LaLuz

After running fixdamage, rkill, and TDSSKiller I finally got ComboFix to run and produce a report. Here are all the reports: Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html Program started at: 11/29/2012 11:10:40 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\WINDOWS\system32\nvsvc32.exe (PID: 1212) [WD-HEUR] * C:\WINDOWS\RTHDCPL.EXE (PID: 2716) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath] Searching for Missing Digital Signatures: * C:\WINDOWS\System32\drivers\DMusic.sys [NoSig] +-> C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys : 52,864 : 08/03/2004 11:07 PM : a6f881284ac1150e37d9ae47ff601267 [Pos Repl] +-> C:\WINDOWS\ServicePackFiles\i386\dmusic.sys : 52,864 : 04/13/2008 00:45 AM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl] * C:\WINDOWS\System32\drivers\drmkaud.sys [NoSig] +-> C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys : 2,944 : 08/03/2004 11:07 PM : 1ed4dbbae9f5d558dbba4cc450e3eb2e [Pos Repl] +-> C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys : 2,944 : 04/13/2008 00:45 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl] * C:\WINDOWS\System32\drivers\swmidi.sys [NoSig] +-> C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys : 54,272 : 08/17/2001 02:00 PM : 94abc808fc4b6d7d2bbf42b85e25bb4d [Pos Repl] +-> C:\WINDOWS\ServicePackFiles\i386\swmidi.sys : 56,576 : 04/13/2008 00:45 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl] * C:\WINDOWS\System32\drivers\sysaudio.sys [NoSig] +-> C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys : 60,800 : 08/03/2004 11:15 PM : 650ad082d46bac0e64c9c0e0928492fd [Pos Repl] +-> C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys : 60,800 : 04/13/2008 00:15 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 11/29/2012 11:11:30 PM Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s) I'm still not able to connect to the internet. When I click on the Icon, the internet screen shows up and then it dissapears. The TDSSKiller and ComboFix logs are attached. ComboFix.txt TDSSKiller.2.8.15.0_29.11.2012_23.28.50_log.txt

I'm going to try that now. ComboFix.txt is not anywhere, I looked in that Qoobox folder that you've said and it's not there either. I even did a complete search and it did not find it. I'm don't think that ComboFix is working for me, like I said before, when It runs it reboots twice. The first time it says that it has found a rootkit.ZeroAccess virus, then another screen comes up saying that the rootkit has been detected and that it needs to reboot. When it comes back it continues running thru all 50 stages, then it says "deleting files", and then it reboots again. I'm still not able to access the internet after flushing the DNS with ipconfig. I appreciate your help with this. Please don't give up on me :-(

Ok, I will go home and look. Is there anything else that I can do for now? I'm not going to be able to reply until tomorrow :-(

I cannot locate the ComboFix.txt file any where. It's not on my desktop or on my C drive. When I try to connect to the internet, the screen comes up like for about 3 seconds and then it dissapears.

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Mom [Admin rights] Mode : Scan -- Date : 11/27/2012 16:35:27 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] RTHDCPL.exe -- C:\WINDOWS\RTHDCPL.exe -> KILLED [TermProc] [][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : NvTaskbarInit -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][NOTFOUND] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) -> FOUND [RUN][NOTFOUND] HKLM\[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit) -> FOUND [RUN][sUSP PATH] HKLM\[...]\RunOnce : Z1 (C:\Documents and Settings\Mom\Desktop\mbar\mbar.exe /cleanup /s) -> FOUND [TASK][sUSP PATH] McAfee Cleanup.job : C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe -p mpfpcu,mpfp,mps,shred,mpscu,mskcu,msk,emproxy,mas,fwdriver,hw,mbk,mcproxy,mhn,mqccu,mqc,shrd,nmc,redir,mna,mwl,msad,mobk,vs,msc,mcpr,mcsvchost -log "C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp" -w "C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp\MCPR.tmp" -s -uipipe McAfeeCleanu -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-842925246-1364589140-725345543-1006UA.job : C:\Documents and Settings\Jesika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-842925246-1364589140-725345543-1006Core.job : C:\Documents and Settings\Jesika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB9887C4C) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB9887D3C) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3300620A +++++ --- User --- [MBR] 79df028273a97584cfb60176d9b2ee54 [bSP] 3f903f77b0b0c3317501e155942ab72e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286157 Mo 1 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 586051200 | Size: 7 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_S_11272012_02d1635.txt >> RKreport[1]_S_11222012_02d0149.txt ; RKreport[2]_S_11272012_02d1635.txt and the FSS.txt: Farbar Service Scanner Version: 09-11-2012 Ran by Mom (administrator) on 27-11-2012 at 16:45:13 Running from "E:\Troubleshooting\Bleeping" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= fssfltr(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0B0000000500000001000000020000000300000004000000080000000600000007000000090000000A0000000B000000 IpSec Tag value is correct. **** End of log **** ComboFix is still not producing a report. After running all the stages I've notice that it says: 'deleting files", then the screen goes blank and it disappears. There is not a report on my desktop.

