lalaland5000
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by lalaland5000
-
-
It seems pretty stable right now, but I haven't had much of a chance to really test it yet. I'll have time in the next day or two, and will report back. In the meantime, many thanks again for your help!
-
The OTM results log:
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Wan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Wan\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\system32\tgghskowsg.exe moved successfully.
D:\software\unlocker1.9.0.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Wan
->Temp folder emptied: 5439191 bytes
->Temporary Internet Files folder emptied: 29124498 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 119906948 bytes
->Google Chrome cache emptied: 221523976 bytes
->Flash cache emptied: 1161048 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 434 bytes
User: NetworkService
->Temp folder emptied: 1548902 bytes
->Temporary Internet Files folder emptied: 65670 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1701642 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 363.00 mb
Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.21.0 log created on 11272012_200926
Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-6B-20FFC3D1-F96A-40f1-81FD-EA9C5847B465.lock not found!
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.
Registry entries deleted on Reboot...
DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Wan at 20:18:01 on 2012-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.1969 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\EZ-Backup\EZ-Backup Manager\EzBackup.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EZ-Backup\EZ-Backup Manager\ezbackupmanager.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTraffic Monitor\iTrafficMon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launchy\Launchy.exe
C:\Documents and Settings\Wan\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?client=aff-ime
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: <No Name>: {FFFFFEF0-5B30-21D4-945D-000000000000} - c:\program files\star downloader\SDIEInt.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EzBackup Manager] c:\program files\ez-backup\ez-backup manager\ezbackupmanager.exe
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTraffic Monitor] c:\program files\itraffic monitor\iTrafficMon.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Ai Quicker Help] "c:\program files\asus\asus dh remote\AsRc.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\Wan\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\Wan\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Clean Traces - <no file>
IE: &Download with &DAP - <no file>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - <no file>
IE: Download all with Free Download Manager - <no file>
IE: Download selected with Free Download Manager - <no file>
IE: Download video with Free Download Manager - <no file>
IE: Download with Free Download Manager - <no file>
IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346049785546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{26C26DE0-0E91-4DB6-AF5E-A239E12A4315} : DHCPNameServer = 192.168.5.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Wan\application data\mozilla\firefox\profiles\yfswzluq.default\
FF - prefs.js: browser.startup.homepage - about:home
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 193552]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-11-3 67584]
R2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\ez-backup\ez-backup manager\EzBackup.exe [2010-5-30 1124352]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-8-28 99896]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-6-12 12184]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-4-7 3857408]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-5 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-5 451960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-9-11 103040]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-5 10752]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-30 1691480]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-12-2 20328]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaii.sys --> c:\windows\system32\drivers\deltaII.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 12184]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-8-28 17408]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2012-3-18 176128]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-7-13 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-7-13 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-7-13 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-7-13 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-7-13 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-7-13 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-7-13 123504]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-7-13 155344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"
FileExt: .ini: Ini File=notepad.exe %1
.
=============== Created Last 30 ================
.
2012-11-28 04:09:26 -------- d-----w- C:\_OTM
2012-11-27 06:09:50 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1054bc18-65d5-4bfb-84d9-092a02f2369d}\offreg.dll
2012-11-27 00:34:08 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1054bc18-65d5-4bfb-84d9-092a02f2369d}\mpengine.dll
2012-11-26 16:32:43 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-26 06:19:05 -------- d-----w- c:\program files\ESET
2012-11-26 00:37:02 -------- d-sha-r- C:\cmdcons
2012-11-26 00:35:24 98816 ----a-w- c:\windows\sed.exe
2012-11-26 00:35:24 256000 ----a-w- c:\windows\PEV.exe
2012-11-26 00:35:24 208896 ----a-w- c:\windows\MBR.exe
2012-11-24 23:12:42 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-11-24 22:53:56 1863682 ----a-w- C:\MGtools.exe
2012-11-24 19:44:49 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-11-24 19:44:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-24 18:55:34 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-11-24 18:55:25 -------- d-----w- c:\program files\TGF Interactive
2012-11-24 02:31:14 -------- d-----w- c:\documents and settings\Wan\local settings\application data\TX16Wx
2012-11-24 02:30:36 -------- d-----w- c:\program files\TX16Wx Software Sampler
2012-11-05 05:22:03 -------- d-----w- c:\documents and settings\Wan\application data\MetroTwit
2012-11-05 05:21:27 -------- d-----w- c:\documents and settings\Wan\local settings\application data\Deployment
2012-11-05 05:13:50 -------- d-----w- c:\documents and settings\Wan\application data\Jane
2012-11-03 20:00:58 -------- d-----w- c:\program files\Cobian Backup 11
.
