poppy2

ok here it is, thanks..... Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Please wait while WMIC compiles updated MOF files.d i s p l a y N a m e ECHO is off. a v a s t ! ECHO is off. A n t i v i r u s ECHO is off. Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.4 Spybot - Search & Destroy SUPERAntiSpyware Free Edition Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (28.0) Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 6% ````````````````````End of Log``````````````````````

ok, thanks. After I let Avast do the scan before windows opened and found all those things from my last post I tried the browser and it seemed ok. I have done all the things from your last post just in case. Here is the Farbar log: Thanks, MrC! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Compaq_Administrator at 2014-04-11 14:01:39 Run:1 Running from C:\Documents and Settings\Compaq_Administrator\Desktop\frst Boot Mode: Normal ============================================== Content of fixlist: ***************** AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe:BDU HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File ***************** C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe => ":BDU" ADS removed successfully. C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe => ":BDU" ADS removed successfully. "C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe" => ":BDU" ADS not found. C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe => ":BDU" ADS removed successfully. C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe => ":BDU" ADS removed successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\RunNarrator => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully. HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found. ==== End of Fixlog ====

I'm using firefox browser. Here are the FRST results: Thanks! Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Compaq_Administrator at 2014-04-11 08:50:55 Running from C:\Documents and Settings\Compaq_Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.) Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - ) Amazon Kindle For PC v1.1 (HKLM\...\Amazon Kindle For PC) (Version: - ) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}) (Version: 3.0.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5166 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.17-050813a1-025991C-HP - ) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software) Bonjour (HKLM\...\{8A253629-0511-4854-8B4E-46E57E66005C}) (Version: 2.0.1.2 - Apple Inc.) c4200_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version: - ) Compaq Game Console and games (HKLM\...\Compaq Game Console) (Version: - WildTangent) Compaq Multimedia Keyboard Software (HKLM\...\KBD) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Control Center for KODAK Webcams (HKLM\...\Control Center for KODAK Webcams) (Version: - ) CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation) cp_LightScribeConfig (Version: 53.0.24.000 - Hewlett-Packard) Hidden cp_LightScribePlugin (Version: 53.0.24.000 - Hewlett-Packard) Hidden CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation) Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION) EpsonNet Setup 3.3 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION) ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - ) Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden InterVideo WinDVD Player (HKLM\...\{3912A629-0020-0005-3757-2FBA74D4DF0A}) (Version: - ) InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.) iTunes (HKLM\...\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}) (Version: 9.1.1.12 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LightScribe 1.4.52.1 (Version: 1.4.52.1 - Integrator) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Flight Simulator 98 (HKLM\...\Flight Simulator 98) (Version: - ) Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden Microsoft Midtown Madness 2 (HKLM\...\Midtown Madness 2.0) (Version: - ) Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft) Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden Microsoft Office 2000 Standard (HKLM\...\{00020409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation) Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version: - ) Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Myst III: Exile (HKLM\...\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}) (Version: - ) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) PS_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden PS2 (HKLM\...\PS2) (Version: - ) QuickBooks Pro 2006 (HKLM\...\{69B02159-7622-4DBB-B9EE-F933039830AD}) (Version: - ) Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.1.29 - Intuit) SCRABBLE from Compaq (remove only) (HKLM\...\FA6A73EB-40AB-4B58-851D-3892B3C10EF6) (Version: - WildTangent) Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions) Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions) Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions) Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions) Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions) Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) SpywareBlaster 4.4 (HKLM\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC) Street Atlas USA 5.0 (HKLM\...