Jump to content

lalaland5000

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by lalaland5000

  1. lalaland5000
    Ok - I've tested the machine for the past few days, and it seems like everything is back to normal. Thank you again for all your help, Kevin -- it's much appreciated!
  2. lalaland5000
    It seems pretty stable right now, but I haven't had much of a chance to really test it yet. I'll have time in the next day or two, and will report back. In the meantime, many thanks again for your help!
  3. lalaland5000
    The OTM results log: All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. C:\Documents and Settings\Wan\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Wan\Desktop\cmd.txt deleted successfully. C:\WINDOWS\system32\tgghskowsg.exe moved successfully. D:\software\unlocker1.9.0.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56475 bytes User: Wan ->Temp folder emptied: 5439191 bytes ->Temporary Internet Files folder emptied: 29124498 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 119906948 bytes ->Google Chrome cache emptied: 221523976 bytes ->Flash cache emptied: 1161048 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes ->Flash cache emptied: 434 bytes User: NetworkService ->Temp folder emptied: 1548902 bytes ->Temporary Internet Files folder emptied: 65670 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1701642 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 363.00 mb Restore point Set: OTM Restore Point OTM by OldTimer - Version 3.1.21.0 log created on 11272012_200926 Files moved on Reboot... File C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-6B-20FFC3D1-F96A-40f1-81FD-EA9C5847B465.lock not found! C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully. Registry entries deleted on Reboot... DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Wan at 20:18:01 on 2012-11-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.1969 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cobian Backup 11\cbVSCService11.exe C:\Program Files\EZ-Backup\EZ-Backup Manager\EzBackup.exe C:\WINDOWS\system32\HPSIsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\notepad.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\EZ-Backup\EZ-Backup Manager\ezbackupmanager.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTraffic Monitor\iTrafficMon.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe C:\WINDOWS\System32\M-AudioTaskBarIcon.exe C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Launchy\Launchy.exe C:\Documents and Settings\Wan\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/webhp?client=aff-ime BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: <No Name>: {FFFFFEF0-5B30-21D4-945D-000000000000} - c:\program files\star downloader\SDIEInt.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [EzBackup Manager] c:\program files\ez-backup\ez-backup manager\ezbackupmanager.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [iTraffic Monitor] c:\program files\itraffic monitor\iTrafficMon.exe mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe" mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Ai Quicker Help] "c:\program files\asus\asus dh remote\AsRc.exe" mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\Wan\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\Wan\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: &Clean Traces - <no file> IE: &Download with &DAP - <no file> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Download &all with DAP - <no file> IE: Download all with Free Download Manager - <no file> IE: Download selected with Free Download Manager - <no file> IE: Download video with Free Download Manager - <no file> IE: Download with Free Download Manager - <no file> IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346049785546 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab TCP: NameServer = 192.168.5.1 TCP: Interfaces\{26C26DE0-0E91-4DB6-AF5E-A239E12A4315} : DHCPNameServer = 192.168.5.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\Wan\application data\mozilla\firefox\profiles\yfswzluq.default\ FF - prefs.js: browser.startup.homepage - about:home . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 193552] R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-11-3 67584] R2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\ez-backup\ez-backup manager\EzBackup.exe [2010-5-30 1124352] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-8-28 99896] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-6-12 12184] R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-4-7 3857408] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-5 5554552] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-5 451960] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-9-11 103040] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-5 10752] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-30 1691480] S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-12-2 20328] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaii.sys --> c:\windows\system32\drivers\deltaII.