Whichie
-
Posts
35 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Whichie
-
-
please close this
whichie
-
Hi There!
I still have an open topic problem for my XP and no one has help yet, but this PC vista has also been affected. I need one working to fix the other one. This one is running but at times takes up to five min or more to load. Thank you ahead of time if you take a look.
Here are the initial reports:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.15.2
Run by holy at 18:14:20 on 2013-03-13
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.447.70 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Windows\system32\PSIService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F62C4470-9CA5-4842-A9E8-DDB9838C16BC} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2007-10-29 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2007-10-29 27776]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
.
=============== Created Last 30 ================
.
2013-03-13 21:55:30 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f29e2719-578b-437f-8119-45e47f18d785}\mpengine.dll
2013-03-12 21:15:53 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2013-03-12 21:15:42 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8261ea7c-b507-4d48-adc7-7cfa6e8cfe27}\gapaengine.dll
2013-03-12 21:09:33 6954968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-03-04 18:33:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-16 23:04:09 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-02-16 15:56:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-16 15:56:35 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-16 15:56:34 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-16 15:56:26 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-16 15:55:57 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-16 15:55:56 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
==================== Find3M ====================
.
2013-03-12 23:56:56 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 23:56:55 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-04 18:33:04 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-04 18:33:03 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:17:19.09 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 12/26/2006 4:51:59 PM
System Uptime: 3/13/2013 10:56:42 AM (8 hours ago)
.
Motherboard: ECS | | Alhena5
Processor: Intel® Celeron® D CPU 3.33GHz | CPU 1 | 3325/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 106 GiB total, 54.446 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.589 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 49 GiB total, 21.203 GiB free.
G: is FIXED (NTFS) - 6 GiB total, 0.573 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP1786: 3/9/2013 7:27:57 PM - Scheduled Checkpoint
RP1787: 3/10/2013 5:31:47 PM - Scheduled Checkpoint
RP1789: 3/10/2013 5:47:38 PM - Revo Uninstaller's restore point - TightVNC 1.3.10
RP1790: 3/11/2013 1:22:10 PM - Scheduled Checkpoint
RP1791: 3/12/2013 8:08:46 PM - Windows Update
RP1792: 3/13/2013 11:15:19 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Apple Application Support
Apple Software Update
CCleaner
Compaq Connections (remove only)
D3DX10
DVD Play
Epson Customer Participation
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 435 Series Printer Uninstall
EpsonNet Print
Ethereal 0.10.12
Foxit Reader
getPlus® for Adobe
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Product Detection
HP Total Care Advisor
HP Update
innotek VirtualBox
Java 7 Update 15
Java Auto Updater
Junk Mail filter update
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.4 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nvu 1.0
OGA Notifier 2.0.0048.0
PuTTY version 0.60
Python 2.4.3
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Soft Data Fax Modem with SmartCP
swMSM
Try Corel Snapfire muvee autoProducer add on
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.0
.
==== End Of File ===========================
-
Hiya,
XP media center slowed down, then got several error msg. Microsoft explorer shuts down if I try to open anything on the hard drive, but I think the internet is still working. Here is a list of what I know.
error xxx stop : 0x00000077 and same with F4 instead of 77.
Didn't write down the rest of the error codes but they were similar.
Received a DrWatson Postmorten Debugger.
Went into msconfig and start tab and unchecked from start up itcm\Scheduler, itcm\Client and jusched.
Ran windows essentials and malware bytes no detection of malware.
Also the name of "my pc or computer" on desk top has changed to look like a strange bar code with strange symbols. Not able to reconize a name. The name of the recycle bin changed to something entirely different. I lost several documents off desk top. Can't look for them in search or open control panel cause the windows explorer stuts it down. Help please.
Whichie
Does anyone think this matter may call for a reinstall of OS? Appreciate your thoughts.
Whichie
-
Gringo,
I believe I have the same problem as Jimcat. Miniclip site, same date, so should I do as you have instructed Jimcat or start a new topic? I've had your help before. I found itcm\sheduler, itcm\Client, and Jusched.exe in start up and disabled them. But get the microsoft explorer has an unexpected error and needs to shut down. Can't do anything except be on internet. Thanks ahead of time.
Whichie
-
Dear Gringo,
Working on this last part for desk top XP. I see that I never did download Revo. I tried to do it now but not able maybe try later not sure, the page says thank you for downloading free version but it's not been downloaded I've checked and checked. I still have programs on pc like hiJack this and Security Check. Should I wait until I can download Revo cause I'd like to keep it for one, and maybe I need it to uninstall these other programs. Sure is running like a new pc.
Whichie
-
Dear Gringo,
Desk top Xp is doing much better. However when I opened email my AV popped up with a notice of a virus and removed it. ? coming from email apparently do I need to track down where this is coming or who this is coming from not sure.
here are reports, ESET found problems. Also I left out the step of clicking on Advance etc. I didn't see that option.
Whichie
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:48 PM, on 11/26/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Susan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxfire.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1271891029375
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell....lSystemLite.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 7067 bytes
C:\Documents and Settings\Susan\My Documents\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.AY application
C:\System Volume Information\_restore{711D1841-40D6-4A14-9202-94D28AE8BE5C}\RP444\A0042055.exe a variant of Win32/Toolbar.Funmoods application
F:\Program Files\eFax Messenger Plus\Faxwiz.exe probably a variant of Win32/Agent.MZYNNXP trojan
F:\Program Files\eFax Messenger Plus\setup.exe probably a variant of Win32/Agent.MZYNNXP trojan
-
Dear Gringo,
Reports from Whichie
XP desk top is running fast now!Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.24.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Susan :: 21ST-J9NP6C9EM2 [administrator]
11/24/2012 4:30:35 PM
mbam-log-2012-11-24 (16-30-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209188
Time elapsed: 8 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:53 PM, on 11/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Susan\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxfire.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271891029375
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 7153 bytes
-
Gringo,
Things are working much faster eureka type moments. Whats next ?
Whichie
-
Gringo,
I used the prompt to reset the DMA and it did a report looking thing that looked like it reset or dos like that had information about the hdd master and slave. But if not I can do it the other way your showed. Let me no if you think this was wrong.
I did a combofix and do not believe I dropped the java cashe in correctly the first time. So I did it again. Desk Top is much quicker. thanks
can you say what has been wrong i.e. virus trojan malware just interested.
Whichie
ComboFix 12-11-20.02 - Susan 11/20/2012 23:18:43.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.450 [GMT -5:00]
Running from: c:\documents and settings\Susan\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Susan\Desktop\CFScript.txt
AV: CenturyLink™ Online Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
.
.