\Street Atlas USA 5.0) (Version: - ) SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.25.0.1012 - SUPERAntiSpyware.com) TaxACT 2007 (HKLM\...\TaxACT 2007) (Version: - 2nd Story Software, Inc.) TaxACT 2008 (HKLM\...\TaxACT 2008) (Version: - 2nd Story Software, Inc.) TaxACT 2008 New Jersey (HKLM\...\TaxACT 2008 New Jersey) (Version: - 2nd Story Software, Inc.) TaxACT 2009 (HKLM\...\TaxACT 2009) (Version: - 2nd Story Software, Inc.) TaxACT 2009 New Jersey (HKLM\...\TaxACT 2009 New Jersey) (Version: - 2nd Story Software, Inc.) TaxACT 2010 (HKLM\...\TaxACT 2010) (Version: - 2nd Story Software, Inc.) TaxACT 2010 New Jersey (HKLM\...\TaxACT 2010 New Jersey) (Version: - 2nd Story Software, Inc.) TaxACT 2011 - 1040 Edition (HKLM\...\TaxACT 2011 - 1040 Edition) (Version: - 2nd Story Software, Inc.) TaxACT 2011 New Jersey (HKLM\...\TaxACT 2011 New Jersey) (Version: - 2nd Story Software, Inc.) TaxACT 2012 - 1040 Edition (HKLM\...\TaxACT 2012 - 1040 Edition) (Version: - 2nd Story Software, Inc.) TaxACT 2012 New Jersey (HKLM\...\TaxACT 2012 New Jersey) (Version: - 2nd Story Software, Inc.) TaxACT New Jersey 2007 (HKLM\...\TaxACT New Jersey 2007) (Version: - 2nd Story Software, Inc.) The Sims Makin' Magic (HKLM\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version: - ) TurboTax Basic 2005 (HKLM\...\TurboTax Basic 2005) (Version: - ) TurboTax Basic 2006 (HKLM\...\TurboTax Basic 2006) (Version: - ) TurboTax ItsDeductible 2005 (HKLM\...\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}) (Version: 9.05.0000 - Intuit) TurboTax ItsDeductible 2006 (HKLM\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Media Player 10 (KB910393) (Version: - Microsoft Corporation) Hidden Update for Windows Media Player 10 (KB913800) (Version: - Microsoft Corporation) Hidden Update for Windows Media Player 10 (KB926251) (Version: - Microsoft Corporation) Hidden Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB953356) (HKLM\...\KB953356) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - ) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinZip Self-Extractor (HKLM\...\WinZip Self-Extractor) (Version: - WinZip Computing, S.L.) ==================== Restore Points ========================= 11-01-2014 17:02:38 Software Distribution Service 3.0 12-01-2014 17:15:18 Software Distribution Service 3.0 14-01-2014 01:09:21 Software Distribution Service 3.0 14-01-2014 18:14:11 Software Distribution Service 3.0 15-01-2014 02:54:32 Software Distribution Service 3.0 16-01-2014 01:00:20 Software Distribution Service 3.0 17-01-2014 00:55:22 Software Distribution Service 3.0 18-01-2014 15:47:10 Software Distribution Service 3.0 19-01-2014 17:28:00 Software Distribution Service 3.0 20-01-2014 22:50:10 Software Distribution Service 3.0 21-01-2014 23:17:53 Software Distribution Service 3.0 22-01-2014 23:38:20 Software Distribution Service 3.0 24-01-2014 00:53:55 Software Distribution Service 3.0 25-01-2014 18:42:27 Software Distribution Service 3.0 27-01-2014 03:06:11 Software Distribution Service 3.0 28-01-2014 22:38:49 Software Distribution Service 3.0 29-01-2014 22:40:34 System Checkpoint 30-01-2014 21:22:28 Software Distribution Service 3.0 31-01-2014 21:30:16 Software Distribution Service 3.0 02-02-2014 17:49:44 Software Distribution Service 3.0 03-02-2014 21:13:26 Software Distribution Service 3.0 04-02-2014 23:18:38 Software Distribution Service 3.0 05-02-2014 23:51:15 System Checkpoint 06-02-2014 13:26:04 Software Distribution Service 3.0 07-02-2014 23:29:59 Software Distribution Service 3.0 09-02-2014 00:25:46 Software Distribution Service 3.0 10-02-2014 22:04:28 Software Distribution Service 3.0 11-02-2014 23:12:54 System Checkpoint 12-02-2014 00:47:25 Software Distribution Service 3.0 12-02-2014 01:00:19 Software Distribution Service 3.0 13-02-2014 19:34:00 Software Distribution Service 3.0 15-02-2014 22:32:41 Software Distribution Service 3.0 17-02-2014 21:33:57 Software Distribution Service 3.0 18-02-2014 00:25:55 Software Distribution Service 3.0 19-02-2014 00:43:38 System Checkpoint 19-02-2014 03:39:37 Software Distribution Service 3.0 20-02-2014 22:44:10 Software Distribution Service 3.0 22-02-2014 19:08:30 Software Distribution Service 3.0 23-02-2014 19:29:12 System Checkpoint 24-02-2014 21:12:14 Software Distribution Service 3.0 24-02-2014 23:54:12 Software Distribution Service 3.0 26-02-2014 03:39:34 Software Distribution Service 3.0 27-02-2014 21:29:14 Software Distribution Service 3.0 28-02-2014 21:31:32 System Checkpoint 01-03-2014 12:58:41 Software Distribution Service 3.0 02-03-2014 16:15:41 Software Distribution Service 3.0 04-03-2014 00:26:29 Software Distribution Service 3.0 05-03-2014 00:49:08 System Checkpoint 05-03-2014 01:37:17 Software Distribution Service 3.0 06-03-2014 01:58:06 System Checkpoint 06-03-2014 03:37:11 Software Distribution Service 3.0 