44:43.0578 3000 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 18:44:43.0593 3000 Serial - ok 18:44:43.0625 3000 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 18:44:43.0625 3000 Sfloppy - ok 18:44:43.0703 3000 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 18:44:43.0718 3000 SharedAccess - ok 18:44:43.0781 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 18:44:43.0781 3000 ShellHWDetection - ok 18:44:43.0796 3000 Simbad - ok 18:44:43.0890 3000 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 18:44:43.0968 3000 smwdm - ok 18:44:43.0984 3000 Sparrow - ok 18:44:44.0046 3000 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 18:44:44.0046 3000 splitter - ok 18:44:44.0125 3000 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 18:44:44.0125 3000 Spooler - ok 18:44:44.0140 3000 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 18:44:44.0156 3000 sr - ok 18:44:44.0218 3000 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 18:44:44.0218 3000 srservice - ok 18:44:44.0296 3000 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 18:44:44.0343 3000 Srv - ok 18:44:44.0437 3000 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 18:44:44.0437 3000 SSDPSRV - ok 18:44:44.0531 3000 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 18:44:44.0531 3000 stisvc - ok 18:44:44.0609 3000 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 18:44:44.0609 3000 swenum - ok 18:44:44.0640 3000 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 18:44:44.0640 3000 swmidi - ok 18:44:44.0656 3000 SwPrv - ok 18:44:44.0671 3000 symc810 - ok 18:44:44.0687 3000 symc8xx - ok 18:44:44.0703 3000 sym_hi - ok 18:44:44.0703 3000 sym_u3 - ok 18:44:44.0718 3000 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 18:44:44.0734 3000 sysaudio - ok 18:44:44.0765 3000 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 18:44:44.0765 3000 SysmonLog - ok 18:44:44.0843 3000 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 18:44:44.0843 3000 TapiSrv - ok 18:44:44.0937 3000 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:44:44.0968 3000 Tcpip - ok 18:44:45.0015 3000 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 18:44:45.0015 3000 TDPIPE - ok 18:44:45.0046 3000 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 18:44:45.0046 3000 TDTCP - ok 18:44:45.0078 3000 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 18:44:45.0078 3000 TermDD - ok 18:44:45.0156 3000 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 18:44:45.0156 3000 TermService - ok 18:44:45.0187 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 18:44:45.0187 3000 Themes - ok 18:44:45.0234 3000 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe 18:44:45.0250 3000 TlntSvr - ok 18:44:45.0265 3000 TosIde - ok 18:44:45.0296 3000 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 18:44:45.0296 3000 TrkWks - ok 18:44:45.0343 3000 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 18:44:45.0343 3000 Udfs - ok 18:44:45.0359 3000 ultra - ok 18:44:45.0453 3000 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 18:44:45.0468 3000 Update - ok 18:44:45.0531 3000 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 18:44:45.0546 3000 upnphost - ok 18:44:45.0593 3000 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 18:44:45.0593 3000 UPS - ok 18:44:45.0656 3000 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:44:45.0656 3000 usbccgp - ok 18:44:45.0703 3000 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:44:45.0718 3000 usbehci - ok 18:44:45.0765 3000 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:44:45.0765 3000 usbhub - ok 18:44:45.0828 3000 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:44:45.0828 3000 usbprint - ok 18:44:45.0875 3000 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:44:45.0890 3000 usbscan - ok 18:44:45.0906 3000 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:44:45.0906 3000 USBSTOR - ok 18:44:45.0953 3000 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:44:45.0953 3000 usbuhci - ok 18:44:45.0953 3000 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 18:44:45.0968 3000 VgaSave - ok 18:44:45.0968 3000 ViaIde - ok 18:44:46.0000 3000 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 18:44:46.0000 3000 VolSnap - ok 18:44:46.0062 3000 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 18:44:46.0078 3000 VSS - ok 18:44:46.0125 3000 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 18:44:46.0125 3000 W32Time - ok 18:44:46.0156 3000 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:44:46.0156 3000 Wanarp - ok 18:44:46.0171 3000 WDICA - ok 18:44:46.0187 3000 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 