2012-11-09 21:18 . 2012-11-09 21:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 21:18 . 2012-11-09 21:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2003-08-13 19:34 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2003-08-13 19:30 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 23:54 . 2012-06-20 23:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 03:16 . 2012-10-16 22:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 17:41 . 2012-09-13 17:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 17:41 . 2012-09-13 17:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 19:12 . 2006-06-23 15:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2003-08-13 19:18 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2003-08-13 19:16 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2003-08-13 19:34 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-10-28 00:49 . 2012-10-28 00:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ltcmScheduler"="c:\program files\LTCM Client\ltcmScheduler.exe" [2009-08-05 105664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"F-Secure TNB"="c:\program files\CenturyLink Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"F-Secure Manager"="c:\program files\CenturyLink Online Security\Common\FSM32.EXE" [2009-08-05 199264]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/21/2010 5:00 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [4/21/2010 4:59 PM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\CenturyLink Online Security\HIPS\drivers\fshs.sys [4/21/2010 4:59 PM 68064]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [8/1/2012 6:21 PM 156160]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/1/2012 6:21 PM 125440]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 12:01 PM 521600]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [4/21/2010 4:58 PM 144440]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\CenturyLink Online Security\ORSP Client\fsorsp.exe [4/21/2010 4:59 PM 61088]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 66909248
*NewlyCreated* - ASWMBR
*Deregistered* - 66909248
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 21:18]
.
2012-11-20 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CENTUR~1\ANTI-V~1\fsav.exe [2010-04-21 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxfire.com/
LSP: c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-11-16 15:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2011-08-02 21:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-20 23:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\centurylink online security\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(716)
c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
c:\program files\centurylink online security\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(2512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
c:\program files\centurylink online security\scanner-interface\fsgkiapi.dll
.
Completion time: 2012-11-20 23:26:53
ComboFix-quarantined-files.txt 2012-11-21 04:26
ComboFix2.txt 2012-11-21 03:55
ComboFix3.txt 2012-11-18 09:49
.
Pre-Run: 27,659,046,912 bytes free
Post-Run: 27,651,624,960 bytes free
.
- - End Of File - - 6DD514B8174112F8D60CFD166F518711
reset the DMA
-
Gringo,
Whichie
18:43:23.0718 3568 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:43:25.0718 3568 ============================================================
18:43:25.0718 3568 Current date / time: 2012/11/20 18:43:25.0718
18:43:25.0718 3568 SystemInfo:
18:43:25.0718 3568
18:43:25.0718 3568 OS Version: 5.1.2600 ServicePack: 3.0
18:43:25.0718 3568 Product type: Workstation
18:43:25.0718 3568 ComputerName: 21ST-J9NP6C9EM2
18:43:25.0718 3568 UserName: Susan
18:43:25.0718 3568 Windows directory: C:\WINDOWS
18:43:25.0718 3568 System windows directory: C:\WINDOWS
18:43:25.0718 3568 Processor architecture: Intel x86
18:43:25.0718 3568 Number of processors: 1
18:43:25.0718 3568 Page size: 0x1000
18:43:25.0718 3568 Boot type: Normal boot
18:43:25.0718 3568 ============================================================
18:43:40.0375 3568 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:43:40.0421 3568 Drive \Device\Harddisk1\DR1 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:43:40.0500 3568 ============================================================
18:43:40.0500 3568 \Device\Harddisk0\DR0:
18:43:40.0546 3568 MBR partitions:
18:43:40.0546 3568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
18:43:40.0546 3568 \Device\Harddisk1\DR1:
18:43:40.0546 3568 MBR partitions:
18:43:40.0546 3568 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4C7F241
18:43:40.0546 3568 ============================================================
18:43:40.0656 3568 C: <-> \Device\Harddisk0\DR0\Partition1
18:43:40.0828 3568 F: <-> \Device\Harddisk1\DR1\Partition1
18:43:40.0906 3568 ============================================================
18:43:40.0906 3568 Initialize success
18:43:40.0906 3568 ============================================================
18:44:19.0031 3000 ============================================================
18:44:19.0031 3000 Scan started
18:44:19.0031 3000 Mode: Manual;
18:44:19.0031 3000 ============================================================
18:44:20.0640 3000 ================ Scan system memory ========================
18:44:29.0156 3000 System memory - ok
18:44:29.0156 3000 ================ Scan services =============================
18:44:29.0375 3000 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
18:44:29.0406 3000 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
18:44:30.0125 3000 Abiosdsk - ok
18:44:30.0140 3000 abp480n5 - ok
18:44:30.0187 3000 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:44:30.0218 3000 ACPI - ok
18:44:30.0265 3000 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:44:30.0265 3000 ACPIEC - ok
18:44:30.0375 3000 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:44:30.0500 3000 AdobeFlashPlayerUpdateSvc - ok
18:44:30.0500 3000 adpu160m - ok
18:44:30.0546 3000 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:44:30.0562 3000 aec - ok
18:44:30.0625 3000 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:44:30.0703 3000 AFD - ok
18:44:30.0718 3000 Aha154x - ok
18:44:30.0734 3000 aic78u2 - ok
18:44:30.0734 3000 aic78xx - ok
18:44:30.0859 3000 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:44:30.0921 3000 Alerter - ok
18:44:30.0984 3000 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:44:30.0984 3000 ALG - ok
18:44:31.0000 3000 AliIde - ok
18:44:31.0015 3000 amsint - ok
18:44:31.0125 3000 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:44:31.0234 3000 AppMgmt - ok
18:44:31.0234 3000 asc - ok
18:44:31.0250 3000 asc3350p - ok
18:44:31.0265 3000 asc3550 - ok
18:44:31.0453 3000 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:44:31.0609 3000 aspnet_state - ok
18:44:31.0640 3000 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:44:31.0687 3000 AsyncMac - ok
18:44:31.0703 3000 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:44:31.0703 3000 atapi - ok
18:44:31.0718 3000 Atdisk - ok
18:44:31.0781 3000 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:44:31.0796 3000 Atmarpc - ok
18:44:31.0875 3000 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:44:31.0890 3000 AudioSrv - ok
18:44:31.0937 3000 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:44:31.0953 3000 audstub - ok
18:44:32.0109 3000 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
18:44:32.0453 3000 BCMModem - ok
18:44:32.0531 3000 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:44:32.0546 3000 Beep - ok
18:44:32.0625 3000 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:44:32.0656 3000 BITS - ok
18:44:32.0718 3000 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:44:32.0718 3000 Browser - ok
18:44:32.0765 3000 [ C915A416F265149471D74E0815C928B2 ] bvrp_pci C:\WINDOWS\System32\drivers\bvrp_pci.sys
18:44:32.0812 3000 bvrp_pci - ok
18:44:33.0000 3000 catchme - ok
18:44:33.0093 3000 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:44:33.0109 3000 cbidf2k - ok
18:44:33.0125 3000 cd20xrnt - ok
18:44:33.0203 3000 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:44:33.0203 3000 Cdaudio - ok
18:44:33.0265 3000 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:44:33.0281 3000 Cdfs - ok
18:44:33.0296 3000 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:44:33.0328 3000 Cdrom - ok
18:44:33.0343 3000 Changer - ok
18:44:33.0390 3000 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:44:33.0390 3000 CiSvc - ok