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 42648] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 12184] S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-8-28 17408] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2012-3-18 176128] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-7-13 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-7-13 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-7-13 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-7-13 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-7-13 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-7-13 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-7-13 123504] S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-7-13 155344] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .txt: txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1" FileExt: .ini: Ini File=notepad.exe %1 . =============== Created Last 30 ================ . 2012-11-28 04:09:26 -------- d-----w- C:\_OTM 2012-11-27 06:09:50 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1054bc18-65d5-4bfb-84d9-092a02f2369d}\offreg.dll 2012-11-27 00:34:08 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1054bc18-65d5-4bfb-84d9-092a02f2369d}\mpengine.dll 2012-11-26 16:32:43 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-11-26 06:19:05 -------- d-----w- c:\program files\ESET 2012-11-26 00:37:02 -------- d-sha-r- C:\cmdcons 2012-11-26 00:35:24 98816 ----a-w- c:\windows\sed.exe 2012-11-26 00:35:24 256000 ----a-w- c:\windows\PEV.exe 2012-11-26 00:35:24 208896 ----a-w- c:\windows\MBR.exe 2012-11-24 23:12:42 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-11-24 22:53:56 1863682 ----a-w- C:\MGtools.exe 2012-11-24 19:44:49 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat 2012-11-24 19:44:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-24 18:55:34 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-11-24 18:55:25 -------- d-----w- c:\program files\TGF Interactive 2012-11-24 02:31:14 -------- d-----w- c:\documents and settings\Wan\local settings\application data\TX16Wx 2012-11-24 02:30:36 -------- d-----w- c:\program files\TX16Wx Software Sampler 2012-11-05 05:22:03 -------- d-----w- c:\documents and settings\Wan\application data\MetroTwit 2012-11-05 05:21:27 -------- d-----w- c:\documents and settings\Wan\local settings\application data\Deployment 2012-11-05 05:13:50 -------- d-----w- c:\documents and settings\Wan\application data\Jane 2012-11-03 20:00:58 -------- d-----w- c:\program files\Cobian Backup 11 . ==================== Find3M ==================== . 2012-11-25 04:25:14 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-25 04:25:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-17 08:00:07 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-09-17 08:00:06 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-09-01 20:20:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-01 20:20:31 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-31 05:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys . ============= FINISH: 20:18:26.56 =============== ATTACH.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/30/2010 11:08:47 AM System Uptime: 11/27/2012 8:11:11 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe Processor: Intel® Core2 CPU 6600 @ 2.40GHz | LGA 775 | 2404/266mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 50 GiB total, 4.521 GiB free. D: is FIXED (NTFS) - 546 GiB total, 65.481 GiB free. E: is Removable F: is Removable H: is Removable J: is FIXED (NTFS) - 932 GiB total, 65.963 GiB free. V: is CDROM () W: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter Device ID: USB\VID_0BDA&PID_8187\0015AF09B8F7 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter #2 PNP Device ID: USB\VID_0BDA&PID_8187\0015AF09B8F7 Service: RTLWUSB . ==== System Restore Points =================== . RP920: 11/19/2012 11:07:21 PM - Software Distribution Service 3.0 RP921: 11/21/2012 12:18:15 AM - System Checkpoint RP922: 11/21/2012 8:14:35 PM - Software Distribution Service 3.0 RP923: 11/22/2012 9:20:30 PM - System Checkpoint RP924: 11/23/2012 6:31:08 AM - Software Distribution Service 3.0 RP925: 11/23/2012 6:30:35 PM - Installed TX16Wx Software Sampler 2 (x86) RP926: 11/24/2012 10:49:16 AM - Software Distribution Service 3.0 RP927: 11/24/2012 11:07:09 AM - Revo Uninstaller's restore point - Genius Box RP928: 11/24/2012 11:07:40 AM - Removed Genius Box RP929: 11/24/2012 11:35:27 AM - Installed Java 7 Update 9 RP930: 11/25/2012 12:33:20 PM - System Checkpoint RP931: 11/26/2012 8:32:41 AM - Software Distribution Service 3.0 RP932: 11/26/2012 4:34:07 PM - Software Distribution Service 3.0 RP933: 11/27/2012 8:09:56 PM - OTM Restore Point . ==== Installed Programs ====================== . ??????? 2.6 µTorrent Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.2 - CPSID_83708 Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Audition 1.5 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Creative Suite 4 Master Collection Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Photoshop Elements 6.0 Adobe Premiere Pro CS4 Third Party Content Adobe Reader X (10.1.4) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Soundbooth CS4 Codecs Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Album Art Downloader XUI 0.44 Amazon MP3 Downloader 1.0.15 AMD Catalyst Install Manager Anki AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL ASUS DH Remote Audacity 1.3.12 (Unicode) Avidemux 2.5 (32-bit) Bamboo Belarc Advisor 8.1 Bonjour Cantabile 2.0 Lite Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CDBurnerXP CDisplayEx 1.8 CKRename ClearType Tuning Control Panel