18:44:46.0203 3000 wdmaud - ok 18:44:46.0218 3000 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 18:44:46.0218 3000 WebClient - ok 18:44:46.0343 3000 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 18:44:46.0343 3000 winmgmt - ok 18:44:46.0421 3000 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 18:44:46.0421 3000 WmdmPmSN - ok 18:44:46.0500 3000 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll 18:44:46.0500 3000 Wmi - ok 18:44:46.0562 3000 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 18:44:46.0578 3000 WmiApSrv - ok 18:44:46.0640 3000 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 18:44:46.0640 3000 WS2IFSL - ok 18:44:46.0718 3000 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 18:44:46.0718 3000 wscsvc - ok 18:44:46.0750 3000 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 18:44:46.0750 3000 wuauserv - ok 18:44:46.0875 3000 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 18:44:46.0890 3000 WZCSVC - ok 18:44:46.0937 3000 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 18:44:46.0937 3000 xmlprov - ok 18:44:46.0953 3000 ================ Scan global =============================== 18:44:47.0015 3000 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 18:44:47.0078 3000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 18:44:47.0093 3000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 18:44:47.0109 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 18:44:47.0125 3000 [Global] - ok 18:44:47.0125 3000 ================ Scan MBR ================================== 18:44:47.0156 3000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 18:44:47.0343 3000 \Device\Harddisk0\DR0 - ok 18:44:47.0375 3000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 18:44:47.0515 3000 \Device\Harddisk1\DR1 - ok 18:44:47.0531 3000 ================ Scan VBR ================================== 18:44:47.0531 3000 [ C5FDCBAA72F8B519BBE0195F9EFC5E1E ] \Device\Harddisk0\DR0\Partition1 18:44:47.0531 3000 \Device\Harddisk0\DR0\Partition1 - ok 18:44:47.0546 3000 [ 1CBA119EFBE787A33D533C6AA9A210D9 ] \Device\Harddisk1\DR1\Partition1 18:44:47.0546 3000 \Device\Harddisk1\DR1\Partition1 - ok 18:44:47.0546 3000 ============================================================ 18:44:47.0546 3000 Scan finished 18:44:47.0546 3000 ============================================================ 18:44:47.0562 3828 Detected object count: 0 18:44:47.0562 3828 Actual detected object count: 0 aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-20 18:59:33 ----------------------------- 18:59:33.437 OS Version: Windows 5.1.2600 Service Pack 3 18:59:33.437 Number of processors: 1 586 0x209 18:59:33.437 ComputerName: 21ST-J9NP6C9EM2 UserName: Susan 19:00:07.515 Initialize success 19:04:36.718 AVAST engine defs: 12112000 19:04:59.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 19:04:59.281 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3 19:04:59.281 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c 19:04:59.281 Disk 1 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3 19:04:59.281 Disk 0 MBR read successfully 19:04:59.281 Disk 0 MBR scan 19:04:59.531 Disk 0 Windows XP default MBR code 19:04:59.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63 19:04:59.578 Disk 0 scanning sectors +78108030 19:04:59.765 Disk 0 scanning C:\WINDOWS\system32\drivers 19:05:25.765 Service scanning 19:05:57.312 Modules scanning 19:06:11.140 Disk 0 trace - called modules: 19:06:11.156 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 19:06:11.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b87ab8] 19:06:11.500 3 CLASSPNP.SYS[f7817fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83bccd98] 19:06:12.500 AVAST engine scan C:\WINDOWS 19:06:42.859 AVAST engine scan C:\WINDOWS\system32 19:11:15.390 AVAST engine scan C:\WINDOWS\system32\drivers 19:11:34.375 AVAST engine scan C:\Documents and Settings\Susan 19:13:32.484 AVAST engine scan C:\Documents and Settings\All Users 19:13:47.781 Scan finished successfully 19:27:40.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Susan\Desktop\MBR.dat" 19:27:40.609 The log file has been saved successfully to "C:\Documents and Settings\Susan\Desktop\aswMBR.txt"