==================== Find3M ====================
.
2012-11-25 04:25:14 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-25 04:25:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 08:00:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-17 08:00:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-01 20:20:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 20:20:31 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 05:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 20:18:26.56 ===============
ATTACH.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/30/2010 11:08:47 AM
System Uptime: 11/27/2012 8:11:11 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe
Processor: Intel® Core2 CPU 6600 @ 2.40GHz | LGA 775 | 2404/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 50 GiB total, 4.521 GiB free.
D: is FIXED (NTFS) - 546 GiB total, 65.481 GiB free.
E: is Removable
F: is Removable
H: is Removable
J: is FIXED (NTFS) - 932 GiB total, 65.963 GiB free.
V: is CDROM ()
W: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF09B8F7
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter #2
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF09B8F7
Service: RTLWUSB
.
==== System Restore Points ===================
.
RP920: 11/19/2012 11:07:21 PM - Software Distribution Service 3.0
RP921: 11/21/2012 12:18:15 AM - System Checkpoint
RP922: 11/21/2012 8:14:35 PM - Software Distribution Service 3.0
RP923: 11/22/2012 9:20:30 PM - System Checkpoint
RP924: 11/23/2012 6:31:08 AM - Software Distribution Service 3.0
RP925: 11/23/2012 6:30:35 PM - Installed TX16Wx Software Sampler 2 (x86)
RP926: 11/24/2012 10:49:16 AM - Software Distribution Service 3.0
RP927: 11/24/2012 11:07:09 AM - Revo Uninstaller's restore point - Genius Box
RP928: 11/24/2012 11:07:40 AM - Removed Genius Box
RP929: 11/24/2012 11:35:27 AM - Installed Java 7 Update 9
RP930: 11/25/2012 12:33:20 PM - System Checkpoint
RP931: 11/26/2012 8:32:41 AM - Software Distribution Service 3.0
RP932: 11/26/2012 4:34:07 PM - Software Distribution Service 3.0
RP933: 11/27/2012 8:09:56 PM - OTM Restore Point
.
==== Installed Programs ======================
.
??????? 2.6
µTorrent
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 1.5
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Elements 6.0
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.4)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Album Art Downloader XUI 0.44
Amazon MP3 Downloader 1.0.15
AMD Catalyst Install Manager
Anki
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ASUS DH Remote
Audacity 1.3.12 (Unicode)
Avidemux 2.5 (32-bit)
Bamboo
Belarc Advisor 8.1
Bonjour
Cantabile 2.0 Lite
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
CDisplayEx 1.8
CKRename
ClearType Tuning Control Panel Applet
Cobian Backup 11 Gravity
Collab
Connect
Corel WinDVD 9
CPUID CPU-Z 1.59
daHornet Version 1.34
DarkWave Studio 3.7.8
Data Lifeguard Diagnostic for Windows 1.21
Debugging Tools for Windows (x86)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Delta
discoDSP HighLife v1.4
Dropbox
DSP/FX v6.2a
Duplicate Cleaner 2.1b
DVD43 v4.6.0
eReg
ESET Online Scanner v3
Exact Audio Copy 0.99pb5
EyeDefender 1.08
EZ-Backup Manager
FileZilla Client 3.5.3
FL Studio 8
FLAC 1.2.1b (remove only)
foobar2000 v1.1.13
FreeFileSync v3.8
GEAR driver installer for x86 and x64
GetDiz
GetDiz 4.5
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
HammerHead Rhythm Station
Handbrake 0.9.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP LaserJet Professional P1100-P1560-P1600 Series
IL Download Manager
Image Resizer Powertoy for Windows XP
Imgur Uploader
inSSIDer
IsoBuster 2.8
iTraffic Monitor v1.0
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.0
JMicron JMB36X Driver
Just Great Software EditPad Lite 6.6.3
KeePass Password Safe 2.20.1
kuler
LameXP
Launchy 2.5
Live 8.1
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.65.1.1000
Marvell Miniport Driver
microKORG SoundEditor
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows SDK for Windows 7 (7.1)
MiniTool Power Data Recovery
Miro
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 en-US)
Mp3tag v2.51
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiPar version 1.2.0.5