06-03-2014 13:02:59 Installed Java 7 Update 51 07-03-2014 12:21:46 Software Distribution Service 3.0 09-03-2014 18:08:28 Software Distribution Service 3.0 10-03-2014 23:42:34 Software Distribution Service 3.0 14-03-2014 00:14:56 Software Distribution Service 3.0 15-03-2014 13:09:02 Software Distribution Service 3.0 15-03-2014 13:28:26 Software Distribution Service 3.0 16-03-2014 15:54:21 Software Distribution Service 3.0 20-03-2014 18:57:00 Software Distribution Service 3.0 21-03-2014 00:01:34 Software Distribution Service 3.0 21-03-2014 21:59:52 Software Distribution Service 3.0 22-03-2014 02:41:05 Software Distribution Service 3.0 23-03-2014 01:25:06 Software Distribution Service 3.0 24-03-2014 20:36:05 Software Distribution Service 3.0 29-03-2014 00:52:07 System Checkpoint 30-03-2014 14:48:23 Software Distribution Service 3.0 31-03-2014 22:44:04 Software Distribution Service 3.0 02-04-2014 12:21:01 Software Distribution Service 3.0 03-04-2014 00:00:53 Software Distribution Service 3.0 04-04-2014 22:00:20 Software Distribution Service 3.0 05-04-2014 23:47:27 Software Distribution Service 3.0 06-04-2014 17:27:07 Installed Windows XP Wdf01009. 06-04-2014 22:52:10 Removed Google+ Auto Backup 07-04-2014 23:50:35 System Checkpoint 09-04-2014 00:06:28 System Checkpoint 09-04-2014 03:38:14 malware directions 09-04-2014 16:40:15 diagnostics 09-04-2014 23:25:25 Software Distribution Service 3.0 10-04-2014 23:37:52 System Checkpoint 11-04-2014 01:57:14 avast! antivirus system restore point 11-04-2014 12:15:00 Removed QuickTime ==================== Hosts content: ========================== 2014-04-09 14:03 - 2014-04-09 14:14 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-11 04:47 - 2014-04-11 04:47 - 02209792 _____ () C:\Program Files\AVAST Software\Avast\defs\14041100\algo.dll 2004-08-10 08:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll 2004-08-10 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2004-08-10 08:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2004-08-10 08:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2014-04-10 21:58 - 2014-04-10 21:58 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2005-08-03 03:19 - 2005-08-03 03:19 - 00050176 _____ () C:\WINDOWS\armcex.dll 2014-03-28 21:48 - 2014-03-28 21:48 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe:BDU AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe:BDU ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\08168067.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64325346.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08168067.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64325346.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 129093 Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 129093 Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 28811078 Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 28811078 Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 28622375 Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 28622375 Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/10/2014 07:42:08 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 28608125 System errors: ============= Error: (04/11/2014 08:42:29 AM) (Source: Service Control Manager) (User: ) Description: The ARSVC service terminated unexpectedly. It has done this 1 time(s). Error: (04/10/2014 09:52:46 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 Error: (04/10/2014 09:52:45 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (04/10/2014 09:46:34 PM) (Source: Service Control Manager) (User: ) Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (04/10/2014 09:43:45 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (04/10/2014 07:16:26 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: fasttx2k IntelIde ViaIde Error: (04/10/2014 10:21:51 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: fasttx2k IntelIde ViaIde Error: (04/10/2014 08:37:51 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: fasttx2k IntelIde ViaIde Error: (04/10/2014 08:37:51 AM) (Source: Service Control Manager) (User: ) Description: The Search Protect by Conduit Service service failed to start due to the following error: %%3 Error: (04/09/2014 07:39:52 PM) (Source: Service Control Manager) (User: ) Description: The Search Protect by Conduit Service service failed to start due to the following error: %%3 Microsoft Office Sessions: ========================= Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 129093 Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 129093 Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 28811078 Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 28811078 Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 28622375 Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 28622375 Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/10/2014 07:42:08 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 28608125 ==================== Memory info =========================== Percentage of memory in use: 69% Total physical RAM: 958.48 MB Available physical RAM: 