Gringo, I thought I already gave you the combofix report but I don't see it. Forgive me ahead of time if I did but here it is again. ComboFix 12-11-16.02 - Susan 11/18/2012 4:40.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.515 [GMT -5:00] Running from: c:\documents and settings\Susan\My Documents\Downloads\ComboFix.exe AV: CenturyLink™ Online Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: CenturyLink™ Online Security 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Susan\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-09 21:18 . 2012-11-09 21:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-09 21:18 . 2012-11-09 21:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2003-08-13 19:34 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2003-08-13 19:30 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 23:54 . 2012-06-20 23:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 03:16 . 2012-10-16 22:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-13 17:41 . 2012-09-13 17:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-13 17:41 . 2012-09-13 17:42 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-27 19:12 . 2006-06-23 15:33 832512 ----a-w- c:\windows\system32\wininet.dll 2012-08-27 19:12 . 2003-08-13 19:18 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-08-27 19:12 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll 2012-08-27 19:12 . 2003-08-13 19:16 17408 ----a-w- c:\windows\system32\corpol.dll 2012-08-24 13:53 . 2003-08-13 19:34 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2003-08-13 19:24 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-28 00:49 . 2012-10-28 00:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ltcmScheduler"="c:\program files\LTCM Client\ltcmScheduler.exe" [2009-08-05 105664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784] "F-Secure TNB"="c:\program files\CenturyLink Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "F-Secure Manager"="c:\program files\CenturyLink Online Security\Common\FSM32.EXE" [2009-08-05 199264] "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"= . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/21/2010 5:00 PM 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [4/21/2010 4:59 PM 82120] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\CenturyLink Online Security\HIPS\drivers\fshs.sys [4/21/2010 4:59 PM 68064] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [8/1/2012 6:21 PM 156160] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/1/2012 6:21 PM 125440] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 12:01 PM 521600] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [4/21/2010 4:58 PM 144440] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\CenturyLink Online Security\ORSP Client\fsorsp.exe [4/21/2010 4:59 PM 61088] . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 21:18] . 2012-11-18 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\CENTUR~1\ANTI-V~1\fsav.exe [2010-04-21 15:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxfire.com/ LSP: c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-11-16 15:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: !HIDDEN! 2011-08-02 21:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-18 04:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1275210071-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(660) c:\program files\centurylink online security\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(716) c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL c:\program files\centurylink online security\hips\fshook32.dll . - - - - - - - > 'explorer.exe'(2052) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL c:\program files\centurylink online security\scanner-interface\fsgkiapi.dll . Completion time: 2012-11-18 04:49:16 ComboFix-quarantined-files.txt 2012-11-18 09:49 . Pre-Run: 27,550,531,584 bytes free Post-Run: 27,682,598,912 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=signature(3af64aec)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug signature(3af64aec)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 2E0DECB58BC4E6F1ED8CD1A84200A015

Gringo, Seems to be running less choppie and more smooth. Whichie # AdwCleaner v2.008 - Logfile created 11/17/2012 at 20:17:07 # Updated 17/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Susan - 21ST-J9NP6C9EM2 # Boot Mode : Normal # Running from : C:\Documents and Settings\Susan\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.5730.13 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272 --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\prefs.js C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "Funmoods"); Deleted : user_pref("extensions.funmoods.aflt", "test312"); Deleted : user_pref("extensions.funmoods.autoRvrt", false); Deleted : user_pref("extensions.funmoods.dfltLng", ""); Deleted : user_pref("extensions.funmoods.dfltSrch", true); Deleted : user_pref("extensions.funmoods.dnsErr", true); Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Deleted : user_pref("extensions.funmoods.excTlbr", false); Deleted : user_pref("extensions.funmoods.hmpg", true); Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2[...] Deleted : user_pref("extensions.funmoods.id", "000CF17B287F518D"); Deleted : user_pref("extensions.funmoods.instlDay", "15617"); Deleted : user_pref("extensions.funmoods.instlRef", "test312"); Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd[...] Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=test312&chnl=test312&[...] Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Deleted : user_pref("extensions.funmoods_i.newTab", true); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2211:40:13"); -\\ Opera v [unable to get version] File : C:\Documents and Settings\Susan\Application Data\Opera\Opera\operaprefs.ini Deleted : Home URL=hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtB[...] ************************* AdwCleaner[s1].txt - [3598 octets] - [17/11/2012 20:17:07] ########## EOF - C:\AdwCleaner[s1].txt - [3658 octets] ########## RogueKiller V8.3.0 [Nov 17 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Susan [Admin rights] Mode : Scan -- Date : 11/17/2012 20:32:42 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : WorkForce 435(Network) (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE /FU "C:\DOCUME~1\Susan\LOCALS~1\Temp\E_S6D.tmp" /EF "HKCU") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1275210071-2000478354-839522115-1003[...]\Run : WorkForce 435(Network) (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE /FU "C:\DOCUME~1\Susan\LOCALS~1\Temp\E_S6D.tmp" /EF "HKCU") -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[47] : unknown @ 0x805B6D9D -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7959CD6) SSDT[48] : unknown @ 0x8058B9F4 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7959CF0) SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958E8C) SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF79591BC) SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958BCC) SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF79595EE) SSDT[192] : NtRenameKey @ 0x8065687A -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF795A88C) SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF795943E) SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958A4C) SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958EC0) SSDT[255] : NtSystemDebugControl @ 0x80651AA1 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7959042) SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF79589A6) SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958B06) SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958F86) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF795B646) ¤¤¤ Extern Hives: ¤¤¤ -> F:\windows\system32\config\SOFTWARE -> F:\Documents and Settings\Administrator\NTUSER.DAT -> F:\Documents and Settings\Administrator.STACE-222XA5GDP\NTUSER.DAT -> F:\Documents and Settings\All Users\NTUSER.DAT -> F:\Documents and Settings\Default User\NTUSER.DAT -> F:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT -> F:\Documents and Settings\LocalService\NTUSER.DAT -> F:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT -> F:\Documents and Settings\NetworkService\NTUSER.DAT -> F:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD400BB-75DEA0 +++++ --- User --- [MBR] cd705452dd29726df03054cfd020b84c [bSP] c1b457bfce65e7418b875c2c6c3b54b2 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Maxtor 6E040L0 +++++ --- User --- [MBR] c1edd2475ed81019ad65a8f14f340b6f [bSP] 445c17814d44edc98d5f1d178f570926 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 39166 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11172012_02d2032.txt >> RKreport[1]_S_11172012_02d2032.txt

DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 10.9.2 Run by Susan at 18:10:04 on 2012-11-17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.404 [GMT -5:00] . AV: CenturyLink™ Online Security 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: CenturyLink™ Online Security 9.01 *Enabled* . ============== Running Processes ================ . C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe C:\WINDOWS\System32\alg.exe C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LTCM Client\ltcmScheduler.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.foxfire.com/ BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WorkForce 435(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihra.exe /fu "c:\docume~1\susan\locals~1\temp\E_S6D.tmp" /EF "HKCU" uRun: [ltcmScheduler] c:\program files\ltcm client\ltcmScheduler.