MusicBee 2.0
MyPhoneExplorer
Native Instruments Controller Editor
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig Mobile I/O
Native Instruments Guitar Rig Session I/O
Native Instruments Kontakt 4
Native Instruments Kontakt Factory Selection
Native Instruments Rig Kontrol 3
Native Instruments Service Center
NetSpeedMonitor 2.5.4.0 x86
Network Stumbler 0.4.0 (remove only)
NexusFont 2.5 (ver 2.5.7.1562)
Octoshape add-in for Adobe Flash Player
PC Probe II
PC Wizard 2010.1.96
PDF Settings CS4
PDFCreator
PdfMerge
Pegtop PMeter
Photoshop Camera Raw
Picasa 3
PicPick
Pixel Bender Toolkit
PoiZone
Poladroid
PowerISO
Quicken 2011
QuickPar 0.9
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
REAPER
ReBirth RB-338 2.0
Recuva
Revo Uninstaller 1.94
rgc:audio sfz VSTi v1.96
rgc:audio sfz+ VSTi v1.01
SABnzbd 0.6.15
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
sfArk
shortcircuit
Shred 1.06
Skype Toolbars
Skype™ 5.10
Sony Ericsson PC Companion 2.01.210
Speccy
SpeedFan (remove only)
Spotify
Spybot - Search & Destroy
Star Downloader Free
Studio Devil BVC 1.2
Studio Units version 1.1.2
Suite Shared Configuration CS4
SyncToy 2.1 (x86)
TagScanner 5.1.612
Toxic Biohazard
TreeComp 4.0 b14
TreeSize Free V2.7
TubeOhm Alpha-Ray
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Tweak UI
TweetDeck
TX16Wx Software Sampler 2 (x86)
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.4
WD Align - Powered by Acronis
WebFldrs XP
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.6.4
Wunderlist
XnView 1.99
Yahoo Message Archive Decoder 4.5
Yahoo! Detect
Zen 1.6.6
Zune Desktop Theme
.
==== Event Viewer Messages From Past Week ========
.
11/27/2012 9:21:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TouchServicePen service.
11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The NIHardwareService service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Wacom Consumer Touch Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Cobian Backup 11 Volume Shadow Copy Requester service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V6 service terminated unexpectedly. It has done this 1 time(s).
11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The HP SI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/25/2012 6:08:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.373.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.
11/25/2012 4:43:55 PM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
11/25/2012 4:40:09 PM, error: Service Control Manager [7034] - The EZ-Backup Manager service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 3:57:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/24/2012 3:12:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/24/2012 3:09:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO BANTExt Fips intelppm Lbd MpFilter SCDEmu
11/24/2012 3:08:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/24/2012 11:59:35 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/24/2012 11:25:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
.
==== End Of File ===========================
-
Ok, I ran the ESET Online Scanner, and this is what it turned up (I did as instructed, and did not allow the scanner to delete any files):
C:\WINDOWS\system32\tgghskowsg.exe Win32/Adware.RON.FSV application
D:\software\unlocker1.9.0.exe Win32/Adware.ADON application
-
Hi - thanks again for your help!
Ok, last night I did uninstall Infoatoms -- I certainly don't remember installing it, so it may have piggybacked on some other software. In any case, it's gone, and afterwards things seemed more or less back to normal. Just to be safe, however, I followed your latest instructions and ran Systemlook with the code you supplied, and then I ran Combofix (after first disabling Microsoft Security Essentials, Spybot Search and Destroy, and the Windows Firewall). Combofix did not reboot the computer, which I suppose means it didn't find any rootkits? Both logs follow:
SystemLook 30.07.11 by jpshortstuff
Log created at 10:08 on 25/11/2012 by Han
Administrator - Elevation successful
========== filefind ==========
Searching for "infoatomsclientie.dll"
No files found.