I run it twice like you said, and here are both reports. (the system log was too long to post, so i've send it as an attachment): Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.03.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Mom :: KOHLBECKS [administrator] 11/26/2012 11:18:42 AM mbar-log-2012-11-26 (11-18-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 25553 Time elapsed: 11 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [1ae79400213c8da9bb4c74a218ecc53b] HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [61a0088c253858dee91fcb4b6b996e92] HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [c73ac5cff36a9d99e12833e3f2125da3] Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.26.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Mom :: KOHLBECKS [administrator] 11/26/2012 11:41:10 AM mbar-log-2012-11-26 (11-41-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 25571 Time elapsed: 11 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- system-log.txt

I did run combofix several times, but I'm not sure if it worked. I was not able to find any log to send you. I thought I had already deleted Microsoft Security Console, but When I run combofix it gives me a message saying that it is still there. I select to continue, then it says that it has found Rootkit.ZeroAccess and and it attemps to delete it. Another box comes up that says: "Rootkit detected", then after it reboots, it runs through all 50 stages, it reboots again at the end, but there is not a report on my desktop.

I'm sorry for the delay of my response. I don't have internet access, so I've been going back and forth to the library to use their pc. I have not been able to disable Security Essentials, the program is there but it's not working and It doesn't allow me to do anything. I couldn't uninstalled either :-(

oh, I did. I'm sorry I forgot to send you the log :-( RogueKiller V8.3.1 [Nov 20 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Mom [Admin rights] Mode : Scan -- Date : 11/20/2012 21:55:01 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] RTHDCPL.exe -- C:\WINDOWS\RTHDCPL.exe -> KILLED [TermProc] [][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : NvTaskbarInit -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][NOTFOUND] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) -> FOUND [RUN][NOTFOUND] HKLM\[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit) -> FOUND [TASK][sUSP PATH] McAfee Cleanup.job : C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe -p mpfpcu,mpfp,mps,shred,mpscu,mskcu,msk,emproxy,mas,fwdriver,hw,mbk,mcproxy,mhn,mqccu,mqc,shrd,nmc,redir,mna,mwl,msad,mobk,vs,msc,mcpr,mcsvchost -log "C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp" -w "C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp\MCPR.tmp" -s -uipipe McAfeeCleanu -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-842925246-1364589140-725345543-1006UA.job : C:\Documents and Settings\Jesika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-842925246-1364589140-725345543-1006Core.job : C:\Documents and Settings\Jesika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3300620A +++++ --- User --- [MBR] 79df028273a97584cfb60176d9b2ee54 [bSP] 3f903f77b0b0c3317501e155942ab72e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286157 Mo 1 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 586051200 | Size: 7 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11202012_02d2155.txt >> RKreport[1]_S_11202012_02d2155.txt

Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingc...opic405109.html Program started at: 11/20/2012 09:42:25 PM Windows Version: Windows XP Please be patient while your files are made visible again. Processing the A:\ drive Finished processing the A:\ drive. 0 files processed. Processing the C:\ drive Finished processing the C:\ drive. 86207 files processed. Processing the D:\ drive Finished processing the D:\ drive. 0 files processed. Processing the E:\ drive Finished processing the E:\ drive. 54 files processed. The C:\DOCUME~1\Mom\LOCALS~1\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingc...opic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer * NoActiveDesktopChanges policy was found and deleted! - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Restarting Explorer.exe in order to apply changes. Program finished at: 11/20/2012 09:48:28 PM Execution time: 0 hours(s), 6 minute(s), and 3 seconds(s) and here is the Quarentine report: Time : 20/11/2012 21:55:01 -------------------------- [RTHDCPL.exe.vir] -> C:\WINDOWS\RTHDCPL.exe ERROR [NvStartup.vir] -> NvStartup ERROR [NvTaskbarInit.vir] -> NvTaskbarInit ERROR [mccleanup.exe.vir] -> C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe ERROR [MCPR.tmp.vir] -> C:\DOCUME~1\LUCYW~1\LOCALS~1\Temp\MCPR.tmp ERROR [NvTaskbarInit.vir] -> NvTaskbarInit Please tell me how to proceed. Thank you :-)