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [F-Secure TNB] "c:\program files\centurylink online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW mRun: [F-Secure Manager] "c:\program files\centurylink online security\common\FSM32.EXE" /splash mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe" mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe" mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\centurylink online security\fsps\program\FSLSP.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271891029375 DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB TCP: NameServer = 192.168.1.1 TCP: Interfaces\{8661A947-A670-44D5-9114-4E265963FE0C} : DHCPNameServer = 192.168.1.1 Notify: igfxcui - igfxsrvc.dll LSA: Authentication Packages = msv1_0 nwprovau . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\susan\application data\mozilla\firefox\profiles\op583epk.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - about:home FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\6litmus-ff.dll FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\7litmus-ff.dll FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\8litmus-ff.dll FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\9litmus-ff.dll FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - ExtSQL: 2012-11-16 15:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\susan\application data\mozilla\firefox\profiles\op583epk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: !HIDDEN! 2011-08-02 21:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272&q= FF - user.js: extensions.funmoods.id - 000CF17B287F518D FF - user.js: extensions.funmoods.instlDay - 15617 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:40:13 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - test312 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - test312 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . ============= SERVICES / DRIVERS =============== . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-4-21 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-4-21 82120] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\centurylink online security\hips\drivers\fshs.sys [2010-4-21 68064] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-8-1 156160] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-8-1 125440] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\centurylink online security\anti-virus\fsgk32st.exe [2010-4-21 215648] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\centurylink online security\anti-virus\minifilter\fsgk.sys [2010-4-21 144440] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\centurylink online security\orsp client\fsorsp.exe [2010-4-21 61088] . =============== Created Last 30 ================ . 2012-11-09 21:18:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-09 21:18:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 03:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-13 17:41:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-13 17:41:19 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll 2012-08-27 19:12:36 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-08-27 19:12:35 78336 ------w- c:\windows\system32\ieencode.dll 2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 18:11:21.93 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/17/2010 7:24:30 AM System Uptime: 11/17/2012 1:50:55 PM (5 hours ago) . Motherboard: Dell Computer Corp. | | 0N2828 Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2593/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 37 GiB total, 25.606 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 38 GiB total, 24.142 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP407: 8/20/2012 2:48:13 PM - System Checkpoint RP408: 8/21/2012 7:39:45 PM - System Checkpoint RP409: 8/23/2012 10:46:06 AM - System Checkpoint RP410: 8/26/2012 2:46:09 PM - System Checkpoint RP411: 8/29/2012 3:10:31 PM - System Checkpoint RP412: 8/30/2012 10:21:03 PM - System Checkpoint RP413: 9/1/2012 12:43:22 PM - System Checkpoint RP414: 9/2/2012 3:33:00 PM - System Checkpoint RP415: 9/3/2012 4:50:48 PM - System Checkpoint RP416: 9/4/2012 7:47:13 PM - System Checkpoint RP417: 9/6/2012 1:03:57 PM - System Checkpoint RP418: 9/7/2012 2:18:01 PM - System Checkpoint RP419: 9/9/2012 2:50:58 PM - System Checkpoint RP420: 9/11/2012 8:04:36 PM - System Checkpoint RP421: 9/12/2012 1:24:53 PM - Software Distribution Service 3.0 RP422: 9/13/2012 1:41:06 PM - Installed Java 7 Update 7 RP423: 9/14/2012 3:48:44 PM - System Checkpoint RP424: 9/16/2012 5:22:24 AM - System Checkpoint RP425: 9/17/2012 1:10:18 PM - System Checkpoint RP426: 9/18/2012 6:49:06 PM - System Checkpoint RP427: 9/21/2012 