-= EOF =-
ComboFix 12-11-25.01 - Wan 11/25/2012 16:40:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2540 [GMT -8:00]
Running from: c:\documents and settings\Wan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\100
c:\documents and settings\All Users\Application Data\69277E4D9E.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Wan\g2mdlhlpx.exe
c:\documents and settings\Wan\Start Menu\Programs\1by1.lnk
c:\documents and settings\Wan\WINDOWS
C:\Documents
c:\program files\tcpview\tcpview.exe
c:\windows\system\Color
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET628.tmp
c:\windows\system32\SET62D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-24 23:12 . 2012-11-24 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-11-24 22:53 . 2012-11-24 22:53 1863682 ----a-w- C:\MGtools.exe
2012-11-24 19:44 . 2012-11-24 19:44 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-11-24 19:44 . 2012-09-25 07:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-24 18:55 . 2012-11-24 19:08 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-11-24 18:55 . 2012-11-24 19:12 -------- d-----w- c:\program files\TGF Interactive
2012-11-24 18:49 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F138628-6521-43E6-B0CE-D04CAF664B9F}\mpengine.dll
2012-11-24 02:31 . 2012-11-24 02:31 -------- d-----w- c:\documents and settings\Wan\Local Settings\Application Data\TX16Wx
2012-11-24 02:30 . 2012-11-24 02:30 -------- d-----w- c:\program files\TX16Wx Software Sampler
2012-11-23 14:31 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-09 16:21 . 2012-11-24 19:22 -------- d-----w- c:\documents and settings\Wan\Application Data\vlc
2012-11-05 05:22 . 2012-11-05 07:47 -------- d-----w- c:\documents and settings\Wan\Application Data\MetroTwit
2012-11-05 05:21 . 2012-11-05 07:45 -------- d-----w- c:\documents and settings\Wan\Local Settings\Application Data\Deployment
2012-11-05 05:13 . 2012-11-05 05:17 -------- d-----w- c:\documents and settings\Wan\Application Data\Jane
2012-11-03 20:00 . 2012-11-03 20:01 -------- d-----w- c:\program files\Cobian Backup 11
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 04:25 . 2012-09-20 06:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-25 04:25 . 2012-09-20 06:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:37 . 2008-04-14 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-09-30 03:54 . 2010-05-31 05:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 08:00 . 2004-04-05 17:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-17 08:00 . 2004-04-05 17:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-01 20:20 . 2012-05-27 21:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 20:20 . 2010-07-29 05:36 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 05:03 . 2010-10-25 05:25 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec
2012-10-14 10:44 . 2012-10-14 10:42 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-30 . CEF67ED9075EAB03094E2BAA51696EC9 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-05-01 19523616]
"EzBackup Manager"="c:\program files\EZ-Backup\EZ-Backup Manager\ezbackupmanager.exe" [2006-08-16 1902080]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"iTraffic Monitor"="c:\program files\iTraffic Monitor\iTrafficMon.exe" [2009-04-22 942080]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2011-12-25 1377848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-10 3165696]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Wan\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Wan\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-7-3 380928]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-07-30 22:02 640480 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-07-31 11:19 41944 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 03:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-18 16:01 932528 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-17 08:00 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Wan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Wan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\HP\\HP LaserJet P1100 Series\\wificonfig.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Wan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [11/3/2012 12:00 PM 67584]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [8/28/2010 9:55 AM 99896]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 3:25 PM 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/12/2010 8:08 AM 12184]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/7/2011 7:33 AM 3857408]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 9:07 AM 35088]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [11/5/2011 2:55 PM 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [11/5/2011 2:56 PM 451960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/11/2012 8:33 PM 103040]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/5/2011 2:56 PM 10752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EZ-Backup\EZ-Backup Manager\EzBackup.exe [5/30/2010 11:35 AM 1124352]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/30/2010 11:19 AM 1691480]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [12/2/2011 12:17 PM 20328]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\deltaII.sys --> c:\windows\system32\DRIVERS\deltaII.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 1:01 AM 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 1:01 AM 12184]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [8/28/2010 9:55 AM 17408]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [3/18/2012 12:30 PM 176128]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [7/13/2011 9:02 PM 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [7/13/2011 9:02 PM 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [7/13/2011 9:02 PM 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [7/13/2011 9:02 PM 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [7/13/2011 9:02 PM 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [7/13/2011 9:02 PM 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [7/13/2011 9:02 PM 123504]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7/13/2011 9:01 PM 155344]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 04:25]
.
2012-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:52]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:52]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-115176313-1177238915-1003Core.job
- c:\documents and settings\Wan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 05:47]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-115176313-1177238915-1003UA.job
- c:\documents and settings\Wan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 05:47]
.
2012-11-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25]
.
2012-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-115176313-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2012-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-115176313-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2012-11-26 c:\windows\Tasks\User_Feed_Synchronization-{B1955055-9F23-4E8E-BFB5-E62C91B44324}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?client=aff-ime
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces
IE: &Download with &DAP
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager
IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\documents and settings\Wan\Application Data\Mozilla\Firefox\Profiles\yfswzluq.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
------- File Associations -------
.
txtfile="c:\program files\JGsoft\EditPadLite\EditPadLite.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-25 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-11-25 16:45:47
ComboFix-quarantined-files.txt 2012-11-26 00:45
.
Pre-Run: 4,409,925,632 bytes free
Post-Run: 4,922,867,712 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 177AEFFA15F78F792A0E2DEB25CCE2AA
-
Ok, I d/l'ed and ran Adwcleaner and it found and deleted a few things. Then I ran Malwarebytes, and it didn't detect anything. I seem to still be having some problems, one of which is that Windows Explorer consistently crashes (and often taking the whole computer with it) when I try to open it. It doesn't crash in Safe Mode, though. The crash report for Windows Explorer says:
AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: infoatomsclientie.dll
ModVer: 1.4.0.0 Offset: 0000664b
Interestingly, infoatoms was one of the Chrome extensions I disabled earlier today, thinking that it was part of the problem.