18:44:33.0421 3000 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:44:33.0421 3000 ClipSrv - ok
18:44:33.0468 3000 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:33.0671 3000 clr_optimization_v2.0.50727_32 - ok
18:44:33.0671 3000 CmdIde - ok
18:44:33.0687 3000 COMSysApp - ok
18:44:33.0703 3000 Cpqarray - ok
18:44:33.0781 3000 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:44:33.0781 3000 CryptSvc - ok
18:44:33.0781 3000 dac2w2k - ok
18:44:33.0796 3000 dac960nt - ok
18:44:34.0062 3000 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:44:34.0062 3000 DcomLaunch - ok
18:44:34.0125 3000 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:44:34.0125 3000 Dhcp - ok
18:44:34.0187 3000 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:44:34.0187 3000 Disk - ok
18:44:34.0203 3000 dmadmin - ok
18:44:34.0343 3000 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:44:34.0390 3000 dmboot - ok
18:44:34.0453 3000 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:44:34.0453 3000 dmio - ok
18:44:34.0531 3000 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:44:34.0531 3000 dmload - ok
18:44:34.0593 3000 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:44:34.0593 3000 dmserver - ok
18:44:34.0656 3000 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:44:34.0656 3000 DMusic - ok
18:44:34.0718 3000 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:44:34.0718 3000 Dnscache - ok
18:44:34.0781 3000 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:44:34.0781 3000 Dot3svc - ok
18:44:34.0796 3000 dpti2o - ok
18:44:34.0890 3000 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:44:34.0890 3000 drmkaud - ok
18:44:34.0953 3000 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:44:35.0046 3000 E100B - ok
18:44:35.0109 3000 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:44:35.0109 3000 EapHost - ok
18:44:35.0328 3000 [ F6D494D609D52A0E9596756C5540A978 ] ehSched C:\WINDOWS\ehome\ehSched.exe
18:44:35.0343 3000 ehSched - ok
18:44:35.0437 3000 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
18:44:35.0453 3000 EpsonBidirectionalService - ok
18:44:35.0531 3000 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
18:44:35.0531 3000 EpsonCustomerParticipation - ok
18:44:35.0609 3000 [ 0786BF6298B4927FCFBB0B34614AEC79 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
18:44:35.0609 3000 EPSON_EB_RPCV4_04 - ok
18:44:35.0625 3000 [ 41655972D8829F0974812FFE342031B5 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
18:44:35.0625 3000 EPSON_PM_RPCV4_04 - ok
18:44:35.0656 3000 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:44:35.0656 3000 ERSvc - ok
18:44:35.0703 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:44:35.0703 3000 Eventlog - ok
18:44:35.0781 3000 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
18:44:35.0781 3000 EventSystem - ok
18:44:35.0890 3000 [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
18:44:35.0890 3000 F-Secure Gatekeeper - ok
18:44:35.0953 3000 [ A9BE66E05254B20DF82E0F7CDDECA7DD ] F-Secure Gatekeeper Handler Starter C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
18:44:35.0953 3000 F-Secure Gatekeeper Handler Starter - ok
18:44:36.0031 3000 [ F5ACA65237C7511D5803CDC5E7003D75 ] F-Secure HIPS C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
18:44:36.0031 3000 F-Secure HIPS - ok
18:44:36.0093 3000 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:44:36.0109 3000 Fastfat - ok
18:44:36.0171 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:44:36.0187 3000 FastUserSwitchingCompatibility - ok
18:44:36.0203 3000 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:44:36.0203 3000 Fdc - ok
18:44:36.0218 3000 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:44:36.0218 3000 Fips - ok
18:44:36.0234 3000 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:44:36.0234 3000 Flpydisk - ok
18:44:36.0296 3000 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:44:36.0312 3000 FltMgr - ok
18:44:36.0406 3000 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:44:36.0406 3000 FontCache3.0.0.0 - ok
18:44:36.0453 3000 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
18:44:36.0468 3000 fsbts - ok
18:44:36.0593 3000 [ 8E0BF7478CC3BAED48282ADBC97ADAFB ] FSDFWD C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
18:44:36.0593 3000 FSDFWD - ok
18:44:36.0656 3000 [ ACA3910A53A057B8C3A6EBF4EF788C7C ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
18:44:36.0671 3000 FSFW - ok
18:44:36.0734 3000 [ 392E85687A902239C01BADDF212B1A36 ] FSMA C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
18:44:36.0734 3000 FSMA - ok
18:44:36.0875 3000 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
18:44:36.0875 3000 FSORSPClient - ok
18:44:36.0890 3000 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:44:36.0890 3000 Fs_Rec - ok
18:44:36.0921 3000 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:44:36.0921 3000 Ftdisk - ok
18:44:36.0984 3000 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:44:36.0984 3000 Gpc - ok
18:44:37.0125 3000 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:44:37.0125 3000 helpsvc - ok
18:44:37.0140 3000 HidServ - ok
18:44:37.0203 3000 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:44:37.0218 3000 HidUsb - ok
18:44:37.0265 3000 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:44:37.0281 3000 hkmsvc - ok
18:44:37.0281 3000 hpn - ok
18:44:37.0359 3000 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:44:37.0359 3000 HTTP - ok
18:44:37.0421 3000 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:44:37.0421 3000 HTTPFilter - ok
18:44:37.0437 3000 i2omgmt - ok
18:44:37.0453 3000 i2omp - ok
18:44:37.0468 3000 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:44:37.0468 3000 i8042prt - ok
18:44:37.0562 3000 [ DA58A8BE6A445835F603720C4BC8837E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:44:37.0625 3000 ialm - ok
18:44:37.0734 3000 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:44:37.0812 3000 idsvc - ok
18:44:37.0859 3000 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:44:37.0859 3000 Imapi - ok
18:44:37.0921 3000 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:44:37.0937 3000 ImapiService - ok
18:44:37.0953 3000 ini910u - ok
18:44:37.0968 3000 IntelIde - ok
18:44:38.0015 3000 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:44:38.0015 3000 intelppm - ok
18:44:38.0062 3000 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:44:38.0062 3000 ip6fw - ok
18:44:38.0093 3000 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:44:38.0093 3000 IpFilterDriver - ok
18:44:38.0109 3000 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:44:38.0109 3000 IpInIp - ok
18:44:38.0156 3000 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:44:38.0171 3000 IpNat - ok
18:44:38.0187 3000 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:44:38.0203 3000 IPSec - ok
18:44:38.0250 3000 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:44:38.0250 3000 IRENUM - ok
18:44:38.0296 3000 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:44:38.0296 3000 isapnp - ok
18:44:38.0468 3000 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:44:38.0468 3000 JavaQuickStarterService - ok
18:44:38.0500 3000 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:44:38.0500 3000 Kbdclass - ok
18:44:38.0531 3000 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:44:38.0531 3000 kmixer - ok
18:44:38.0593 3000 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:44:38.0609 3000 KSecDD - ok
18:44:38.0671 3000 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:44:38.0671 3000 lanmanserver - ok
18:44:38.0734 3000 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:44:38.0734 3000 lanmanworkstation - ok
18:44:38.0750 3000 lbrtfdc - ok
18:44:38.0812 3000 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:44:38.0812 3000 LmHosts - ok
18:44:38.0859 3000 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:44:38.0859 3000 Messenger - ok
18:44:38.0906 3000 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:44:38.0906 3000 mnmdd - ok
18:44:38.0953 3000 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:44:38.0968 3000 mnmsrvc - ok
18:44:39.0015 3000 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:44:39.0015 3000 Modem - ok
18:44:39.0062 3000 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:44:39.0078 3000 MODEMCSA - ok
18:44:39.0125 3000 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:44:39.0140 3000 Mouclass - ok
18:44:39.0203 3000 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:44:39.0218 3000 mouhid - ok