I'm still having problems after removing the Security Protection virus from my PC. I can not access the internet, a lot of my Windows help and other software files are missing. I don't have the installation CD or the product key. Please help me. This is the DDS.TXT log: DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Mom at 14:20:50 on 2012-11-20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.512 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = hxxp://www.google.com/ie BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - BHO: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - <orphaned> BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe" mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe" mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16 mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [ActiveSpeed] c:\program files\ascentive\activespeed\AS.exe -b mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NPSStartup] <no file> dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349584314234 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353303973093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9} : DHCPNameServer = 192.168.2.1 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-24 54760] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-11-8 238952] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-17 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-17 676936] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-11-8 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-17 22856] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 USB_RNDIS_51;USB Remote NDIS Y Network Device Driver;c:\windows\system32\drivers\usb8023.sys [2006-2-28 12800] . =============== Created Last 30 ================ . 2012-11-20 00:36:44 -------- d-----w- c:\documents and settings\mom\local settings\application data\PCHealth 2012-11-19 01:02:33 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-11-18 08:27:26 -------- d--h--w- c:\windows\PIF 2012-11-18 08:27:26 -------- d-----w- C:\Inetpub 2012-11-17 22:35:53 -------- d-----w- c:\documents and settings\mom\application data\Malwarebytes 2012-11-17 22:34:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-11-17 22:34:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-17 22:34:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-15 17:47:53 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-15 08:32:15 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro 2012-11-15 08:26:16 -------- d-----w- c:\documents and settings\mom\application data\Babylon 2012-11-15 08:26:16 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2012-11-15 08:23:04 -------- d-----w- c:\documents and settings\mom\application data\FCTB000100567 2012-11-14 17:39:17 -------- d-----w- c:\documents and settings\all users\application data\90A8C4FBA62688B4000090A834578CCF 2012-11-14 17:38:21 59904 ---ha-w- c:\windows\system32\cmmovaws.dll 2012-11-14 16:48:29 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{283ae813-6f90-47f6-a9ee-6c1ce2e6a842}\offreg.dll 2012-11-14 16:39:51 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{283ae813-6f90-47f6-a9ee-6c1ce2e6a842}\mpengine.dll 2012-11-08 19:44:47 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys 2012-11-08 19:44:47 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe 2012-11-08 19:44:47 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll 2012-11-08 19:44:22 -------- d-----w- c:\documents and settings\mom\application data\Samsung 2012-11-08 19:43:46 -------- d-----w- c:\program files\MarkAny 2012-11-08 19:34:06 -------- d-----w- c:\documents and settings\mom\local settings\application data\Downloaded Installations 2012-11-08 19:24:09 -------- d-----w- c:\program files\SAMSUNG 2012-11-08 19:23:50 -------- d-----w- c:\documents and settings\all users\application data\Samsung . ==================== Find3M ==================== . 2012-11-15 17:49:22 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll . ============= FINISH: 14:25:24.92 =============== and this is the attach.txt log: DDS (Ver_2012-11-07.