289.7 MB Total Pagefile: 2311.91 MB Available Pagefile: 1683.2 MB Total Virtual: 2047.88 MB Available Virtual: 1937.59 MB ==================== Drives ================================ Drive c: (PRESARIO) (Fixed) (Total:178.3 GB) (Free:52.81 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (PRESARIO_RP) (Fixed) (Total:8 GB) (Free:1 GB) FAT32 ==>[Drive with boot components (Windows XP)] Drive e: (MIDTOWN2) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 186 GB) (Disk ID: 1549F232) Partition 1: (Not Active) - (Size=8 GB) - (Type=0C) Partition 2: (Active) - (Size=178 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 29 days old and could be outdated) Ran by Compaq_Administrator (administrator) on BETSY on 11-04-2014 08:49:42 Running from C:\Documents and Settings\Compaq_Administrator\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation) HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-06] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-10] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-3802832114-202172747-1413937691-1008\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-3802832114-202172747-1413937691-1008\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-10] (Google Inc.) HKU\S-1-5-21-3802832114-202172747-1413937691-1008\...\Policies\system: [DisableClock] 0 Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-21] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-10] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-10] ========================== Services (Whitelisted) ================= S2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-10] (AVAST Software) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-06] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3644928 2005-08-29] (Realtek Semiconductor Corp.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices) R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation) S3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation) R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation) R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation) R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-10] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-10] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-10] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-10] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-10] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-10] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-04-10] () R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-03] (Promise Technology, Inc.) R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175616 2005-04-15] (Promise Technology, Inc.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2006-12-06] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-12-06] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-12-06] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation ) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-25] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-25] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67656 2010-07-26] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [11616 2000-08-28] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S3 TDPIPE; No ImagePath ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-04-11 08:48 - 2014-04-11 08:48 - 01145856 _____ (Farbar) C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.exe 2014-04-10 22:04 - 2014-04-10 22:04 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\AVAST Software 2014-04-10 22:01 - 2014-04-10 22:01 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-04-10 22:01 - 2014-04-10 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-04-10 22:00 - 2014-04-11 07:03 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-04-10 22:00 - 2014-04-10 22:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-04-10 21:58 - 2014-04-10 21:58 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-04-10 21:58 - 2014-04-10 21:58 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-10 21:56 - 2014-04-10 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-04-10 21:53 - 2014-04-10 21:53 - 00097168 _____ () C:\Documents and Settings\All Users\Application Data\1397181151.bdinstall.bin 2014-04-10 21:53 - 2014-04-10 21:53 - 00000446 _____ () C:\WINDOWS\setupapi.log 2014-04-10 21:50 - 2014-04-10 21:50 - 00058044 _____ () C:\Documents and Settings\All Users\Application Data\1397180605.bdinstall.bin 2014-04-10 21:43 - 2014-04-10 21:43 - 00037461 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.bdinstall.bin 2014-04-10 21:43 - 2014-04-10 21:43 - 00036265 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.548.bin 2014-04-10 08:44 - 2014-04-10 09:41 - 00000000 ____D () C:\AdwCleaner 2014-04-10 08:43 - 2014-04-10 08:43 - 01426178 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe 2014-04-10 08:41 - 2014-04-10 08:41 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-09 19:28 - 2014-04-09 19:36 - 00013280 _____ () C:\WINDOWS\iis6.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00012317 _____ () C:\WINDOWS\FaxSetup.