18:44:39.0234 3000 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:44:39.0234 3000 MountMgr - ok
18:44:39.0296 3000 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:44:39.0359 3000 MozillaMaintenance - ok
18:44:39.0375 3000 mraid35x - ok
18:44:39.0390 3000 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:44:39.0390 3000 MRxDAV - ok
18:44:39.0468 3000 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:44:39.0500 3000 MRxSmb - ok
18:44:39.0546 3000 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:44:39.0546 3000 MSDTC - ok
18:44:39.0578 3000 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:44:39.0578 3000 Msfs - ok
18:44:39.0593 3000 MSIServer - ok
18:44:39.0656 3000 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:44:39.0656 3000 MSKSSRV - ok
18:44:39.0671 3000 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:44:39.0671 3000 MSPCLOCK - ok
18:44:39.0687 3000 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:44:39.0687 3000 MSPQM - ok
18:44:39.0734 3000 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:44:39.0734 3000 mssmbios - ok
18:44:39.0781 3000 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:44:39.0781 3000 Mup - ok
18:44:39.0859 3000 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:44:39.0890 3000 napagent - ok
18:44:39.0953 3000 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:44:39.0953 3000 NDIS - ok
18:44:40.0031 3000 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:44:40.0031 3000 NdisTapi - ok
18:44:40.0046 3000 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:44:40.0046 3000 Ndisuio - ok
18:44:40.0062 3000 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:44:40.0078 3000 NdisWan - ok
18:44:40.0140 3000 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:44:40.0140 3000 NDProxy - ok
18:44:40.0156 3000 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:44:40.0156 3000 NetBIOS - ok
18:44:40.0187 3000 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:44:40.0203 3000 NetBT - ok
18:44:40.0265 3000 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:44:40.0265 3000 NetDDE - ok
18:44:40.0281 3000 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:44:40.0281 3000 NetDDEdsdm - ok
18:44:40.0328 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:44:40.0343 3000 Netlogon - ok
18:44:40.0359 3000 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:44:40.0359 3000 Netman - ok
18:44:40.0421 3000 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:44:40.0437 3000 NetTcpPortSharing - ok
18:44:40.0484 3000 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:44:40.0484 3000 Nla - ok
18:44:40.0546 3000 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:44:40.0578 3000 Npfs - ok
18:44:40.0640 3000 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:44:40.0671 3000 Ntfs - ok
18:44:40.0687 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:44:40.0687 3000 NtLmSsp - ok
18:44:40.0765 3000 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:44:40.0796 3000 NtmsSvc - ok
18:44:40.0859 3000 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:44:40.0859 3000 Null - ok
18:44:40.0921 3000 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
18:44:40.0921 3000 NWCWorkstation - ok
18:44:40.0968 3000 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:44:40.0968 3000 NwlnkFlt - ok
18:44:40.0984 3000 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:44:40.0984 3000 NwlnkFwd - ok
18:44:41.0031 3000 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
18:44:41.0031 3000 NwlnkIpx - ok
18:44:41.0062 3000 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
18:44:41.0062 3000 NwlnkNb - ok
18:44:41.0078 3000 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
18:44:41.0078 3000 NwlnkSpx - ok
18:44:41.0109 3000 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
18:44:41.0125 3000 NWRDR - ok
18:44:41.0187 3000 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:44:41.0218 3000 OMCI - ok
18:44:41.0296 3000 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:44:41.0296 3000 Parport - ok
18:44:41.0312 3000 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:44:41.0312 3000 PartMgr - ok
18:44:41.0375 3000 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:44:41.0375 3000 ParVdm - ok
18:44:41.0390 3000 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:44:41.0390 3000 PCI - ok
18:44:41.0406 3000 PCIDump - ok
18:44:41.0468 3000 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:44:41.0468 3000 PCIIde - ok
18:44:41.0515 3000 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:44:41.0515 3000 Pcmcia - ok
18:44:41.0531 3000 PDCOMP - ok
18:44:41.0546 3000 PDFRAME - ok
18:44:41.0562 3000 PDRELI - ok
18:44:41.0562 3000 PDRFRAME - ok
18:44:41.0578 3000 perc2 - ok
18:44:41.0593 3000 perc2hib - ok
18:44:41.0656 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:44:41.0656 3000 PlugPlay - ok
18:44:41.0671 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:44:41.0671 3000 PolicyAgent - ok
18:44:41.0703 3000 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:44:41.0703 3000 PptpMiniport - ok
18:44:41.0765 3000 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:44:41.0765 3000 Processor - ok
18:44:41.0781 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:44:41.0781 3000 ProtectedStorage - ok
18:44:41.0796 3000 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:44:41.0796 3000 PSched - ok
18:44:41.0859 3000 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:44:41.0859 3000 Ptilink - ok
18:44:41.0875 3000 ql1080 - ok
18:44:41.0875 3000 Ql10wnt - ok
18:44:41.0890 3000 ql12160 - ok
18:44:41.0906 3000 ql1240 - ok
18:44:41.0921 3000 ql1280 - ok
18:44:41.0953 3000 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:44:41.0953 3000 RasAcd - ok
18:44:42.0015 3000 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:44:42.0015 3000 RasAuto - ok
18:44:42.0062 3000 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:44:42.0062 3000 Rasl2tp - ok
18:44:42.0125 3000 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:44:42.0125 3000 RasMan - ok
18:44:42.0156 3000 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:44:42.0171 3000 RasPppoe - ok
18:44:42.0171 3000 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:44:42.0187 3000 Raspti - ok
18:44:42.0203 3000 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:44:42.0218 3000 Rdbss - ok
18:44:42.0234 3000 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:44:42.0234 3000 RDPCDD - ok
18:44:42.0312 3000 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:44:42.0312 3000 rdpdr - ok
18:44:42.0390 3000 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:44:42.0390 3000 RDPWD - ok
18:44:42.0453 3000 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:44:42.0453 3000 RDSessMgr - ok
18:44:42.0484 3000 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:44:42.0500 3000 redbook - ok
18:44:42.0546 3000 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:44:42.0562 3000 RemoteAccess - ok
18:44:42.0625 3000 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:44:42.0625 3000 RemoteRegistry - ok
18:44:42.0640 3000 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
18:44:42.0640 3000 RpcLocator - ok
18:44:42.0968 3000 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:44:42.0984 3000 RpcSs - ok
18:44:43.0031 3000 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:44:43.0046 3000 RSVP - ok
18:44:43.0078 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:44:43.0078 3000 SamSs - ok
18:44:43.0125 3000 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:44:43.0125 3000 SCardSvr - ok
18:44:43.0171 3000 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:44:43.0171 3000 Schedule - ok
18:44:43.0234 3000 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:44:43.0234 3000 Secdrv - ok
18:44:43.0281 3000 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:44:43.0281 3000 seclogon - ok
18:44:43.0375 3000 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
18:44:43.0437 3000 senfilt - ok
18:44:43.0500 3000 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:44:43.0515 3000 SENS - ok
18:44:43.0531 3000 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:44:43.0531 3000 serenum - ok
18:44:43.0578 3000 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:44:43.0593 3000 Serial - ok
18:44:43.0625 3000 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:44:43.0625 3000 Sfloppy - ok
18:44:43.0703 3000 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:44:43.0718 3000 SharedAccess - ok