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 6/10/2007 11:56:43 AM System Uptime: 11/19/2012 6:26:08 PM (20 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | M61VME-S2 Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket M2 | 2210/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 279 GiB total, 261.135 GiB free. E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483550333233375732204C202020202020 Manufacturer: (Standard CD-ROM drives) Name: PIONEER DVD-RW DVR-111D PNP Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483550333233375732204C202020202020 Service: cdrom . Class GUID: Description: Device ID: ROOT\LEGACY_SASKUTIL\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_SASKUTIL\0000 Service: . ==== System Restore Points =================== . RP576: 8/22/2012 7:05:29 PM - System Checkpoint RP577: 8/23/2012 7:25:00 PM - System Checkpoint RP578: 8/24/2012 8:16:55 PM - System Checkpoint RP579: 8/26/2012 2:23:37 PM - System Checkpoint RP580: 8/27/2012 3:06:47 PM - System Checkpoint RP581: 8/28/2012 3:47:45 PM - System Checkpoint RP582: 8/29/2012 5:03:38 PM - System Checkpoint RP583: 8/30/2012 5:28:14 PM - System Checkpoint RP584: 8/31/2012 8:57:06 PM - System Checkpoint RP585: 9/2/2012 11:43:59 AM - System Checkpoint RP586: 9/3/2012 1:24:44 PM - System Checkpoint RP587: 9/4/2012 2:36:12 PM - System Checkpoint RP588: 9/5/2012 4:35:46 PM - System Checkpoint RP589: 9/6/2012 5:38:48 PM - System Checkpoint RP590: 9/8/2012 3:36:44 PM - System Checkpoint RP591: 9/9/2012 5:56:29 PM - System Checkpoint RP592: 9/11/2012 3:20:45 PM - System Checkpoint RP593: 9/12/2012 3:46:55 PM - System Checkpoint RP594: 9/13/2012 4:10:22 PM - System Checkpoint RP595: 9/14/2012 5:35:25 PM - System Checkpoint RP596: 9/15/2012 6:16:16 PM - System Checkpoint RP597: 9/16/2012 8:02:14 PM - System Checkpoint RP598: 9/18/2012 3:06:42 PM - System Checkpoint RP599: 9/19/2012 3:34:55 PM - System Checkpoint RP600: 9/20/2012 4:22:42 PM - System Checkpoint RP601: 9/21/2012 4:37:17 PM - System Checkpoint RP602: 9/22/2012 4:38:29 PM - System Checkpoint RP603: 9/23/2012 8:05:33 PM - System Checkpoint RP604: 9/24/2012 9:23:44 PM - System Checkpoint RP605: 9/25/2012 9:27:52 PM - System Checkpoint RP606: 9/26/2012 9:28:49 PM - System Checkpoint RP607: 9/27/2012 10:43:47 PM - System Checkpoint RP608: 9/28/2012 10:51:01 PM - System Checkpoint RP609: 9/30/2012 10:18:45 AM - System Checkpoint RP610: 10/1/2012 11:21:23 AM - System Checkpoint RP611: 10/2/2012 3:40:56 PM - System Checkpoint RP612: 10/3/2012 6:36:14 PM - System Checkpoint RP613: 10/5/2012 10:47:15 AM - System Checkpoint RP614: 10/6/2012 9:57:51 PM - Software Distribution Service 3.0 RP615: 10/6/2012 10:46:02 PM - Software Distribution Service 3.0 RP616: 10/7/2012 12:53:24 AM - Software Distribution Service 3.0 RP617: 10/8/2012 11:34:07 AM - Software Distribution Service 3.0 RP618: 10/9/2012 1:27:09 PM - System Checkpoint RP619: 10/10/2012 11:10:30 AM - Software Distribution Service 3.0 RP620: 10/10/2012 6:37:04 PM - Software Distribution Service 3.0 RP621: 10/12/2012 12:14:39 PM - Software Distribution Service 3.0 RP622: 10/13/2012 12:41:35 PM - System Checkpoint RP623: 10/14/2012 6:46:51 AM - Software Distribution Service 3.0 RP624: 10/14/2012 11:08:46 PM - Removed Bing Bar RP625: 10/15/2012 9:00:04 AM - Software Distribution Service 3.0 RP626: 10/16/2012 9:31:03 AM - System Checkpoint RP627: 10/16/2012 11:48:47 AM - Software Distribution Service 3.0 RP628: 10/17/2012 12:27:13 PM - System Checkpoint RP629: 10/17/2012 9:11:36 PM - Software Distribution Service 3.0 RP630: 10/19/2012 9:36:04 AM - Software Distribution Service 3.0 RP631: 10/20/2012 10:04:41 AM - Software Distribution Service 3.0 RP632: 10/21/2012 5:00:43 PM - Software Distribution Service 3.0 RP633: 10/22/2012 8:11:16 PM - System Checkpoint RP634: 10/23/2012 6:50:23 AM - Software Distribution Service 3.0 RP635: 10/24/2012 9:53:39 AM - Software Distribution Service 3.0 RP636: 10/25/2012 