RJC
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by RJC
-
-
Thanks again.
Yes I meant it crashed during defrag.
I won't finish these steps tonight. I will post some time tomorrow.
I hope you have a good rest.
-
Disk cleanup: After about 4 hours the PC crashed with "Unknown hard error". It rebooted ok. This is an old PC and the HD is a bit slow. I will get a Windows 8 PC in a few months (since XP will no longer be supported) so I'm not concerned much about the HD performance.
msconfig: There is nothing I want to remove. Some things I do after reboot, like sync my tablet and backup, then I kill the processes manually.
Process explorer: System idle process is at 99% now so there is nothing to show. The svchost problem seems to be gone.
FRST: Merged the Wmi.reg and scanned. Here is the log.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by Wraithchilde (administrator) on BOB on 06-01-2014 09:23:57
Running from C:\Documents and Settings\Wraithchilde\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 10\cbVSCService.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Apple Inc.) E:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) E:\Program Files\MalwarebytesAnti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files\MalwarebytesAnti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) E:\Program Files\MalwarebytesAnti-Malware\mbamgui.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
() C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [49152 2005-11-04] (Creative Technology Ltd.)
HKLM\...\Run: [Cobian Backup 10] - C:\Program Files\Cobian Backup 10\Cobian.exe [421376 2010-04-21] (Luis Cobian, CobianSoft)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33628160 2009-06-05] (VIA Technologies, Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-06-21] ()
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - E:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [122880 2005-10-14] (Creative Technology Ltd)
HKLM\...\Run: [updReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [CTDVDDET] - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe [45056 2003-06-18] (Creative Technology Ltd)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [NVIDIA nTune] - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [81920 2007-04-04] (NVIDIA)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6E91084900DCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5854/mcfscan.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.196.64.53 68.113.206.10 24.178.162.3========================== Services (Whitelisted) =================
R2 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-04-21] (CobianSoft, Luis Cobian)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
S2 DAZContentManagementService; E:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] ()
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; E:\Program Files\MalwarebytesAnti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files\MalwarebytesAnti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [103112 2013-11-07] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145088 2013-11-28] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [643608 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-11-04] (McAfee, Inc.)
R2 mi-raysat_3dsmax2011_32; C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] ()
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [126976 2007-04-04] (NVIDIA)
S3 usprserv; C:\Windows\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [494192 2011-09-07] (VMware, Inc.)
R2 wsnm_usbctrl; C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [797296 2011-09-07] (VMware, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"==================== Drivers (Whitelisted) ====================
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 apf003; C:\WINDOWS\system32\apf003.sys [13232 2013-04-09] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2007-07-28] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-11-04] (McAfee, Inc.)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-21] (DT Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2007-07-28] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-11-04] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236000 2013-11-04] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365416 2013-11-04] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [572528 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [319808 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80752 2013-11-26] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [85064 2013-11-04] (McAfee, Inc.)
R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [85064 2013-11-04] (McAfee, Inc.)
R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91736 2013-11-04] (McAfee, Inc.)
R3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R0 nvatabus; C:\Windows\System32\DRIVERS\NVATABUS.SYS [105472 2010-04-18] (NVIDIA Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [124264 2013-02-18] (NVIDIA Corporation)
R3 NVR0Dev; C:\WINDOWS\nvoclock.sys [6912 2007-04-04] (NVidia Corp.)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [23064 2008-11-22] (Screaming Bee LLC)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1374464 2009-06-02] (VIA Technologies, Inc.)
R3 vmwvusb; C:\Windows\System32\Drivers\vmwvusb.sys [40048 2011-09-07] (VMware, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2005-04-12] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [22240 2005-04-12] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2005-04-12] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [45504 2005-04-12] (Logitech Inc.)
U2 mfewfpk;
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 XDva398; \??\C:\WINDOWS\system32\XDva398.sys [x]==================== NetSvcs (Whitelisted) ===================
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
2014-01-06 09:23 - 2014-01-06 09:23 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Desktop\FRST-OlderVersion