18:44:43.0781 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:44:43.0781 3000 ShellHWDetection - ok
18:44:43.0796 3000 Simbad - ok
18:44:43.0890 3000 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
18:44:43.0968 3000 smwdm - ok
18:44:43.0984 3000 Sparrow - ok
18:44:44.0046 3000 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:44:44.0046 3000 splitter - ok
18:44:44.0125 3000 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:44:44.0125 3000 Spooler - ok
18:44:44.0140 3000 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:44:44.0156 3000 sr - ok
18:44:44.0218 3000 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:44:44.0218 3000 srservice - ok
18:44:44.0296 3000 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:44:44.0343 3000 Srv - ok
18:44:44.0437 3000 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:44:44.0437 3000 SSDPSRV - ok
18:44:44.0531 3000 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:44:44.0531 3000 stisvc - ok
18:44:44.0609 3000 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:44:44.0609 3000 swenum - ok
18:44:44.0640 3000 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:44:44.0640 3000 swmidi - ok
18:44:44.0656 3000 SwPrv - ok
18:44:44.0671 3000 symc810 - ok
18:44:44.0687 3000 symc8xx - ok
18:44:44.0703 3000 sym_hi - ok
18:44:44.0703 3000 sym_u3 - ok
18:44:44.0718 3000 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:44:44.0734 3000 sysaudio - ok
18:44:44.0765 3000 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:44:44.0765 3000 SysmonLog - ok
18:44:44.0843 3000 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:44:44.0843 3000 TapiSrv - ok
18:44:44.0937 3000 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:44:44.0968 3000 Tcpip - ok
18:44:45.0015 3000 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:44:45.0015 3000 TDPIPE - ok
18:44:45.0046 3000 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:44:45.0046 3000 TDTCP - ok
18:44:45.0078 3000 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:44:45.0078 3000 TermDD - ok
18:44:45.0156 3000 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:44:45.0156 3000 TermService - ok
18:44:45.0187 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:44:45.0187 3000 Themes - ok
18:44:45.0234 3000 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
18:44:45.0250 3000 TlntSvr - ok
18:44:45.0265 3000 TosIde - ok
18:44:45.0296 3000 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:44:45.0296 3000 TrkWks - ok
18:44:45.0343 3000 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:44:45.0343 3000 Udfs - ok
18:44:45.0359 3000 ultra - ok
18:44:45.0453 3000 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:44:45.0468 3000 Update - ok
18:44:45.0531 3000 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:44:45.0546 3000 upnphost - ok
18:44:45.0593 3000 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:44:45.0593 3000 UPS - ok
18:44:45.0656 3000 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:44:45.0656 3000 usbccgp - ok
18:44:45.0703 3000 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:44:45.0718 3000 usbehci - ok
18:44:45.0765 3000 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:44:45.0765 3000 usbhub - ok
18:44:45.0828 3000 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:44:45.0828 3000 usbprint - ok
18:44:45.0875 3000 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:44:45.0890 3000 usbscan - ok
18:44:45.0906 3000 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:44:45.0906 3000 USBSTOR - ok
18:44:45.0953 3000 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:44:45.0953 3000 usbuhci - ok
18:44:45.0953 3000 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:44:45.0968 3000 VgaSave - ok
18:44:45.0968 3000 ViaIde - ok
18:44:46.0000 3000 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:44:46.0000 3000 VolSnap - ok
18:44:46.0062 3000 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:44:46.0078 3000 VSS - ok
18:44:46.0125 3000 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:44:46.0125 3000 W32Time - ok
18:44:46.0156 3000 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:44:46.0156 3000 Wanarp - ok
18:44:46.0171 3000 WDICA - ok
18:44:46.0187 3000 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:44:46.0203 3000 wdmaud - ok
18:44:46.0218 3000 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:44:46.0218 3000 WebClient - ok
18:44:46.0343 3000 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:44:46.0343 3000 winmgmt - ok
18:44:46.0421 3000 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:44:46.0421 3000 WmdmPmSN - ok
18:44:46.0500 3000 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:44:46.0500 3000 Wmi - ok
18:44:46.0562 3000 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:44:46.0578 3000 WmiApSrv - ok
18:44:46.0640 3000 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:44:46.0640 3000 WS2IFSL - ok
18:44:46.0718 3000 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:44:46.0718 3000 wscsvc - ok
18:44:46.0750 3000 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:44:46.0750 3000 wuauserv - ok
18:44:46.0875 3000 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:44:46.0890 3000 WZCSVC - ok
18:44:46.0937 3000 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:44:46.0937 3000 xmlprov - ok
18:44:46.0953 3000 ================ Scan global ===============================
18:44:47.0015 3000 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:44:47.0078 3000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:44:47.0093 3000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:44:47.0109 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:44:47.0125 3000 [Global] - ok
18:44:47.0125 3000 ================ Scan MBR ==================================
18:44:47.0156 3000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:44:47.0343 3000 \Device\Harddisk0\DR0 - ok
18:44:47.0375 3000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:44:47.0515 3000 \Device\Harddisk1\DR1 - ok
18:44:47.0531 3000 ================ Scan VBR ==================================
18:44:47.0531 3000 [ C5FDCBAA72F8B519BBE0195F9EFC5E1E ] \Device\Harddisk0\DR0\Partition1
18:44:47.0531 3000 \Device\Harddisk0\DR0\Partition1 - ok
18:44:47.0546 3000 [ 1CBA119EFBE787A33D533C6AA9A210D9 ] \Device\Harddisk1\DR1\Partition1
18:44:47.0546 3000 \Device\Harddisk1\DR1\Partition1 - ok
18:44:47.0546 3000 ============================================================
18:44:47.0546 3000 Scan finished
18:44:47.0546 3000 ============================================================
18:44:47.0562 3828 Detected object count: 0
18:44:47.0562 3828 Actual detected object count: 0
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 18:59:33
-----------------------------
18:59:33.437 OS Version: Windows 5.1.2600 Service Pack 3
18:59:33.437 Number of processors: 1 586 0x209
18:59:33.437 ComputerName: 21ST-J9NP6C9EM2 UserName: Susan
19:00:07.515 Initialize success
19:04:36.718 AVAST engine defs: 12112000
19:04:59.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:04:59.281 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
19:04:59.281 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
19:04:59.281 Disk 1 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
19:04:59.281 Disk 0 MBR read successfully
19:04:59.281 Disk 0 MBR scan
19:04:59.531 Disk 0 Windows XP default MBR code
19:04:59.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
19:04:59.578 Disk 0 scanning sectors +78108030
19:04:59.765 Disk 0 scanning C:\WINDOWS\system32\drivers
19:05:25.765 Service scanning
19:05:57.312 Modules scanning
19:06:11.140 Disk 0 trace - called modules:
19:06:11.156 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:06:11.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b87ab8]
19:06:11.500 3 CLASSPNP.SYS[f7817fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83bccd98]
19:06:12.500 AVAST engine scan C:\WINDOWS
19:06:42.859 AVAST engine scan C:\WINDOWS\system32
19:11:15.390 AVAST engine scan C:\WINDOWS\system32\drivers
19:11:34.375 AVAST engine scan C:\Documents and Settings\Susan
19:13:32.484 AVAST engine scan C:\Documents and Settings\All Users
19:13:47.781 Scan finished successfully
19:27:40.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Susan\Desktop\MBR.dat"
19:27:40.609 The log file has been saved successfully to "C:\Documents and Settings\Susan\Desktop\aswMBR.txt"
-
Gringo,
I thought I already gave you the combofix report but I don't see it. Forgive me ahead of time if I did but here it is again.