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00005912 _____ () C:\WINDOWS\ocgen.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00005642 _____ () C:\WINDOWS\tsoc.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00004124 _____ () C:\WINDOWS\comsetup.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00003742 _____ () C:\WINDOWS\msmqinst.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00002496 _____ () C:\WINDOWS\ntdtcsetup.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00002166 _____ () C:\WINDOWS\netfxocm.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00001378 _____ () C:\WINDOWS\plusoc.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00001355 _____ () C:\WINDOWS\imsins.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00000860 _____ () C:\WINDOWS\MedCtrOC.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00000684 _____ () C:\WINDOWS\ocmsn.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00000676 _____ () C:\WINDOWS\ehOCGen.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00000622 _____ () C:\WINDOWS\tabletoc.log 2014-04-09 19:28 - 2014-04-09 19:36 - 00000618 _____ () C:\WINDOWS\msgsocm.log 2014-04-09 19:28 - 2014-04-09 19:28 - 00002723 _____ () C:\WINDOWS\updspapi.log 2014-04-09 19:28 - 2014-04-09 19:28 - 00001355 _____ () C:\WINDOWS\imsins.BAK 2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-04-09 19:25 - 2014-04-09 19:28 - 00012510 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-09 19:07 - 2014-04-09 19:36 - 00015496 _____ () C:\WINDOWS\KB2922229.log 2014-04-09 14:23 - 2014-04-09 14:23 - 00022790 _____ () C:\ComboFix.txt 2014-04-09 13:33 - 2014-04-09 13:33 - 05196025 ____R (Swearware) C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe 2014-04-09 12:42 - 2014-04-09 12:42 - 04139872 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe 2014-04-08 23:23 - 2014-04-08 23:23 - 00002770 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RKreport[0]_S_04082014_232341.txt 2014-04-08 23:20 - 2014-04-08 23:37 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Desktop\RK_Quarantine 2014-04-08 23:16 - 2014-04-08 23:16 - 03972608 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe 2014-04-08 22:21 - 2014-04-08 22:44 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe 2014-04-08 19:32 - 2014-04-11 08:50 - 00013643 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.txt 2014-04-08 19:32 - 2014-04-08 19:32 - 00031685 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Addition.txt 2014-04-08 14:27 - 2014-04-11 08:49 - 00000000 ____D () C:\FRST 2014-04-07 21:39 - 2014-04-07 21:40 - 00697212 _____ () C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20140407_213859.reg 2014-04-07 21:00 - 2014-04-07 21:00 - 00000690 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2014-04-07 20:51 - 2014-04-10 20:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-04-06 13:48 - 2014-04-10 21:50 - 00129152 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2014-04-06 13:27 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll 2014-04-06 13:26 - 2014-04-06 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$ 2014-04-06 13:26 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll 2014-04-06 13:23 - 2014-04-06 13:25 - 00027003 _____ () C:\Report 2014-04-06 13.23.33.txt 2014-04-06 13:23 - 2014-04-06 13:23 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\QuickScan 2014-03-28 21:48 - 2014-03-28 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-22 14:13 - 2014-04-11 06:57 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-22 14:13 - 2014-04-08 18:10 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-21 22:43 - 2014-03-21 22:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-21 17:54 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-21 17:54 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ ==================== One Month Modified Files and Folders ======= 2014-04-11 08:50 - 2014-04-08 19:32 - 00013643 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.txt 2014-04-11 08:49 - 2014-04-08 14:27 - 00000000 ____D () C:\FRST 2014-04-11 08:48 - 2014-04-11 08:48 - 01145856 _____ (Farbar) C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.exe 2014-04-11 08:15 - 2006-03-12 16:52 - 00000000 ____D () C:\Program Files\QuickTime 2014-04-11 08:04 - 2012-11-25 12:37 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-11 07:58 - 2014-02-07 19:53 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2014-04-11 07:54 - 2012-04-14 15:08 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-11 07:54 - 2011-06-23 15:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-11 07:03 - 2014-04-10 22:00 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-04-11 06:57 - 2014-03-22 14:13 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-04-11 06:57 - 2012-11-25 12:37 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-11 06:57 - 2005-07-02 09:26 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-11 06:04 - 2005-07-02 09:36 - 00032432 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-11 