2014-01-06 09:02 - 2014-01-06 09:03 - 140022632 _____ C:\Documents and Settings\Wraithchilde\My Documents\1-1-14-reg backup.reg
2014-01-05 16:53 - 2014-01-05 16:53 - 00003274 _____ C:\Documents and Settings\Wraithchilde\Desktop\Wmi.reg
2014-01-05 16:28 - 2014-01-05 16:28 - 00000623 _____ C:\Documents and Settings\All Users\Desktop\MyDefrag.lnk
2014-01-05 14:47 - 2014-01-05 14:47 - 00002247 _____ C:\Documents and Settings\Wraithchilde\Desktop\FSS.txt
2014-01-05 14:11 - 2014-01-05 14:11 - 00708597 _____ (Farbar) C:\Documents and Settings\Wraithchilde\Desktop\FSS.exe
2014-01-05 13:14 - 2014-01-05 13:17 - 00002003 _____ C:\Documents and Settings\Wraithchilde\Desktop\Search.txt
2014-01-05 13:05 - 2014-01-05 13:13 - 00023462 _____ C:\Documents and Settings\Wraithchilde\Desktop\Addition.txt
2014-01-05 13:01 - 2014-01-06 09:24 - 00015758 _____ C:\Documents and Settings\Wraithchilde\Desktop\FRST.txt
2014-01-05 12:59 - 2014-01-06 09:23 - 00000000 ____D C:\FRST
2014-01-05 12:58 - 2014-01-06 09:23 - 01064805 _____ (Farbar) C:\Documents and Settings\Wraithchilde\Desktop\FRST.exe
2014-01-05 10:55 - 2014-01-05 10:58 - 00012270 _____ C:\WINDOWS\KB2888505-IE8.log
2014-01-05 08:20 - 2014-01-05 08:20 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Local Settings\Application Data\Sun
2014-01-05 08:10 - 2014-01-05 08:10 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-05 08:10 - 2014-01-05 08:09 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-05 08:10 - 2014-01-05 08:09 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-05 08:09 - 2014-01-05 08:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-05 08:09 - 2014-01-05 08:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-04 06:10 - 2014-01-06 09:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-01-03 06:08 - 2014-01-03 06:08 - 00000650 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\Malwarebytes
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-03 06:08 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-02 20:15 - 2014-01-02 20:15 - 00000000 ____D C:\Program Files\ESET
2014-01-02 19:57 - 2014-01-05 11:17 - 00021817 _____ C:\Documents and Settings\Wraithchilde\Desktop\attach.txt
2014-01-02 19:57 - 2014-01-05 11:17 - 00016066 _____ C:\Documents and Settings\Wraithchilde\Desktop\dds.txt
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-02 18:11 - 2011-06-26 00:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-02 18:11 - 2010-11-07 11:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-02 18:11 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-02 18:09 - 2014-01-02 18:33 - 00000000 ____D C:\Qoobox
2014-01-02 18:08 - 2014-01-02 18:30 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-01 15:22 - 2014-01-02 06:45 - 00065536 _____ C:\WINDOWS\system32\config\Cobian B.evt
2013-12-28 07:36 - 2013-12-28 07:36 - 00000853 ____N C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk==================== One Month Modified Files and Folders =======
2014-01-06 09:24 - 2014-01-05 13:01 - 00015758 _____ C:\Documents and Settings\Wraithchilde\Desktop\FRST.txt
2014-01-06 09:24 - 2005-08-16 03:40 - 01279946 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-06 09:23 - 2014-01-06 09:23 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Desktop\FRST-OlderVersion
2014-01-06 09:23 - 2014-01-05 12:59 - 00000000 ____D C:\FRST
2014-01-06 09:23 - 2014-01-05 12:58 - 01064805 _____ (Farbar) C:\Documents and Settings\Wraithchilde\Desktop\FRST.exe
2014-01-06 09:19 - 2014-01-04 06:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-01-06 09:19 - 2013-08-26 17:29 - 00001611 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
2014-01-06 09:19 - 2011-01-29 12:24 - 00000424 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-01-06 09:18 - 2013-05-10 14:01 - 00007518 _____ C:\WINDOWS\system32\nvAppTimestamps
2014-01-06 09:16 - 2005-08-16 03:38 - 00000000 ____D C:\WINDOWS\Registration
2014-01-06 09:13 - 2005-08-16 03:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-06 09:13 - 2005-08-16 03:35 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-06 09:12 - 2005-08-16 03:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-06 09:11 - 2007-06-02 11:31 - 00000178 ___SH C:\Documents and Settings\Wraithchilde\ntuser.ini
2014-01-06 09:11 - 2005-08-16 03:49 - 00032500 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-06 09:03 - 2014-01-06 09:02 - 140022632 _____ C:\Documents and Settings\Wraithchilde\My Documents\1-1-14-reg backup.reg
2014-01-06 08:58 - 2007-06-07 19:43 - 00000000 ____D C:\Documents and Settings\Wraithchilde\My Documents\Misc
2014-01-06 08:50 - 2012-03-29 04:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-06 08:11 - 2009-03-25 10:49 - 00000000 ____D C:\Documents and Settings\Wraithchilde\My Documents\TurboTax
2014-01-06 08:07 - 2007-06-03 04:00 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\Adobe
2014-01-06 07:17 - 2005-08-16 03:18 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-06 03:16 - 2008-03-16 17:34 - 00000000 __SHD C:\WINDOWS\CSC
2014-01-05 16:53 - 2014-01-05 16:53 - 00003274 _____ C:\Documents and Settings\Wraithchilde\Desktop\Wmi.reg
2014-01-05 16:28 - 2014-01-05 16:28 - 00000623 _____ C:\Documents and Settings\All Users\Desktop\MyDefrag.lnk
2014-01-05 15:27 - 2012-01-30 12:56 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Local Settings\Application Data\Firestorm
2014-01-05 15:20 - 2013-07-11 09:46 - 01098252 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2014-01-05 15:20 - 2013-07-11 09:46 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2014-01-05 14:47 - 2014-01-05 14:47 - 00002247 _____ C:\Documents and Settings\Wraithchilde\Desktop\FSS.txt
2014-01-05 14:41 - 2013-07-11 09:46 - 01098252 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2014-01-05 14:11 - 2014-01-05 14:11 - 00708597 _____ (Farbar) C:\Documents and Settings\Wraithchilde\Desktop\FSS.exe