10:45:38 AM - System Checkpoint RP637: 10/25/2012 3:34:38 PM - Software Distribution Service 3.0 RP638: 10/26/2012 4:31:01 PM - Software Distribution Service 3.0 RP639: 10/27/2012 5:22:38 PM - System Checkpoint RP640: 10/28/2012 12:04:37 PM - Software Distribution Service 3.0 RP641: 10/29/2012 12:11:45 PM - Software Distribution Service 3.0 RP642: 10/30/2012 2:08:03 PM - Software Distribution Service 3.0 RP643: 10/31/2012 3:24:06 PM - System Checkpoint RP644: 11/1/2012 8:57:24 AM - Software Distribution Service 3.0 RP645: 11/2/2012 8:57:49 AM - System Checkpoint RP646: 11/3/2012 8:44:58 AM - Software Distribution Service 3.0 RP647: 11/4/2012 8:49:07 AM - Software Distribution Service 3.0 RP648: 11/5/2012 4:10:51 PM - Software Distribution Service 3.0 RP649: 11/6/2012 4:19:21 PM - System Checkpoint RP650: 11/7/2012 8:20:27 AM - Software Distribution Service 3.0 RP651: 11/8/2012 10:15:54 AM - Software Distribution Service 3.0 RP652: 11/8/2012 11:40:29 AM - Installed Samsung New PC Studio RP653: 11/9/2012 2:11:52 PM - Software Distribution Service 3.0 RP654: 11/10/2012 3:08:56 PM - System Checkpoint RP655: 11/11/2012 11:17:41 AM - Software Distribution Service 3.0 RP656: 11/12/2012 12:49:55 PM - System Checkpoint RP657: 11/12/2012 6:53:33 PM - Software Distribution Service 3.0 RP658: 11/13/2012 7:43:54 PM - System Checkpoint RP659: 11/14/2012 8:39:46 AM - Software Distribution Service 3.0 RP660: 11/18/2012 12:22:42 AM - Restore Operation RP661: 11/18/2012 12:28:50 AM - Restore Operation RP662: 11/18/2012 4:39:03 PM - Malwarebytes Anti-Rootkit Restore Point RP663: 11/19/2012 3:26:02 PM - Software Distribution Service 3.0 RP664: 11/20/2012 8:00:14 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Control Center for KODAK Webcams EPSON Status Monitor 2 Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) HP Deskjet 1000 J110 series Basic Device Software HP Deskjet 1000 J110 series Help HP Deskjet 1000 J110 series Product Improvement Study Itibiti RTC Java Auto Updater Java™ 6 Update 2 Java™ 6 Update 22 Java™ 6 Update 26 Java™ 6 Update 3 Java™ 6 Update 4 Java™ 6 Update 5 Java™ 6 Update 7 Junk Mail filter update Lexmark 2400 Series Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OpenOffice.org 3.3 Realtek High Definition Audio Driver Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell™ 1.0 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 11/20/2012 3:30:43 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001A4D64E23B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/19/2012 3:28:02 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450). 11/18/2012 12:29:55 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 11/16/2012 4:39:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 11/16/2012 4:39:43 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown. 11/16/2012 4:39:43 AM, error: Service Control Manager [7003] - The Telnet service depends on the following nonexistent service: NTLMSSP 11/16/2012 4:39:43 AM, error: Service Control Manager [7002] - The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started. 11/16/2012 4:38:13 AM, error: NetDDE [204] - Attempt to determine the number of Lanas failed. 11/16/2012 4:38:13 AM, error: NetDDE [12] - Initialization of "NDDENB32" DLL failed 11/16/2012 4:37:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/16/2012 12:54:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 11/15/2012 12:24:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 11/15/2012 10:37:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips MpFilter SBRE 11/15/2012 1:01:35 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. . ==== End Of File ===========================

I still cannot access the internet after removing Security Protection virus using Malwarebytes Anti-Malware. I've followed all the steps, including running the TDSSKiller, RKill, and MBam. I can't access the Windows Help files either. I use Windows XP SPF 3. I don't have the original XP CD, and I also don't know the key number. Pleaseeeeeee help.