04:22 - 2005-07-02 09:36 - 01992264 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-11 00:46 - 2005-07-14 13:12 - 00000000 ____D () C:\WINDOWS\Registration 2014-04-11 00:46 - 2005-07-02 09:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-11 00:46 - 2005-01-28 05:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-04-11 00:46 - 2005-01-28 05:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-04-10 22:17 - 2006-02-05 18:57 - 00000178 ___SH () C:\Documents and Settings\Compaq_Administrator\ntuser.ini 2014-04-10 22:16 - 2006-02-05 18:57 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator 2014-04-10 22:04 - 2014-04-10 22:04 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\AVAST Software 2014-04-10 22:01 - 2014-04-10 22:01 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-04-10 22:01 - 2014-04-10 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-04-10 22:00 - 2014-04-10 22:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-04-10 22:00 - 2005-11-11 17:41 - 00000000 ____D () C:\Program Files\Google 2014-04-10 21:58 - 2014-04-10 21:58 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-04-10 21:58 - 2014-04-10 21:58 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-04-10 21:58 - 2014-04-10 21:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-10 21:56 - 2014-04-10 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-04-10 21:53 - 2014-04-10 21:53 - 00097168 _____ () C:\Documents and Settings\All Users\Application Data\1397181151.bdinstall.bin 2014-04-10 21:53 - 2014-04-10 21:53 - 00000446 _____ () C:\WINDOWS\setupapi.log 2014-04-10 21:50 - 2014-04-10 21:50 - 00058044 _____ () C:\Documents and Settings\All Users\Application Data\1397180605.bdinstall.bin 2014-04-10 21:50 - 2014-04-06 13:48 - 00129152 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-04-10 21:43 - 2014-04-10 21:43 - 00037461 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.bdinstall.bin 2014-04-10 21:43 - 2014-04-10 21:43 - 00036265 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.548.bin 2014-04-10 20:03 - 2014-04-07 20:51 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-04-10 10:20 - 2008-04-09 18:12 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB948881$ 2014-04-10 09:41 - 2014-04-10 08:44 - 00000000 ____D () C:\AdwCleaner 2014-04-10 08:43 - 2014-04-10 08:43 - 01426178 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe 2014-04-10 08:41 - 2014-04-10 08:41 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-09 20:13 - 2007-04-21 08:24 - 00002489 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\p;.'.lnk 2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-09 19:36 - 2014-04-09 19:28 - 00013280 _____ () C:\WINDOWS\iis6.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00012317 _____ () C:\WINDOWS\FaxSetup.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00005912 _____ () C:\WINDOWS\ocgen.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00005642 _____ () C:\WINDOWS\tsoc.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00004124 _____ () C:\WINDOWS\comsetup.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00003742 _____ () C:\WINDOWS\msmqinst.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00002496 _____ () C:\WINDOWS\ntdtcsetup.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00002166 _____ () C:\WINDOWS\netfxocm.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00001378 _____ () C:\WINDOWS\plusoc.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00001355 _____ () C:\WINDOWS\imsins.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00000860 _____ () C:\WINDOWS\MedCtrOC.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00000684 _____ () C:\WINDOWS\ocmsn.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00000676 _____ () C:\WINDOWS\ehOCGen.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00000622 _____ () C:\WINDOWS\tabletoc.log 2014-04-09 19:36 - 2014-04-09 19:28 - 00000618 _____ () C:\WINDOWS\msgsocm.log 2014-04-09 19:36 - 2014-04-09 19:07 - 00015496 _____ () C:\WINDOWS\KB2922229.log 2014-04-09 19:35 - 2013-08-11 10:35 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-09 19:29 - 2006-04-16 18:09 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-09 19:28 - 2014-04-09 19:28 - 00002723 _____ () C:\WINDOWS\updspapi.log 2014-04-09 19:28 - 2014-04-09 19:28 - 00001355 _____ () C:\WINDOWS\imsins.BAK 2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-04-09 19:28 - 2014-04-09 19:25 - 00012510 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-09 19:03 - 2005-11-11 16:46 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-04-09 14:23 - 2014-04-09 14:23 - 00022790 _____ () C:\ComboFix.txt 2014-04-09 14:23 - 2011-06-08 23:32 - 00000000 ____D () C:\Qoobox 2014-04-09 14:15 - 2005-01-28 05:30 - 00000262 _____ () C:\WINDOWS\system.ini 2014-04-09 14:06 - 2005-07-02 09:36 - 44564480 _____ () C:\WINDOWS\system32\config\software.bak 2014-04-09 14:06 - 2005-07-02 09:36 - 07340032 _____ () C:\WINDOWS\system32\config\system.bak 2014-04-09 14:06 - 2005-07-02 09:36 - 03932160 _____ () C:\WINDOWS\system32\config\default.bak 