2014-01-05 13:29 - 2010-03-01 08:19 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-05 13:17 - 2014-01-05 13:14 - 00002003 _____ C:\Documents and Settings\Wraithchilde\Desktop\Search.txt
2014-01-05 13:13 - 2014-01-05 13:05 - 00023462 _____ C:\Documents and Settings\Wraithchilde\Desktop\Addition.txt
2014-01-05 11:17 - 2014-01-02 19:57 - 00021817 _____ C:\Documents and Settings\Wraithchilde\Desktop\attach.txt
2014-01-05 11:17 - 2014-01-02 19:57 - 00016066 _____ C:\Documents and Settings\Wraithchilde\Desktop\dds.txt
2014-01-05 11:07 - 2011-01-12 14:39 - 00000506 _____ C:\Documents and Settings\Wraithchilde\Desktop\Misc Notes.txt
2014-01-05 10:58 - 2014-01-05 10:55 - 00012270 _____ C:\WINDOWS\KB2888505-IE8.log
2014-01-05 10:58 - 2005-08-16 03:33 - 01408683 _____ C:\WINDOWS\iis6.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00563217 _____ C:\WINDOWS\tsoc.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00410176 _____ C:\WINDOWS\comsetup.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00249840 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00179312 _____ C:\WINDOWS\MedCtrOC.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00070146 _____ C:\WINDOWS\ehOCGen.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00067313 _____ C:\WINDOWS\ocmsn.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00060540 _____ C:\WINDOWS\tabletoc.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00001355 _____ C:\WINDOWS\imsins.log
2014-01-05 10:57 - 2005-08-16 20:04 - 00244755 _____ C:\WINDOWS\updspapi.log
2014-01-05 10:57 - 2005-08-16 03:33 - 01220207 _____ C:\WINDOWS\FaxSetup.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00606827 _____ C:\WINDOWS\ocgen.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00385812 _____ C:\WINDOWS\msmqinst.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00225716 _____ C:\WINDOWS\netfxocm.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00144724 _____ C:\WINDOWS\plusoc.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00061129 _____ C:\WINDOWS\msgsocm.log
2014-01-05 10:56 - 2010-04-15 15:16 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-05 08:20 - 2014-01-05 08:20 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Local Settings\Application Data\Sun
2014-01-05 08:10 - 2014-01-05 08:10 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-05 08:09 - 2014-01-05 08:10 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-05 08:09 - 2014-01-05 08:10 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-05 08:09 - 2014-01-05 08:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-05 08:09 - 2014-01-05 08:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-05 08:08 - 2007-05-16 07:33 - 00000000 ____D C:\Program Files\Java
2014-01-05 08:00 - 2013-08-26 17:27 - 00000000 ____D C:\Program Files\McAfee
2014-01-05 08:00 - 2013-08-26 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-05 06:36 - 2010-05-01 13:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-05 06:36 - 2007-05-16 07:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-05 06:36 - 2007-05-16 07:45 - 00000000 ____D C:\Program Files\Adobe
2014-01-04 06:47 - 2009-04-11 06:23 - 00000000 ____D C:\Documents and Settings\Wraithchilde\My Documents\Second Life
2014-01-04 06:19 - 2007-05-16 07:21 - 00000209 ___SH C:\boot.ini
2014-01-04 06:19 - 2005-08-16 03:18 - 00000602 _____ C:\WINDOWS\win.ini
2014-01-04 06:19 - 2005-08-16 03:18 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-04 05:53 - 2009-08-20 12:16 - 00000000 ____D C:\WINDOWS\pss
2014-01-03 11:55 - 2012-01-22 04:18 - 00284373 _____ C:\WINDOWS\setupapi.log
2014-01-03 07:45 - 2005-08-16 03:22 - 00000000 ____D C:\WINDOWS\Resources
2014-01-03 06:08 - 2014-01-03 06:08 - 00000650 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\Malwarebytes
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-03 01:07 - 2005-08-16 03:49 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-02 20:15 - 2014-01-02 20:15 - 00000000 ____D C:\Program Files\ESET
2014-01-02 18:33 - 2014-01-02 18:09 - 00000000 ____D C:\Qoobox
2014-01-02 18:30 - 2014-01-02 18:08 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-02 18:21 - 2013-06-07 09:08 - 41943040 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2014-01-02 18:21 - 2007-05-16 14:19 - 14417920 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2014-01-02 18:21 - 2005-08-15 22:27 - 01048576 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2014-01-02 18:21 - 2005-08-15 22:27 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-02 18:21 - 2005-08-15 22:27 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-02 18:19 - 2007-06-02 11:31 - 00000000 ____D C:\Documents and Settings\Wraithchilde
2014-01-02 18:01 - 2010-08-07 22:06 - 00011958 _____ C:\Documents and Settings\Wraithchilde\My Documents\hijackthis.log
2014-01-02 15:00 - 2009-11-19 21:37 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\vlc
2014-01-02 06:45 - 2014-01-01 15:22 - 00065536 _____ C:\WINDOWS\system32\config\Cobian B.evt
2014-01-01 07:12 - 2005-08-16 03:22 - 00000000 ____D C:\WINDOWS\repair
2013-12-28 07:36 - 2013-12-28 07:36 - 00000853 ____N C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk
2013-12-27 15:48 - 2013-08-26 17:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-20 06:42 - 2007-07-17 14:38 - 00000230 _____ C:\WINDOWS\CTWave32.ini
2013-12-20 06:37 - 2007-07-17 14:20 - 00000072 _____ C:\WINDOWS\sbwin.ini
2013-12-18 18:22 - 2005-08-16 03:33 - 00574102 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-13 13:30 - 2007-06-03 07:21 - 00000000 ____D C:\Documents and Settings\Wraithchilde\My Documents\ProjectsFiles to move or delete:
====================
C:\Documents and Settings\Wraithchilde\random.dat==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2005-08-16 03:18] - [2009-02-09 04:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
This is odd. I have no idea what this is or where it comes from. The file doesn't exist.