ComboFix 12-11-16.02 - Susan 11/18/2012 4:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.515 [GMT -5:00]
Running from: c:\documents and settings\Susan\My Documents\Downloads\ComboFix.exe
AV: CenturyLink™ Online Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Susan\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-09 21:18 . 2012-11-09 21:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 21:18 . 2012-11-09 21:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2003-08-13 19:34 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2003-08-13 19:30 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 23:54 . 2012-06-20 23:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 03:16 . 2012-10-16 22:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 17:41 . 2012-09-13 17:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 17:41 . 2012-09-13 17:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 19:12 . 2006-06-23 15:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2003-08-13 19:18 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2003-08-13 19:16 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2003-08-13 19:34 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2003-08-13 19:24 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-28 00:49 . 2012-10-28 00:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ltcmScheduler"="c:\program files\LTCM Client\ltcmScheduler.exe" [2009-08-05 105664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"F-Secure TNB"="c:\program files\CenturyLink Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"F-Secure Manager"="c:\program files\CenturyLink Online Security\Common\FSM32.EXE" [2009-08-05 199264]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/21/2010 5:00 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [4/21/2010 4:59 PM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\CenturyLink Online Security\HIPS\drivers\fshs.sys [4/21/2010 4:59 PM 68064]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [8/1/2012 6:21 PM 156160]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/1/2012 6:21 PM 125440]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 12:01 PM 521600]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [4/21/2010 4:58 PM 144440]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\CenturyLink Online Security\ORSP Client\fsorsp.exe [4/21/2010 4:59 PM 61088]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 21:18]
.
2012-11-18 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CENTUR~1\ANTI-V~1\fsav.exe [2010-04-21 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxfire.com/
LSP: c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-11-16 15:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2011-08-02 21:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-18 04:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\centurylink online security\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(716)
c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
c:\program files\centurylink online security\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
c:\program files\centurylink online security\scanner-interface\fsgkiapi.dll
.
Completion time: 2012-11-18 04:49:16
ComboFix-quarantined-files.txt 2012-11-18 09:49
.
Pre-Run: 27,550,531,584 bytes free
Post-Run: 27,682,598,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=signature(3af64aec)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
signature(3af64aec)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2E0DECB58BC4E6F1ED8CD1A84200A015
-
Gringo,
Seems to be running less choppie and more smooth.
Whichie
# AdwCleaner v2.008 - Logfile created 11/17/2012 at 20:17:07
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Susan - 21ST-J9NP6C9EM2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Susan\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
***** [internet Browsers] *****
-\\ Internet Explorer v7.0.5730.13
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272 --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\prefs.js
C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\op583epk.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("extensions.funmoods.aflt", "test312");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2[...]
Deleted : user_pref("extensions.funmoods.id", "000CF17B287F518D");
Deleted : user_pref("extensions.funmoods.instlDay", "15617");
Deleted : user_pref("extensions.funmoods.instlRef", "test312");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=test312&chnl=test312&[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2211:40:13");
-\\ Opera v [unable to get version]
File : C:\Documents and Settings\Susan\Application Data\Opera\Opera\operaprefs.ini
Deleted : Home URL=hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtB[...]
*************************
AdwCleaner[s1].txt - [3598 octets] - [17/11/2012 20:17:07]
########## EOF - C:\AdwCleaner[s1].txt - [3658 octets] ##########
RogueKiller V8.3.0 [Nov 17 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Susan [Admin rights]
Mode : Scan -- Date : 11/17/2012 20:32:42
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : WorkForce 435(Network) (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE /FU "C:\DOCUME~1\Susan\LOCALS~1\Temp\E_S6D.tmp" /EF "HKCU") -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1275210071-2000478354-839522115-1003[...]\Run : WorkForce 435(Network) (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE /FU "C:\DOCUME~1\Susan\LOCALS~1\Temp\E_S6D.tmp" /EF "HKCU") -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[47] : unknown @ 0x805B6D9D -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7959CD6)
SSDT[48] : unknown @ 0x8058B9F4 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7959CF0)
SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958E8C)
SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF79591BC)
SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958BCC)
SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF79595EE)
SSDT[192] : NtRenameKey @ 0x8065687A -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF795A88C)
SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF795943E)
SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958A4C)
SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958EC0)
SSDT[255] : NtSystemDebugControl @ 0x80651AA1 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7959042)
SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF79589A6)
SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958B06)
SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF7958F86)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys @ 0xF795B646)
¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\Documents and Settings\Administrator\NTUSER.DAT
-> F:\Documents and Settings\Administrator.STACE-222XA5GDP\NTUSER.DAT
-> F:\Documents and Settings\All Users\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
-> F:\Documents and Settings\LocalService\NTUSER.DAT
-> F:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
-> F:\Documents and Settings\NetworkService\NTUSER.DAT
-> F:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD400BB-75DEA0 +++++
--- User ---
[MBR] cd705452dd29726df03054cfd020b84c
[bSP] c1b457bfce65e7418b875c2c6c3b54b2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Maxtor 6E040L0 +++++
--- User ---
[MBR] c1edd2475ed81019ad65a8f14f340b6f
[bSP] 445c17814d44edc98d5f1d178f570926 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 39166 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11172012_02d2032.txt >>
RKreport[1]_S_11172012_02d2032.txt
-
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 10.9.2
Run by Susan at 18:10:04 on 2012-11-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.404 [GMT -5:00]
.