Applet Cobian Backup 11 Gravity Collab Connect Corel WinDVD 9 CPUID CPU-Z 1.59 daHornet Version 1.34 DarkWave Studio 3.7.8 Data Lifeguard Diagnostic for Windows 1.21 Debugging Tools for Windows (x86) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Defraggler Delta discoDSP HighLife v1.4 Dropbox DSP/FX v6.2a Duplicate Cleaner 2.1b DVD43 v4.6.0 eReg ESET Online Scanner v3 Exact Audio Copy 0.99pb5 EyeDefender 1.08 EZ-Backup Manager FileZilla Client 3.5.3 FL Studio 8 FLAC 1.2.1b (remove only) foobar2000 v1.1.13 FreeFileSync v3.8 GEAR driver installer for x86 and x64 GetDiz GetDiz 4.5 Google Chrome Google Earth Plug-in Google Talk Plugin Google Update Helper HammerHead Rhythm Station Handbrake 0.9.4 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Deskjet 3050 J610 series Basic Device Software HP Deskjet 3050 J610 series Help HP LaserJet Professional P1100-P1560-P1600 Series IL Download Manager Image Resizer Powertoy for Windows XP Imgur Uploader inSSIDer IsoBuster 2.8 iTraffic Monitor v1.0 iTunes Java 7 Update 9 Java Auto Updater JavaFX 2.1.0 JMicron JMB36X Driver Just Great Software EditPad Lite 6.6.3 KeePass Password Safe 2.20.1 kuler LameXP Launchy 2.5 Live 8.1 Logitech SetPoint 6.32 Malwarebytes Anti-Malware version 1.65.1.1000 Marvell Miniport Driver microKORG SoundEditor Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 7.1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2010 Language Pack Service Pack 1 (SP1) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Visio 2010 Microsoft Office Visio MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visio 2010 Service Pack 1 (SP1) Microsoft Visio Professional 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Windows SDK for Windows 7 (7.1) MiniTool Power Data Recovery Miro Mozilla Firefox 17.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 12.0.1 (x86 en-US) Mp3tag v2.51 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MultiPar version 1.2.0.5 MusicBee 2.0 MyPhoneExplorer Native Instruments Controller Editor Native Instruments Guitar Rig 5 Native Instruments Guitar Rig Mobile I/O Native Instruments Guitar Rig Session I/O Native Instruments Kontakt 4 Native Instruments Kontakt Factory Selection Native Instruments Rig Kontrol 3 Native Instruments Service Center NetSpeedMonitor 2.5.4.0 x86 Network Stumbler 0.4.0 (remove only) NexusFont 2.5 (ver 2.5.7.1562) Octoshape add-in for Adobe Flash Player PC Probe II PC Wizard 2010.1.96 PDF Settings CS4 PDFCreator PdfMerge Pegtop PMeter Photoshop Camera Raw Picasa 3 PicPick Pixel Bender Toolkit PoiZone Poladroid PowerISO Quicken 2011 QuickPar 0.9 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 REAPER ReBirth RB-338 2.0 Recuva Revo Uninstaller 1.94 rgc:audio sfz VSTi v1.96 rgc:audio sfz+ VSTi v1.01 SABnzbd 0.6.15 SeaTools for Windows Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) sfArk shortcircuit Shred 1.06 Skype Toolbars Skype™ 5.10 Sony Ericsson PC Companion 2.01.210 Speccy SpeedFan (remove only) Spotify Spybot - Search & Destroy Star Downloader Free Studio Devil BVC 1.2 Studio Units version 1.1.2 Suite Shared Configuration CS4 SyncToy 2.1 (x86) TagScanner 5.1.612 Toxic Biohazard TreeComp 4.0 b14 TreeSize Free V2.7 TubeOhm Alpha-Ray TurboTax 2010 TurboTax 2010 wcaiper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 wcaiper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Tweak UI TweetDeck TX16Wx Software Sampler 2 (x86) Unlocker 1.9.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB980182) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 2.0.4 WD Align - Powered by Acronis WebFldrs XP WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin Winamp Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 WinPcap 4.1.2 WinRAR archiver Wireshark 1.6.4 Wunderlist XnView 1.99 Yahoo Message Archive Decoder 4.5 Yahoo! Detect Zen 1.6.6 Zune Desktop Theme . ==== Event Viewer Messages From Past Week ======== . 11/27/2012 9:21:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TouchServicePen service. 11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The NIHardwareService service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Wacom Consumer Touch Service service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Cobian Backup 11 Volume Shadow Copy Requester service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V6 service terminated unexpectedly. It has done this 1 time(s). 11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The HP SI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/25/2012 6:08:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.373.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800704c7 Error description: The operation was canceled by the user. 11/25/2012 4:43:55 PM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal. 11/25/2012 4:40:09 PM, error: Service Control Manager [7034] - The EZ-Backup Manager service terminated unexpectedly. It has done this 1 time(s). 11/24/2012 3:57:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/24/2012 3:12:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 11/24/2012 3:09:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO BANTExt Fips intelppm Lbd MpFilter SCDEmu 11/24/2012 3:08:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/24/2012 11:59:35 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 11/24/2012 11:25:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd . ==== End Of File ===========================