S3 XDva398; \??\C:\WINDOWS\system32\XDva398.sys [x]
-
Thank you. This might take a while. It will likely be tomorrow before I can complete this and post the results.
-
A strange file with unicode characters for a name was created on the desktop. Not sure where that came from.
CPU usage from System and svchost seems to have calmed down a bit. Still took a very long time to reboot.
No blocked website message so far.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2014
Ran by Wraithchilde at 2014-01-05 14:24:38 Run:1
Running from C:\Documents and Settings\Wraithchilde\Desktop
Boot Mode: Normal==============================================
Content of fixlist:
*****************
start
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 vmhnavixan; \??\C:\WINDOWS\system32\drivers\mmdzrgupcuxacl.sys [x]
C:\WINDOWS\system32\drivers\mmdzrgupcuxacl.sys
U3 mbr; \??\C:\DOCUME~1\WRAITH~1\LOCALS~1\Temp\mbr.sys [x]
2014-01-02 12:44 - 2014-01-02 12:44 - 00028672 _____ C:\WINDOWS\system32\gwbxgwx.ner
2014-01-02 12:34 - 2014-01-05 12:10 - 00000081 _____ C:\WINDOWS\system32\wbwd.vmy
2014-01-02 12:31 - 2014-01-02 12:44 - 00000102 _____ C:\WINDOWS\system32\ryer.xah
2014-01-02 12:31 - 2014-01-02 12:31 - 00000064 _____ C:\WINDOWS\system32\pecdt.jfe
2013-12-28 15:11 - 2013-12-28 15:11 - 00101213 ____S C:\WINDOWS\system32\pydray.bma
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\dllcache\rpcss.dll
end
*****************HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
catchme => Service deleted successfully.
vmhnavixan => Service deleted successfully.
"C:\WINDOWS\system32\drivers\mmdzrgupcuxacl.sys" => File/Directory not found.
mbr => Service deleted successfully.
C:\WINDOWS\system32\gwbxgwx.ner => Moved successfully.
C:\WINDOWS\system32\wbwd.vmy => Moved successfully.
C:\WINDOWS\system32\ryer.xah => Moved successfully.
C:\WINDOWS\system32\pecdt.jfe => Moved successfully.
Could not move "C:\WINDOWS\system32\pydray.bma" => Scheduled to move on reboot.
C:\WINDOWS\system32\rpcss.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\rpcss.dll
"C:\WINDOWS\system32\dllcache\rpcss.dll" => Could not move.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\dllcache\rpcss.dll=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-05 14:28:29)<=
C:\WINDOWS\system32\pydray.bma => Is moved successfully.
==== End of Fixlog ====
Farbar Service Scanner Version: 05-12-2013
Ran by Wraithchilde (administrator) on 05-01-2014 at 14:47:12
Running from "C:\Documents and Settings\Wraithchilde\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************Internet Services:
============Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.Windows Firewall:
=============Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0System Restore:
============System Restore Disabled Policy:
========================Security Center:
============Windows Update:
============Windows Autoupdate Disabled Policy:
============================Other Services:
==============File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legitExtra List:
=======
Gpc(6) IPSec(4) mfetdi2k(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.**** End of log ****
-
Thank you Georgi
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Wraithchilde (administrator) on BOB on 05-01-2014 13:11:54
Running from C:\Documents and Settings\Wraithchilde\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: NormalATTENTION: If processes are not listed WMI should be repaired.
==================== Processes (Whitelisted) ===================
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [49152 2005-11-04] (Creative Technology Ltd.)
HKLM\...\Run: [Cobian Backup 10] - C:\Program Files\Cobian Backup 10\Cobian.exe [421376 2010-04-21] (Luis Cobian, CobianSoft)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33628160 2009-06-05] (VIA Technologies, Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-06-21] ()
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - E:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [122880 2005-10-14] (Creative Technology Ltd)
HKLM\...\Run: [updReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [CTDVDDET] - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe [45056 2003-06-18] (Creative Technology Ltd)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [NVIDIA nTune] - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [81920 2007-04-04] (NVIDIA)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6E91084900DCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5854/mcfscan.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.196.64.53 68.113.206.10 24.178.162.3========================== Services (Whitelisted) =================
R2 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-04-21] (CobianSoft, Luis Cobian)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
S2 DAZContentManagementService; E:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] ()
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; E:\Program Files\MalwarebytesAnti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files\MalwarebytesAnti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [103112 2013-11-07] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145088 2013-11-28] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [643608 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-11-04] (McAfee, Inc.)
R2 mi-raysat_3dsmax2011_32; C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] ()
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [126976 2007-04-04] (NVIDIA)
S3 usprserv; C:\Windows\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [494192 2011-09-07] (VMware, Inc.)