6:14:26 PM - System Checkpoint RP428: 9/21/2012 7:01:58 PM - Software Distribution Service 3.0 RP429: 9/23/2012 2:13:20 PM - System Checkpoint RP430: 9/24/2012 2:31:12 PM - System Checkpoint RP431: 9/25/2012 4:39:59 PM - System Checkpoint RP432: 9/26/2012 7:33:39 PM - System Checkpoint RP433: 9/27/2012 10:35:31 PM - System Checkpoint RP434: 9/29/2012 11:19:52 AM - System Checkpoint RP435: 9/30/2012 4:59:23 PM - System Checkpoint RP436: 10/3/2012 10:21:23 AM - System Checkpoint RP437: 10/3/2012 1:47:03 PM - Installed %1 %2. RP438: 10/4/2012 2:03:20 PM - System Checkpoint RP439: 10/6/2012 8:22:44 AM - System Checkpoint RP440: 10/6/2012 5:40:37 PM - Installed Windows XP KB971314. RP441: 10/7/2012 6:43:08 PM - System Checkpoint RP442: 10/9/2012 3:42:32 PM - System Checkpoint RP443: 10/10/2012 8:46:09 AM - Software Distribution Service 3.0 RP444: 10/12/2012 6:29:30 PM - System Checkpoint RP445: 10/13/2012 8:57:31 PM - System Checkpoint RP446: 10/16/2012 6:25:41 PM - Installed Java 7 Update 9 RP447: 10/18/2012 6:50:22 PM - System Checkpoint RP448: 10/20/2012 11:41:28 AM - System Checkpoint RP449: 10/21/2012 1:54:48 PM - System Checkpoint RP450: 10/22/2012 5:09:04 PM - System Checkpoint RP451: 10/23/2012 6:46:49 PM - System Checkpoint RP452: 10/25/2012 1:23:12 AM - System Checkpoint RP453: 10/26/2012 2:11:36 PM - System Checkpoint RP454: 10/27/2012 8:53:06 PM - System Checkpoint RP455: 11/1/2012 6:15:23 PM - System Checkpoint RP456: 11/4/2012 1:04:59 PM - System Checkpoint RP457: 11/5/2012 1:09:08 PM - System Checkpoint RP458: 11/6/2012 5:37:14 PM - System Checkpoint RP459: 11/7/2012 10:59:52 PM - System Checkpoint RP460: 11/9/2012 8:09:48 PM - System Checkpoint RP461: 11/10/2012 9:05:02 PM - System Checkpoint RP462: 11/12/2012 9:47:55 AM - System Checkpoint RP463: 11/13/2012 6:15:01 PM - System Checkpoint RP464: 11/14/2012 9:38:14 PM - System Checkpoint RP465: 11/16/2012 7:44:22 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . ABBYY FineReader 9.0 Sprint Adobe Flash Player 11 Plugin BCM V.92 56K Modem CenturyLink™ Online Security Dell ResourceCD Epson Connect Epson Customer Participation Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 435 Series Printer Uninstall EpsonNet Print F-Secure PSC Prerequisites GemMaster Mystic Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB971314) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Hoyle Card Games 2004 Intel® Extreme Graphics 2 Driver Intel® PRO Network Connections Drivers Java 7 Update 9 Java Auto Updater LTCM Client Malwarebytes Anti-Malware version 1.65.1.1000 Managed DirectX (0901) Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Silverlight Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service Pool Rebel for Windows Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 7 (KB2744842) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SoundMAX swMSM Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB980182) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows PowerShell 1.0 Windows XP Service Pack 3 WordPerfect Office 11 . ==== Event Viewer Messages From Past Week ======== . 11/11/2012 5:11:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000CF17B287F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 11/11/2012 3:46:10 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00:19:21:CA:97:4A. Network operations on this system may be disrupted as a result. 11/10/2012 5:49:43 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/10/2012 11:17:47 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s). 11/10/2012 11:14:47 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File =========================== Results of screen317's Security Check version 0.99.54 Windows 2000 Service Pack 3 x86 Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Please wait while WMIC compiles updated MOF files. WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.5.502.110 Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` CenturyLink Online Security Anti-Virus fsgk32st.exe CenturyLink Online Security Anti-Virus FSGK32.EXE CenturyLink Online Security Anti-Virus fssm32.exe CenturyLink Online Security Anti-Virus fsav32.exe CenturyLink Online Security Common FSMA32.EXE CenturyLink Online Security Common FSHDLL32.EXE CenturyLink Online Security FWES Program fsdfwd.exe CenturyLink Online Security Common FSM32.EXE `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 6% ````````````````````End of Log``````````````````````

Gringo help please. You helped me with Vista. So far so good thank you but while doing that I used the XP Desk Top and I might be still infected here. Let me know if you can help. Thanks Whichie