  4. lalaland5000
    Ok, I ran the ESET Online Scanner, and this is what it turned up (I did as instructed, and did not allow the scanner to delete any files): C:\WINDOWS\system32\tgghskowsg.exe Win32/Adware.RON.FSV application D:\software\unlocker1.9.0.exe Win32/Adware.ADON application
  5. lalaland5000
    Hi - thanks again for your help! Ok, last night I did uninstall Infoatoms -- I certainly don't remember installing it, so it may have piggybacked on some other software. In any case, it's gone, and afterwards things seemed more or less back to normal. Just to be safe, however, I followed your latest instructions and ran Systemlook with the code you supplied, and then I ran Combofix (after first disabling Microsoft Security Essentials, Spybot Search and Destroy, and the Windows Firewall). Combofix did not reboot the computer, which I suppose means it didn't find any rootkits? Both logs follow: SystemLook 30.07.11 by jpshortstuff Log created at 10:08 on 25/11/2012 by Han Administrator - Elevation successful ========== filefind ========== Searching for "infoatomsclientie.dll" No files found. -= EOF =- ComboFix 12-11-25.01 - Wan 11/25/2012 16:40:17.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2540 [GMT -8:00] Running from: c:\documents and settings\Wan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\100 c:\documents and settings\All Users\Application Data\69277E4D9E.sys c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Wan\g2mdlhlpx.exe c:\documents and settings\Wan\Start Menu\Programs\1by1.lnk c:\documents and settings\Wan\WINDOWS C:\Documents c:\program files\tcpview\tcpview.exe c:\windows\system\Color c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\PowerToyReadme.htm c:\windows\system32\SET628.tmp c:\windows\system32\SET62D.tmp . . ((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 ))))))))))))))))))))))))))))))) . . 2012-11-24 23:12 . 2012-11-24 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-11-24 22:53 . 2012-11-24 22:53 1863682 ----a-w- C:\MGtools.exe 2012-11-24 19:44 . 2012-11-24 19:44 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat 2012-11-24 19:44 . 2012-09-25 07:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-24 18:55 . 2012-11-24 19:08 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-11-24 18:55 . 2012-11-24 19:12 -------- d-----w- c:\program files\TGF Interactive 2012-11-24 18:49 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F138628-6521-43E6-B0CE-D04CAF664B9F}\mpengine.dll 2012-11-24 02:31 . 2012-11-24 02:31 -------- d-----w- c:\documents and settings\Wan\Local Settings\Application Data\TX16Wx 2012-11-24 02:30 . 2012-11-24 02:30 -------- d-----w- c:\program files\TX16Wx Software Sampler 2012-11-23 14:31 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-09 16:21 . 2012-11-24 19:22 -------- d-----w- c:\documents and settings\Wan\Application Data\vlc 2012-11-05 05:22 . 2012-11-05 07:47 -------- d-----w- c:\documents and settings\Wan\Application Data\MetroTwit 2012-11-05 05:21 . 2012-11-05 07:45 -------- d-----w- c:\documents and settings\Wan\Local Settings\Application Data\Deployment 2012-11-05 05:13 . 2012-11-05 05:17 -------- d-----w- c:\documents and settings\Wan\Application Data\Jane 2012-11-03 20:00 . 2012-11-03 20:01 -------- d-----w- c:\program files\Cobian Backup 11 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-25 04:25 . 2012-09-20 06:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-25 04:25 . 2012-09-20 06:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-22 08:37 . 2008-04-14 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-09-30 03:54 . 2010-05-31 05:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-17 08:00 . 2004-04-05 17:31 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-09-17 08:00 . 2004-04-05 17:31 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-09-01 20:20 . 2012-05-27 21:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-01 20:20 . 2010-07-29 05:36 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-31 05:03 . 2010-10-25 05:25 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:14 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2008-04-14 12:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec 2012-10-14 10:44 . 2012-10-14 10:42 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-05-30 . CEF67ED9075EAB03094E2BAA51696EC9 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2010-05-01 19523616] "EzBackup Manager"="c:\program files\EZ-Backup\EZ-Backup Manager\ezbackupmanager.exe" [2006-08-16 1902080] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256] "iTraffic Monitor"="c:\program files\iTraffic Monitor\iTrafficMon.exe" [2009-04-22 942080] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2011-12-25 1377848] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-10 3165696] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 98304] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\Wan\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Wan\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-7-3 380928] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 01000000 "NoSMMyPictures"= 01000000 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ GOOGLEPINYIN2.IME . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2012-07-30 22:02 640480 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2012-07-31 11:19 41944 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43] 2009-10-24 03:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-05-18 16:01 932528 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-09-17 08:00 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Documents and Settings\\Wan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Documents and Settings\\Wan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\HP\\HP LaserJet P1100 Series\\wificonfig.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Java\\jre7\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Documents and Settings\\Wan\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port "427:TCP"= 427:TCP:Advanced TCP/IP SLP Port "161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [11/3/2012 12:00 PM 67584] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [8/28/2010 9:55 AM 99896] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 3:25 PM 13672] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/12/2010 8:08 AM 12184] R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/7/2011 7:33 AM 3857408] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 9:07 AM 35088] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032] R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [11/5/2011 2:55 PM 5554552] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [11/5/2011 2:56 PM 451960] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/11/2012 8:33 PM 103040] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/5/2011 2:56 PM 10752] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EZ-Backup\EZ-Backup Manager\EzBackup.exe [5/30/2010 11:35 AM 1124352] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/30/2010 11:19 AM 1691480] S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [12/2/2011 12:17 PM 20328] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\deltaII.sys --> c:\windows\system32\DRIVERS\deltaII.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 1:01 AM 42648] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 1:01 AM 12184] S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [8/28/2010 9:55 AM 17408] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [3/18/2012 12:30 PM 176128] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [7/13/2011 9:02 PM 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [7/13/2011 9:02 PM 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [7/13/2011 9:02 PM 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [7/13/2011 9:02 PM 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [7/13/2011 9:02 PM 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [7/13/2011 9:02 PM 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [7/13/2011 9:02 PM 123504] S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7/13/2011 9:01 PM 155344] . Contents of the 'Scheduled Tasks' folder . 2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 04:25] . 2012-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:52] . 2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:52] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-115176313-1177238915-1003Core.job - c:\documents and settings\Wan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 05:47] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-115176313-1177238915-1003UA.job - c:\documents and settings\Wan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 05:47] . 2012-11-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25] . 2012-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-115176313-1177238915-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . 2012-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-115176313-1177238915-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . 2012-11-26 c:\windows\Tasks\User_Feed_Synchronization-{B1955055-9F23-4E8E-BFB5-E62C91B44324}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/webhp?client=aff-ime uInternet Settings,ProxyOverride = *.local IE: &Clean Traces IE: &Download with &DAP IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download &all with DAP IE: Download all with Free Download Manager IE: Download selected with Free Download Manager IE: Download video with Free Download Manager IE: Download with Free Download Manager IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.5.1 FF - ProfilePath - c:\documents and settings\Wan\Application Data\Mozilla\Firefox\Profiles\yfswzluq.default\ FF - prefs.js: browser.startup.homepage - about:home . . ------- File Associations ------- . txtfile="c:\program files\JGsoft\EditPadLite\EditPadLite.exe" "%1" . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-25 16:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1016) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2012-11-25 16:45:47 ComboFix-quarantined-files.txt 2012-11-26 00:45 . Pre-Run: 4,409,925,632 bytes free Post-Run: 4,922,867,712 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 177AEFFA15F78F792A0E2DEB25CCE2AA
  6. lalaland5000