S2 wsnm_usbctrl; C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [797296 2011-09-07] (VMware, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"==================== Drivers (Whitelisted) ====================
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 apf003; C:\WINDOWS\system32\apf003.sys [13232 2013-04-09] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2007-07-28] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-11-04] (McAfee, Inc.)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-21] (DT Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2007-07-28] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-11-04] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236000 2013-11-04] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365416 2013-11-04] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [572528 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [319808 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80752 2013-11-26] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [85064 2013-11-04] (McAfee, Inc.)
R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [85064 2013-11-04] (McAfee, Inc.)
R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91736 2013-11-04] (McAfee, Inc.)
R3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R0 nvatabus; C:\Windows\System32\DRIVERS\NVATABUS.SYS [105472 2010-04-18] (NVIDIA Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [124264 2013-02-18] (NVIDIA Corporation)
R3 NVR0Dev; C:\WINDOWS\nvoclock.sys [6912 2007-04-04] (NVidia Corp.)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [23064 2008-11-22] (Screaming Bee LLC)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1374464 2009-06-02] (VIA Technologies, Inc.)
R3 vmwvusb; C:\Windows\System32\Drivers\vmwvusb.sys [40048 2011-09-07] (VMware, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2005-04-12] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [22240 2005-04-12] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2005-04-12] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [45504 2005-04-12] (Logitech Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 mfewfpk;
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 vmhnavixan; \??\C:\WINDOWS\system32\drivers\mmdzrgupcuxacl.sys [x]
S3 XDva398; \??\C:\WINDOWS\system32\XDva398.sys [x]
U3 mbr; \??\C:\DOCUME~1\WRAITH~1\LOCALS~1\Temp\mbr.sys [x]==================== NetSvcs (Whitelisted) ===================
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
2014-01-05 13:05 - 2014-01-05 13:07 - 00023462 _____ C:\Documents and Settings\Wraithchilde\Desktop\Addition.txt
2014-01-05 13:01 - 2014-01-05 13:12 - 00013595 _____ C:\Documents and Settings\Wraithchilde\Desktop\FRST.txt
2014-01-05 12:59 - 2014-01-05 12:59 - 00000000 ____D C:\FRST
2014-01-05 12:58 - 2014-01-05 12:58 - 01064761 _____ (Farbar) C:\Documents and Settings\Wraithchilde\Desktop\FRST.exe
2014-01-05 10:55 - 2014-01-05 10:58 - 00012270 _____ C:\WINDOWS\KB2888505-IE8.log
2014-01-05 08:20 - 2014-01-05 08:20 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Local Settings\Application Data\Sun
2014-01-05 08:10 - 2014-01-05 08:10 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-05 08:10 - 2014-01-05 08:09 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-05 08:10 - 2014-01-05 08:09 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-05 08:09 - 2014-01-05 08:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-05 08:09 - 2014-01-05 08:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-04 06:10 - 2014-01-05 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-01-03 06:08 - 2014-01-03 06:08 - 00000650 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\Malwarebytes
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-03 06:08 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-02 20:15 - 2014-01-02 20:15 - 00000000 ____D C:\Program Files\ESET
2014-01-02 19:57 - 2014-01-05 11:17 - 00021817 _____ C:\Documents and Settings\Wraithchilde\Desktop\attach.txt
2014-01-02 19:57 - 2014-01-05 11:17 - 00016066 _____ C:\Documents and Settings\Wraithchilde\Desktop\dds.txt
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-02 18:11 - 2011-06-26 00:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-02 18:11 - 2010-11-07 11:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-02 18:11 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-02 18:11 - 2000-08-30 18:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-02 18:09 - 2014-01-02 18:33 - 00000000 ____D C:\Qoobox
2014-01-02 18:08 - 2014-01-02 18:30 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-02 12:44 - 2014-01-02 12:44 - 00028672 _____ C:\WINDOWS\system32\gwbxgwx.ner
2014-01-02 12:34 - 2014-01-05 12:10 - 00000081 _____ C:\WINDOWS\system32\wbwd.vmy
2014-01-02 12:31 - 2014-01-02 12:44 - 00000102 _____ C:\WINDOWS\system32\ryer.xah
2014-01-02 12:31 - 2014-01-02 12:31 - 00000064 _____ C:\WINDOWS\system32\pecdt.jfe
2014-01-01 15:22 - 2014-01-02 06:45 - 00065536 _____ C:\WINDOWS\system32\config\Cobian B.evt
2013-12-28 15:11 - 2013-12-28 15:11 - 00101213 ____S C:\WINDOWS\system32\pydray.bma
2013-12-28 07:36 - 2013-12-28 07:36 - 00000853 ____N C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk==================== One Month Modified Files and Folders =======
2014-01-05 13:12 - 2014-01-05 13:01 - 00013595 _____ C:\Documents and Settings\Wraithchilde\Desktop\FRST.txt