Here is the Adwcleaner log:
# AdwCleaner v2.009 - Logfile created 11/24/2012 at 17:41:05
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Wan - NEWGRONKER
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\wan\Desktop\malware killers\AdwCleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\wan\Local Settings\Application Data\APN
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0 (en-US)
Profile name : default
File : C:\Documents and Settings\wan\Application Data\Mozilla\Firefox\Profiles\yfswzluq.default\prefs.js
Deleted : user_pref("extensions.efwbjkbewre83sfr3.scode", "(function(){var bdomains={\"search.babylon.com\":1,[...]
-\\ Google Chrome v23.0.1271.64
File : C:\Documents and Settings\wan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1352 octets] - [24/11/2012 17:39:34]
AdwCleaner[s1].txt - [1291 octets] - [24/11/2012 17:41:05]
########## EOF - C:\AdwCleaner[s1].txt - [1351 octets] ##########
And here's the Malwarebytes log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.24.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wan :: NEWGRONKER [administrator]
11/24/2012 5:49:25 PM
mbam-log-2012-11-24 (17-49-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242196
Time elapsed: 4 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hi - I didn't actually delete anything the first time I ran RogueKiller, but this time I did:
RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Wan [Admin rights]
Mode : Remove -- Date : 11/24/2012 16:56:58
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> DELETED
[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-00A7B2 +++++
--- User ---
[MBR] 9fff0dbc2e60d99879b3ee51435b2a9a
[bSP] 0b0b56354fe5426ad815a1a754ea4880 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51191 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104840190 | Size: 559286 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD10EACS-00C7B0 +++++
--- User ---
[MBR] 6cc990afca0b7be59f982cf455519016
[bSP] 7a364af20b3c83fded490ae0f5b56ab7 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive4: Patriot Memory USB Device +++++
--- User ---
[MBR] 6cdeb9b2eb2e69df7333f2da266e2984
[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[3]_D_11242012_02d1656.txt >>
RKreport[1]_S_11242012_02d1509.txt ; RKreport[2]_S_11242012_02d1619.txt ; RKreport[3]_D_11242012_02d1656.txt
-
Thanks for the quick reply! Pasting the 2nd RogueKiller scan report below. I should also mention that the first time it ran, it quarantined some files into a folder on my desktop (quarantine report pasted below as well).
RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Wan [Admin rights]
Mode : Scan -- Date : 11/24/2012 16:19:58
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> FOUND
[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-00A7B2 +++++
--- User ---
[MBR] 9fff0dbc2e60d99879b3ee51435b2a9a
[bSP] 0b0b56354fe5426ad815a1a754ea4880 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51191 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104840190 | Size: 559286 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD10EACS-00C7B0 +++++
--- User ---
[MBR] 6cc990afca0b7be59f982cf455519016
[bSP] 7a364af20b3c83fded490ae0f5b56ab7 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive4: Patriot Memory USB Device +++++
--- User ---
[MBR] 6cdeb9b2eb2e69df7333f2da266e2984
[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_S_11242012_02d1619.txt >>
RKreport[1]_S_11242012_02d1509.txt ; RKreport[2]_S_11242012_02d1619.txt
Quarantine report from the FIRST RogueKiller scan:
Time : 24/11/2012 15:09:34
--------------------------
[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys
[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys
Time : 24/11/2012 16:19:58
--------------------------
[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys
[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys
-
Hi,
I first noticed something wrong this morning when I clicked on a link on a page on amazon.com and my browser (Chrome) took me to a different page altogether. Then my computer started slowing down, and now I can't even get it to run unless I'm in safe mode.
I ran malwarebytes and it found:
Files Detected: 1
C:\Documents and Settings\Wan\Local Settings\Temporary Internet Files\Content.IE5\YMHN6HBS\MyPhoneExplorer_v2_5185[1].exe (Riskware.InstallMonetizer) -> Quarantined and deleted successfully.
But the problems persisted, and seemed to get worse. Based on advice from a different site, I then downloaded and ran RogueKiller and TDSSkiller.
Finally, I came across this site, and followed the instructions as best as I could for DDS.
The logs for all of the above scans are attached to this message. Please let me know how to best proceed, and thank you so much in advance for your help!
mbam-log-2012-11-24 (11-46-27).txt
Infected by something - would appreciate some advice!
in Resolved Malware Removal Logs
Posted
Ok - I've tested the machine for the past few days, and it seems like everything is back to normal. Thank you again for all your help, Kevin -- it's much appreciated!