AV: CenturyLink™ Online Security 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxfire.com/
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WorkForce 435(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihra.exe /fu "c:\docume~1\susan\locals~1\temp\E_S6D.tmp" /EF "HKCU"
uRun: [ltcmScheduler] c:\program files\ltcm client\ltcmScheduler.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [F-Secure TNB] "c:\program files\centurylink online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Manager] "c:\program files\centurylink online security\common\FSM32.EXE" /splash
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [bCMSMMSG] BCMSMMSG.exe
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\centurylink online security\fsps\program\FSLSP.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271891029375
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8661A947-A670-44D5-9114-4E265963FE0C} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\susan\application data\mozilla\firefox\profiles\op583epk.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - about:home
FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\6litmus-ff.dll
FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\7litmus-ff.dll
FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\8litmus-ff.dll
FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\9litmus-ff.dll
FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-11-16 15:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\susan\application data\mozilla\firefox\profiles\op583epk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2011-08-02 21:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtD0C0FtCyB0BtBzzyB0FyDtCzz0DtN0D0Tzu0CtByByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=991913272&q=
FF - user.js: extensions.funmoods.id - 000CF17B287F518D
FF - user.js: extensions.funmoods.instlDay - 15617
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:40:13
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - test312
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - test312
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-4-21 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-4-21 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\centurylink online security\hips\drivers\fshs.sys [2010-4-21 68064]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-8-1 156160]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-8-1 125440]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\centurylink online security\anti-virus\fsgk32st.exe [2010-4-21 215648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\centurylink online security\anti-virus\minifilter\fsgk.sys [2010-4-21 144440]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\centurylink online security\orsp client\fsorsp.exe [2010-4-21 61088]
.
=============== Created Last 30 ================
.
2012-11-09 21:18:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 21:18:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 03:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 17:41:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 17:41:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ------w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 18:11:21.93 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2010 7:24:30 AM
System Uptime: 11/17/2012 1:50:55 PM (5 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2593/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 25.606 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 38 GiB total, 24.142 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP407: 8/20/2012 2:48:13 PM - System Checkpoint
RP408: 8/21/2012 7:39:45 PM - System Checkpoint
RP409: 8/23/2012 10:46:06 AM - System Checkpoint
RP410: 8/26/2012 2:46:09 PM - System Checkpoint
RP411: 8/29/2012 3:10:31 PM - System Checkpoint
RP412: 8/30/2012 10:21:03 PM - System Checkpoint
RP413: 9/1/2012 12:43:22 PM - System Checkpoint
RP414: 9/2/2012 3:33:00 PM - System Checkpoint
RP415: 9/3/2012 4:50:48 PM - System Checkpoint
RP416: 9/4/2012 7:47:13 PM - System Checkpoint
RP417: 9/6/2012 1:03:57 PM - System Checkpoint
RP418: 9/7/2012 2:18:01 PM - System Checkpoint
RP419: 9/9/2012 2:50:58 PM - System Checkpoint
RP420: 9/11/2012 8:04:36 PM - System Checkpoint
RP421: 9/12/2012 1:24:53 PM - Software Distribution Service 3.0
RP422: 9/13/2012 1:41:06 PM - Installed Java 7 Update 7
RP423: 9/14/2012 3:48:44 PM - System Checkpoint
RP424: 9/16/2012 5:22:24 AM - System Checkpoint
RP425: 9/17/2012 1:10:18 PM - System Checkpoint
RP426: 9/18/2012 6:49:06 PM - System Checkpoint
RP427: 9/21/2012 6:14:26 PM - System Checkpoint
RP428: 9/21/2012 7:01:58 PM - Software Distribution Service 3.0
RP429: 9/23/2012 2:13:20 PM - System Checkpoint
RP430: 9/24/2012 2:31:12 PM - System Checkpoint
RP431: 9/25/2012 4:39:59 PM - System Checkpoint
RP432: 9/26/2012 7:33:39 PM - System Checkpoint
RP433: 9/27/2012 10:35:31 PM - System Checkpoint
RP434: 9/29/2012 11:19:52 AM - System Checkpoint
RP435: 9/30/2012 4:59:23 PM - System Checkpoint
RP436: 10/3/2012 10:21:23 AM - System Checkpoint
RP437: 10/3/2012 1:47:03 PM - Installed %1 %2.
RP438: 10/4/2012 2:03:20 PM - System Checkpoint
RP439: 10/6/2012 8:22:44 AM - System Checkpoint
RP440: 10/6/2012 5:40:37 PM - Installed Windows XP KB971314.
RP441: 10/7/2012 6:43:08 PM - System Checkpoint
RP442: 10/9/2012 3:42:32 PM - System Checkpoint
RP443: 10/10/2012 8:46:09 AM - Software Distribution Service 3.0
RP444: 10/12/2012 6:29:30 PM - System Checkpoint
RP445: 10/13/2012 8:57:31 PM - System Checkpoint
RP446: 10/16/2012 6:25:41 PM - Installed Java 7 Update 9
RP447: 10/18/2012 6:50:22 PM - System Checkpoint
RP448: 10/20/2012 11:41:28 AM - System Checkpoint
RP449: 10/21/2012 1:54:48 PM - System Checkpoint
RP450: 10/22/2012 5:09:04 PM - System Checkpoint
RP451: 10/23/2012 6:46:49 PM - System Checkpoint
RP452: 10/25/2012 1:23:12 AM - System Checkpoint
RP453: 10/26/2012 2:11:36 PM - System Checkpoint
RP454: 10/27/2012 8:53:06 PM - System Checkpoint
RP455: 11/1/2012 6:15:23 PM - System Checkpoint
RP456: 11/4/2012 1:04:59 PM - System Checkpoint
RP457: 11/5/2012 1:09:08 PM - System Checkpoint
RP458: 11/6/2012 5:37:14 PM - System Checkpoint
RP459: 11/7/2012 10:59:52 PM - System Checkpoint
RP460: 11/9/2012 8:09:48 PM - System Checkpoint
RP461: 11/10/2012 9:05:02 PM - System Checkpoint
RP462: 11/12/2012 9:47:55 AM - System Checkpoint
RP463: 11/13/2012 6:15:01 PM - System Checkpoint
RP464: 11/14/2012 9:38:14 PM - System Checkpoint
RP465: 11/16/2012 7:44:22 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 11 Plugin
BCM V.92 56K Modem
CenturyLink™ Online Security
Dell ResourceCD
Epson Connect
Epson Customer Participation
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 435 Series Printer Uninstall
EpsonNet Print
F-Secure PSC Prerequisites
GemMaster Mystic
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB971314)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Card Games 2004
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
Java 7 Update 9
Java Auto Updater
LTCM Client
Malwarebytes Anti-Malware version 1.65.1.1000
Managed DirectX (0901)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
Pool Rebel for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows PowerShell 1.0
Windows XP Service Pack 3
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
11/11/2012 5:11:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000CF17B287F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/11/2012 3:46:10 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00:19:21:CA:97:4A. Network operations on this system may be disrupted as a result.