2014-01-05 13:12 - 2013-05-10 14:01 - 00007252 _____ C:\WINDOWS\system32\nvAppTimestamps
2014-01-05 13:12 - 2010-03-01 08:19 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-05 13:07 - 2014-01-05 13:05 - 00023462 _____ C:\Documents and Settings\Wraithchilde\Desktop\Addition.txt
2014-01-05 12:59 - 2014-01-05 12:59 - 00000000 ____D C:\FRST
2014-01-05 12:58 - 2014-01-05 12:58 - 01064761 _____ (Farbar) C:\Documents and Settings\Wraithchilde\Desktop\FRST.exe
2014-01-05 12:57 - 2012-01-30 12:56 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Local Settings\Application Data\Firestorm
2014-01-05 12:50 - 2012-03-29 04:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-05 12:42 - 2013-07-11 09:46 - 01098252 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2014-01-05 12:42 - 2013-07-11 09:46 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2014-01-05 12:10 - 2014-01-02 12:34 - 00000081 _____ C:\WINDOWS\system32\wbwd.vmy
2014-01-05 11:17 - 2014-01-02 19:57 - 00021817 _____ C:\Documents and Settings\Wraithchilde\Desktop\attach.txt
2014-01-05 11:17 - 2014-01-02 19:57 - 00016066 _____ C:\Documents and Settings\Wraithchilde\Desktop\dds.txt
2014-01-05 11:09 - 2014-01-04 06:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-01-05 11:09 - 2013-08-26 17:29 - 00001611 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
2014-01-05 11:07 - 2011-01-29 12:24 - 00000424 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-01-05 11:07 - 2011-01-12 14:39 - 00000506 _____ C:\Documents and Settings\Wraithchilde\Desktop\Misc Notes.txt
2014-01-05 11:05 - 2005-08-16 03:38 - 00000000 ____D C:\WINDOWS\Registration
2014-01-05 11:03 - 2005-08-16 03:40 - 01259446 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-05 11:01 - 2005-08-16 03:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-05 11:01 - 2005-08-16 03:35 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-05 11:00 - 2005-08-16 03:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-05 10:58 - 2014-01-05 10:55 - 00012270 _____ C:\WINDOWS\KB2888505-IE8.log
2014-01-05 10:58 - 2007-06-02 11:31 - 00000178 ___SH C:\Documents and Settings\Wraithchilde\ntuser.ini
2014-01-05 10:58 - 2005-08-16 03:49 - 00032422 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-05 10:58 - 2005-08-16 03:33 - 01408683 _____ C:\WINDOWS\iis6.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00563217 _____ C:\WINDOWS\tsoc.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00410176 _____ C:\WINDOWS\comsetup.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00249840 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00179312 _____ C:\WINDOWS\MedCtrOC.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00070146 _____ C:\WINDOWS\ehOCGen.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00067313 _____ C:\WINDOWS\ocmsn.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00060540 _____ C:\WINDOWS\tabletoc.log
2014-01-05 10:58 - 2005-08-16 03:33 - 00001355 _____ C:\WINDOWS\imsins.log
2014-01-05 10:57 - 2005-08-16 20:04 - 00244755 _____ C:\WINDOWS\updspapi.log
2014-01-05 10:57 - 2005-08-16 03:33 - 01220207 _____ C:\WINDOWS\FaxSetup.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00606827 _____ C:\WINDOWS\ocgen.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00385812 _____ C:\WINDOWS\msmqinst.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00225716 _____ C:\WINDOWS\netfxocm.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00144724 _____ C:\WINDOWS\plusoc.log
2014-01-05 10:57 - 2005-08-16 03:33 - 00061129 _____ C:\WINDOWS\msgsocm.log
2014-01-05 10:56 - 2010-04-15 15:16 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-05 10:49 - 2014-01-05 10:49 - 00003038 _____ C:\Documents and Settings\Wraithchilde\Desktop\fix_svchost.bat
2014-01-05 10:26 - 2013-07-11 09:46 - 01098252 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2014-01-05 08:20 - 2014-01-05 08:20 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Local Settings\Application Data\Sun
2014-01-05 08:10 - 2014-01-05 08:10 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-05 08:09 - 2014-01-05 08:10 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-05 08:09 - 2014-01-05 08:10 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-05 08:09 - 2014-01-05 08:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-05 08:09 - 2014-01-05 08:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-05 08:09 - 2014-01-05 08:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-05 08:08 - 2007-05-16 07:33 - 00000000 ____D C:\Program Files\Java
2014-01-05 08:00 - 2013-08-26 17:27 - 00000000 ____D C:\Program Files\McAfee
2014-01-05 08:00 - 2013-08-26 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-05 06:36 - 2010-05-01 13:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-05 06:36 - 2007-05-16 07:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-05 06:36 - 2007-05-16 07:45 - 00000000 ____D C:\Program Files\Adobe
2014-01-04 06:47 - 2009-04-11 06:23 - 00000000 ____D C:\Documents and Settings\Wraithchilde\My Documents\Second Life
2014-01-04 06:19 - 2007-05-16 07:21 - 00000209 ___SH C:\boot.ini
2014-01-04 06:19 - 2005-08-16 03:18 - 00000602 _____ C:\WINDOWS\win.ini
2014-01-04 06:19 - 2005-08-16 03:18 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-04 05:53 - 2009-08-20 12:16 - 00000000 ____D C:\WINDOWS\pss
2014-01-03 16:14 - 2007-06-07 19:43 - 00000000 ____D C:\Documents and Settings\Wraithchilde\My Documents\Misc