    Ok, I d/l'ed and ran Adwcleaner and it found and deleted a few things. Then I ran Malwarebytes, and it didn't detect anything. I seem to still be having some problems, one of which is that Windows Explorer consistently crashes (and often taking the whole computer with it) when I try to open it. It doesn't crash in Safe Mode, though. The crash report for Windows Explorer says: AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: infoatomsclientie.dll ModVer: 1.4.0.0 Offset: 0000664b Interestingly, infoatoms was one of the Chrome extensions I disabled earlier today, thinking that it was part of the problem. Here is the Adwcleaner log: # AdwCleaner v2.009 - Logfile created 11/24/2012 at 17:41:05 # Updated 24/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Wan - NEWGRONKER # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\wan\Desktop\malware killers\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate Folder Deleted : C:\Documents and Settings\wan\Local Settings\Application Data\APN ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0 (en-US) Profile name : default File : C:\Documents and Settings\wan\Application Data\Mozilla\Firefox\Profiles\yfswzluq.default\prefs.js Deleted : user_pref("extensions.efwbjkbewre83sfr3.scode", "(function(){var bdomains={\"search.babylon.com\":1,[...] -\\ Google Chrome v23.0.1271.64 File : C:\Documents and Settings\wan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1352 octets] - [24/11/2012 17:39:34] AdwCleaner[s1].txt - [1291 octets] - [24/11/2012 17:41:05] ########## EOF - C:\AdwCleaner[s1].txt - [1351 octets] ########## And here's the Malwarebytes log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.24.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Wan :: NEWGRONKER [administrator] 11/24/2012 5:49:25 PM mbam-log-2012-11-24 (17-49-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 242196 Time elapsed: 4 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. lalaland5000
    Hi - I didn't actually delete anything the first time I ran RogueKiller, but this time I did: RogueKiller V8.3.1 [Nov 23 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Safe mode with network support User : Wan [Admin rights] Mode : Remove -- Date : 11/24/2012 16:56:58 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> DELETED [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-00A7B2 +++++ --- User --- [MBR] 9fff0dbc2e60d99879b3ee51435b2a9a [bSP] 0b0b56354fe5426ad815a1a754ea4880 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51191 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104840190 | Size: 559286 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EACS-00C7B0 +++++ --- User --- [MBR] 6cc990afca0b7be59f982cf455519016 [bSP] 7a364af20b3c83fded490ae0f5b56ab7 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: Patriot Memory USB Device +++++ --- User --- [MBR] 6cdeb9b2eb2e69df7333f2da266e2984 [bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3]_D_11242012_02d1656.txt >> RKreport[1]_S_11242012_02d1509.txt ; RKreport[2]_S_11242012_02d1619.txt ; RKreport[3]_D_11242012_02d1656.txt
  8. lalaland5000
    Thanks for the quick reply! Pasting the 2nd RogueKiller scan report below. I should also mention that the first time it ran, it quarantined some files into a folder on my desktop (quarantine report pasted below as well). RogueKiller V8.3.1 [Nov 23 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Safe mode with network support User : Wan [Admin rights] Mode : Scan -- Date : 11/24/2012 16:19:58 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-00A7B2 +++++ --- User --- [MBR] 9fff0dbc2e60d99879b3ee51435b2a9a [bSP] 0b0b56354fe5426ad815a1a754ea4880 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51191 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104840190 | Size: 559286 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EACS-00C7B0 +++++ --- User --- [MBR] 6cc990afca0b7be59f982cf455519016 [bSP] 7a364af20b3c83fded490ae0f5b56ab7 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: Patriot Memory USB Device +++++ --- User --- [MBR] 6cdeb9b2eb2e69df7333f2da266e2984 [bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_S_11242012_02d1619.txt >> RKreport[1]_S_11242012_02d1509.txt ; RKreport[2]_S_11242012_02d1619.txt Quarantine report from the FIRST RogueKiller scan: Time : 24/11/2012 15:09:34 -------------------------- [61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys [61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys Time : 24/11/2012 16:19:58 -------------------------- [61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys [61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys
  9. lalaland5000
    Hi, I first noticed something wrong this morning when I clicked on a link on a page on amazon.com and my browser (Chrome) took me to a different page altogether. Then my computer started slowing down, and now I can't even get it to run unless I'm in safe mode. I ran malwarebytes and it found: Files Detected: 1 C:\Documents and Settings\Wan\Local Settings\Temporary Internet Files\Content.IE5\YMHN6HBS\MyPhoneExplorer_v2_5185[1].exe (Riskware.InstallMonetizer) -> Quarantined and deleted successfully. But the problems persisted, and seemed to get worse. Based on advice from a different site, I then downloaded and ran RogueKiller and TDSSkiller. Finally, I came across this site, and followed the instructions as best as I could for DDS. The logs for all of the above scans are attached to this message. Please let me know how to best proceed, and thank you so much in advance for your help! attach.txt dds.txt mbam-log-2012-11-24 (11-46-27).txt RKreport1_S_11242012_02d1509.txt TDSSKiller report.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.