11/10/2012 5:49:43 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2012 11:17:47 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 11:14:47 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
Results of screen317's Security Check version 0.99.54
Windows 2000 Service Pack 3 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Please wait while WMIC compiles updated MOF files.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
CenturyLink Online Security Anti-Virus fsgk32st.exe
CenturyLink Online Security Anti-Virus FSGK32.EXE
CenturyLink Online Security Anti-Virus fssm32.exe
CenturyLink Online Security Anti-Virus fsav32.exe
CenturyLink Online Security Common FSMA32.EXE
CenturyLink Online Security Common FSHDLL32.EXE
CenturyLink Online Security FWES Program fsdfwd.exe
CenturyLink Online Security Common FSM32.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
-
Gringo help please. You helped me with Vista. So far so good thank you but while doing that I used the XP Desk Top and I might be still infected here. Let me know if you can help.
Thanks Whichie
-
Gringo,
I have been using the pc and wanted to thank you. It is running MUCH better. Thank you for the info about security I see I have lots to read and have read alot already. Your suggested sites are great. I did a donate so you know.
When you are ready I'd like to know if you will help with the xp desk top? It has slowed down. So do I start a new topic or continue with this correspondence ?
Whichie
-
Gringo,
No I think I may be paranoid. It working fine but I want to be sure and follow ur last post and come back here with how it's doing. Thank you for sticking it out with me. I'll be back tomorrow with how the pc is doing.
Whichie
-
Gringo,
Can we hold up on closing this? I used the desk top today, it was working fine, better then it has in along time or awhile. Then I put it in sleep/hib and a few hours later it's unresponsive like before or between having me start over to clean it out. The monitor blinks, and the power button was not responding to shut it off. Solid green light is on. I held down the power button and counted to 30 seconds and waited awhile and turned it back on. Same thing, the monitor is blinking and the green light is continuious. This time I held the power button and shut the power off completely. That is where I'm at now.
Whichie
-
Gringo,
I tried to uninstall ComboFix /Uninstall but get the msg that it can be found. When I do a search I see two of them in downloads along with several compies of prior tools used in this clean up. I guess at the begining of this I downloaded some of the tools more than once not knowing what I was doing. Should I just move on to clean up the rest? I'll wait to hear from you. Pc is acting like it's old self.
Whichie
-
Gringo,
Here is the report. It took over two hours. Pc is running ok at this point. Let me know. Thanks again.
C:\Users\holy\Downloads\registrybooster(2).exe multiple threats
C:\Users\holy\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
Whichie
-
Gringo,
While doing the Cleaner it also removed Malwarebytes. I still had the installer so I installed it again. (twice) It found a problem deleted it or removed it. Here is that report. Also I had to do a restart right away. The pc seems to be doing good.
Whichie
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.09.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
holy :: HOLY-PC [administrator]
11/9/2012 6:48:15 PM
mbam-log-2012-11-09 (18-48-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233386
Time elapsed: 8 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\holy\Downloads\7zip_installer_d162802.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:28:51 PM, on 11/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\holy\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\EMBARQ Online Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\EMBARQ Online Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5448 bytes
-
Gringo,
The pc is running a little slow. Here is the Combofix report in safe mode.
Whichie
ComboFix 12-11-06.03 - holy 11/09/2012 16:31:22.2.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.895.491 [GMT -5:00]
Running from: c:\users\holy\Downloads\ComboFix.exe
FW: CenturyLink™ Online Security 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 21:41 . 2012-11-09 21:41 -------- d-----w- c:\users\holy\AppData\Local\temp
2012-11-09 21:41 . 2012-11-09 21:41 -------- d-----w- c:\users\REP\AppData\Local\temp
2012-11-09 21:41 . 2012-11-09 21:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-09 21:41 . 2012-11-09 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-08 14:08 . 2012-11-08 14:08 -------- d-----w- c:\users\holy\AppData\Roaming\Foxit Software
2012-11-06 22:58 . 2012-11-06 22:58 -------- d-----w- c:\program files\7-zip
2012-11-06 19:38 . 2012-10-17 06:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CFC374A-CDE6-462D-B34E-EE12C270AD75}\mpengine.dll
2012-11-05 00:20 . 2012-11-07 20:05 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-11-04 20:49 . 2012-11-05 00:25 36792 ----a-w- c:\windows\system32\drivers\fses.sys
2012-11-04 20:49 . 2012-11-05 00:26 73160 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-10-24 21:28 . 2012-10-24 21:28 -------- d-----w- c:\program files\CCleaner
2012-10-24 15:29 . 2012-10-24 15:29 -------- d-----w- c:\program files\Common Files\Java
2012-10-24 15:28 . 2012-10-24 15:27 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-24 15:02 . 2012-10-24 15:02 -------- d-----w- c:\program files\Foxit Software
2012-10-24 14:09 . 2012-10-24 14:09 -------- d-----w- c:\program files\VS Revo Group
2012-10-19 01:01 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-19 01:01 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-19 01:01 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-19 01:00 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-19 00:59 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-19 00:56 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-19 00:56 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 15:27 . 2010-08-31 15:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 18:22 . 2012-09-13 18:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-03-04 00:14 . 2012-03-04 00:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\EMBARQ Online Security\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-17 18:29]
.
2012-11-08 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\EMBARQ~1\ANTI-V~1\fsav.exe [2012-11-04 15:56]
.
2012-11-08 c:\windows\Tasks\User_Feed_Synchronization-{9887A036-951C-4FB4-BBAF-AB8E7A936267}.job
- c:\windows\system32\msfeedssync.exe [2012-10-26 19:31]
.
2012-11-08 c:\windows\Tasks\User_Feed_Synchronization-{DF92EA2C-A000-4A47-8DDC-B538EB8648F5}.job
- c:\windows\system32\msfeedssync.exe [2012-10-26 19:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\EMBARQ Online Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\holy\AppData\Roaming\Mozilla\Firefox\Profiles\tujcccj1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 16:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-09 16:44:35
ComboFix-quarantined-files.txt 2012-11-09 21:44
ComboFix2.txt 2012-11-07 21:18
ComboFix3.txt 2012-10-23 18:06
ComboFix4.txt 2012-10-21 22:54
.
Pre-Run: 47,268,728,832 bytes free
Post-Run: 47,391,625,216 bytes free
.
- - End Of File - - 803284800B4393B207C2C57DB4DA9A25
-
Gringo,
I was able to run Combofix in safe mode. I did save the report but you didn't ask for it. When I tried to open my broswer or any thing I'm getting the error message: illegal operation attempted on a registry key that has been marked for deletion. You have the option to hit ok. If you want that report I can attempt to get it to this pc.
Whichie
-
Yes I'm in safe mode. I turned off the Pc yesterday and on power up it came up with that option so I'm in safe mode.
Whichie
-
Gringo,
I turn on my Desk Top to do the Combofix and I'm logged in but only have the blue screen of death. I'm just gonna wait for awhile to see if you have any ideas.
It was running better.Whichie
It
apparently malware maybe from game site?
in Resolved Malware Removal Logs
Posted
please close this i'll manage without any help from here
whichie