2014-01-03 11:55 - 2012-01-22 04:18 - 00284373 _____ C:\WINDOWS\setupapi.log
2014-01-03 07:45 - 2005-08-16 03:22 - 00000000 ____D C:\WINDOWS\Resources
2014-01-03 06:08 - 2014-01-03 06:08 - 00000650 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\Malwarebytes
2014-01-03 06:08 - 2014-01-03 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-03 01:07 - 2005-08-16 03:49 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-02 20:15 - 2014-01-02 20:15 - 00000000 ____D C:\Program Files\ESET
2014-01-02 19:03 - 2014-01-02 18:33 - 00020425 _____ C:\ComboFix1.txt
2014-01-02 18:33 - 2014-01-02 18:09 - 00000000 ____D C:\Qoobox
2014-01-02 18:30 - 2014-01-02 18:08 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00008192 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-02 18:21 - 2014-01-02 18:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-02 18:21 - 2013-06-07 09:08 - 41943040 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2014-01-02 18:21 - 2007-05-16 14:19 - 14417920 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2014-01-02 18:21 - 2005-08-15 22:27 - 01048576 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2014-01-02 18:21 - 2005-08-15 22:27 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-02 18:21 - 2005-08-15 22:27 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-02 18:19 - 2007-06-02 11:31 - 00000000 ____D C:\Documents and Settings\Wraithchilde
2014-01-02 18:01 - 2010-08-07 22:06 - 00011958 _____ C:\Documents and Settings\Wraithchilde\My Documents\hijackthis.log
2014-01-02 17:12 - 2005-08-16 03:18 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-02 15:00 - 2009-11-19 21:37 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\vlc
2014-01-02 12:44 - 2014-01-02 12:44 - 00028672 _____ C:\WINDOWS\system32\gwbxgwx.ner
2014-01-02 12:44 - 2014-01-02 12:31 - 00000102 _____ C:\WINDOWS\system32\ryer.xah
2014-01-02 12:31 - 2014-01-02 12:31 - 00000064 _____ C:\WINDOWS\system32\pecdt.jfe
2014-01-02 06:45 - 2014-01-01 15:22 - 00065536 _____ C:\WINDOWS\system32\config\Cobian B.evt
2014-01-01 07:12 - 2005-08-16 03:22 - 00000000 ____D C:\WINDOWS\repair
2013-12-30 11:26 - 2007-06-03 04:00 - 00000000 ____D C:\Documents and Settings\Wraithchilde\Application Data\Adobe
2013-12-28 15:11 - 2013-12-28 15:11 - 00101213 ____S C:\WINDOWS\system32\pydray.bma
2013-12-28 07:36 - 2013-12-28 07:36 - 00000853 ____N C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk
2013-12-27 15:48 - 2013-08-26 17:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-23 12:26 - 2008-03-16 17:34 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-20 06:42 - 2007-07-17 14:38 - 00000230 _____ C:\WINDOWS\CTWave32.ini
2013-12-20 06:37 - 2007-07-17 14:20 - 00000072 _____ C:\WINDOWS\sbwin.ini
2013-12-18 18:22 - 2005-08-16 03:33 - 00574102 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-13 13:30 - 2007-06-03 07:21 - 00000000 ____D C:\Documents and Settings\Wraithchilde\My Documents\ProjectsFiles to move or delete:
====================
C:\Documents and Settings\Wraithchilde\random.dat==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2005-08-16 03:18] - [2009-02-09 06:10] - 0401408 ____A (Microsoft Corporation) 53685605a29b5ad32463b903ed7bb136C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by Wraithchilde at 2014-01-05 13:14:25
Running from C:\Documents and Settings\Wraithchilde\Desktop
Boot Mode: Normal================== Search: "rpcss.dll" ===================
C:\WINDOWS\system32\rpcss.dll
[2005-08-16 03:18] - [2009-02-09 06:10] - 0401408 ____A (Microsoft Corporation) 53685605a29b5ad32463b903ed7bb136C:\WINDOWS\system32\dllcache\rpcss.dll
[2005-08-16 03:18] - [2009-02-09 06:10] - 0401408 ____A (Microsoft Corporation) a58eae6c65b8a66e6cd49ed1308050bfC:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2009-05-01 21:55] - [2008-04-13 18:12] - 0399360 ____N (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009-05-02 02:01] - [2008-04-13 18:12] - 0399360 ____C (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2007-06-04 02:01] - [2005-04-28 13:31] - 0395776 ____C (Microsoft Corporation) c8061f289e000703e7672916b7fe1571C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2007-06-04 02:00] - [2004-08-10 04:00] - 0395776 ____C (Microsoft Corporation) 5c83a4408604f737717ab96371201680C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2009-05-01 21:59] - [2005-07-25 22:39] - 0397824 ____C (Microsoft Corporation) ce94a2bd25e3e9f4d46a7373ff455c6dC:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2009-05-02 00:31] - [2009-02-09 04:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005-07-25 22:20] - [2005-07-25 22:20] - 0398336 ____A (Microsoft Corporation) c369df215d352b6f3a0b8c3469aa34f8C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[2005-04-28 13:35] - [2005-04-28 13:35] - 0396288 ____A (Microsoft Corporation) da383fb39a6f1c445f3afc94b3eb1248C:\i386\rpcss.dll
[2007-06-04 14:51] - [2005-07-25 22:39] - 0397824 ____A (Microsoft Corporation) ce94a2bd25e3e9f4d46a7373ff455c6d=== End Of Search ===
-
I can usually remove problems with a combination of tools but this one has me stumped. I think I should ask for some assistance.
On Jan 2, I got the message "DCOM Server Process Launcher Service terminated unexpectly" and the PC rebooted. Since then I have set the action to restart the service instead of reboot so I could complete scans, etc. PC performance is very slow now. Takes forever to reboot.
I have done full scans with McAfee, Microsoft Security Essentials, ESET online scanner, Spybot S&D: all came up clean.
I did a full scan with Malware Bytes: It deleted some registry entries that I believe were old. Since then the scans are clean.
I keep getting a blocked website message, outoging, 66.45.56.109, even when no programs are running.
DDS logs. The Attach.txt was kind of big so I attached it.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Wraithchilde at 11:14:49 on 2014-01-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2671 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
E:\Program Files\MalwarebytesAnti-Malware\mbamscheduler.exe
E:\Program Files\MalwarebytesAnti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
E:\Program Files\MalwarebytesAnti-Malware\mbamgui.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>;*.local
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [updReg] c:\windows\UpdReg.EXE
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{57B888B6-65B4-428C-A4E9-B64B0F66E308} : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest wsauth
.
============= SERVICES / DRIVERS ===============
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-8-26 281560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-21 239168]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2013-4-3 91736]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-1-28 67584]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-8-26 281560]
R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytesanti-malware\mbamscheduler.exe [2014-1-3 418376]
R2 MBAMService;MBAMService;e:\program files\malwarebytesanti-malware\mbamservice.exe [2014-1-3 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2013-8-26 103112]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-8-26 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-8-26 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-8-26 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-8-26 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-8-26 281560]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-4-3 236000]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-8-26 643608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-8-26 169320]
R2 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-12-26 572528]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-8-26 172416]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;c:\program files\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 wsnm;VMware View Client;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2011-9-7 494192]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-4-3 60920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-3 22856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-4-3 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-2-18 319808]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2013-8-26 85064]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-27 1374464]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [2012-6-25 40048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DAZContentManagementService;DAZ Content Management Service;e:\program files\daz 3d\content management service\ContentManagementServer.exe [2012-3-10 18432]
S2 vmhnavixan;vmhnavixan;\??\c:\windows\system32\drivers\mmdzrgupcuxacl.sys --> c:\windows\system32\drivers\mmdzrgupcuxacl.sys [?]
S2 wsnm_usbctrl;VMware View USB Control;c:\program files\vmware\vmware view\client\bin\wsnm_usbctrl.exe [2011-9-7 797296]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2013-4-9 13232]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-19 147912]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-4-3 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-2-18 80752]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2013-8-26 85064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva398;XDva398;\??\c:\windows\system32\xdva398.sys --> c:\windows\system32\XDva398.sys [?]
.
=============== File Associations ===============
.
ShellExec: DAZStudio.exe: open="e:\program files\daz 3d\DAZStudio4/DAZStudio.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-05 14:20:54 -------- d-----w- c:\documents and settings\wraithchilde\local settings\application data\Sun
2014-01-05 14:10:06 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-05 14:09:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-05 12:10:21 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65de4406-9ff0-4c7b-8dac-eabd97619033}\mpengine.dll
2014-01-03 12:08:41 -------- d-----w- c:\documents and settings\wraithchilde\application data\Malwarebytes
2014-01-03 12:08:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-01-03 12:08:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-03 02:15:41 -------- d-----w- c:\program files\ESET
2014-01-03 00:11:18 98816 ----a-w- c:\windows\sed.exe
2014-01-03 00:11:18 256000 ----a-w- c:\windows\PEV.exe
2014-01-03 00:11:18 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2014-01-05 16:26:12 1098252 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-01-05 16:26:12 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-01-05 14:35:25 1098252 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-11-27 04:06:42 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-11-27 04:06:22 80752 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-11-27 04:06:00 319808 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 23:22:36 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 23:16:54 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-04 23:16:14 91736 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2013-11-04 23:12:26 572528 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 23:11:04 85064 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2013-11-04 23:10:42 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 23:10:02 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-04 23:09:20 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 23:08:22 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 11:17:23.07 =============== -
This message comes in a balloon showing the IP address. There is no other info and these events are not logged. Is it possible to show or log these events including what process (or whatever) attempted this connection? I believe this may be helpful in finding undetected malware.
I'm getting quite a few of these messages when no programs are running (only background processes are running) so I have to suspect there is an issue that wasn't found.
Help with undetected problem, please
in Resolved Malware Removal Logs
Posted
STEP 1 RogueKiller
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Wraithchilde [Admin rights]
Mode : Scan -- Date : 01/06/2014 19:43:26
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3320620AS +++++
--- User ---
[MBR] d3ad061161be7bb8170b6b511eda71ee
[bSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 300442 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 615401955 | Size: 4753 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31500341AS +++++
--- User ---
[MBR] 164bf18ef624175da2f198bf9765a4e2
[bSP] 84bed909411e513407b4f1e9ef90eb3b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_01062014_194326.txt >>
STEP 2 TDSKiller
I ran this prior to asking for help here, so I know this is clean.
STEP 3 Malwarebytes Anti-Rootkit
I currently have no way to backup my HDD including boot sector, so I don't feel comfortable using this tool.
STEP 4 HitmanPro
STEP 5 Security Check by screen317
Results of screen317's Security Check version 0.99.78
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
McAfee Anti-Virus and Anti-Spyware
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
Java 7 Update 45
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Microsoft Security Client Antimalware MsMpEng.exe
MalwarebytesAnti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
I'm pretty confident the PC is clean now, thanks to you.