2014-04-09 14:06 - 2005-07-02 09:36 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak 2014-04-09 14:06 - 2005-07-02 09:36 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak 2014-04-09 14:05 - 2010-02-21 17:22 - 00008192 _____ () C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2014-04-09 14:05 - 2010-02-10 19:21 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-04-09 13:33 - 2014-04-09 13:33 - 05196025 ____R (Swearware) C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe 2014-04-09 12:42 - 2014-04-09 12:42 - 04139872 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe 2014-04-08 23:37 - 2014-04-08 23:20 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Desktop\RK_Quarantine 2014-04-08 23:23 - 2014-04-08 23:23 - 00002770 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RKreport[0]_S_04082014_232341.txt 2014-04-08 23:16 - 2014-04-08 23:16 - 03972608 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe 2014-04-08 22:44 - 2014-04-08 22:21 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe 2014-04-08 22:17 - 2005-07-01 19:51 - 00000325 __RSH () C:\boot.ini 2014-04-08 22:17 - 2005-01-28 13:41 - 00000665 _____ () C:\WINDOWS\win.ini 2014-04-08 20:08 - 2013-07-31 02:16 - 00001821 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-04-08 19:32 - 2014-04-08 19:32 - 00031685 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Addition.txt 2014-04-08 18:10 - 2014-03-22 14:13 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-04-07 21:55 - 2005-07-14 12:49 - 00000000 ____D () C:\Program Files\MSN 2014-04-07 21:40 - 2014-04-07 21:39 - 00697212 _____ () C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20140407_213859.reg 2014-04-07 21:30 - 2006-08-11 22:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2014-04-07 21:22 - 2011-12-18 18:24 - 00000000 ____D () C:\WINDOWS\Minidump 2014-04-07 21:21 - 2014-03-02 12:18 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Control Center for KODAK Webcams 2014-04-07 21:00 - 2014-04-07 21:00 - 00000690 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2014-04-06 21:02 - 2011-08-09 13:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$ 2014-04-06 18:58 - 2014-02-07 19:53 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2014-04-06 18:49 - 2006-02-05 18:57 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google 2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2014-04-06 13:26 - 2014-04-06 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$ 2014-04-06 13:25 - 2014-04-06 13:23 - 00027003 _____ () C:\Report 2014-04-06 13.23.33.txt 2014-04-06 13:23 - 2014-04-06 13:23 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\QuickScan 2014-04-06 13:16 - 2006-08-11 23:08 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\Lavasoft 2014-04-06 13:13 - 2012-05-28 18:38 - 00001945 _____ () C:\WINDOWS\epplauncher.mif 2014-04-06 13:11 - 2005-11-11 17:23 - 00000000 ____D () C:\Program Files\Adobe 2014-04-04 17:58 - 2008-05-11 08:22 - 04498596 _____ () C:\debug.log 2014-03-31 18:33 - 2012-11-03 07:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-30 22:33 - 2014-03-02 13:07 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\Skype 2014-03-30 13:25 - 2014-03-02 13:05 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk 2014-03-28 21:49 - 2014-03-28 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-21 22:43 - 2014-03-21 22:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-15 09:17 - 2005-07-02 09:34 - 00216856 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-15 09:07 - 2010-06-03 08:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 20:22 - 2010-10-08 23:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-03-12 06:48 - 2009-03-21 10:06 - 00993280 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll 2014-03-12 06:48 - 2004-08-10 08:00 - 00993280 ____N (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll Some content of TEMP: ==================== C:\Documents and Settings\Compaq_Administrator\Local Settings\temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================

Browser was still getting hung up so I changed antivirus from bitdefender to avast thinking that since bitdefender was a new program I had just installed a few days ago maybe it was causing problems. Avast did an initial scan and found something then recommended some type of scan before windows opened up. I followed through on that and it found: HTML:Object-inf win32:Dropper-gen (Drp) HTML: Bankfraud A (Trj) Win32 Somoto-Nm (pup) MBR:Alureon-B (Rtk) Win32:Alureon-MJ@mbr (Rtk) Win, Win64:Alureon-B@mber (Rtk) Java:CVE-2012 (Expl) I tried using the browser again after this and it did not get hung up so hopefully it found the problem there. With all this stuff I'm thinking there still may be other problems though. Any other suggestions? Thanks!!!

Thanks. Ran TDSSKiller and no threats were found.

Ok thanks MrC. While running AdwCleaner scan Bitdefender (my virus protection program that was running in the background) found & quarantined 2 files -trojan.generic 6524559 and trojan generic7655897. another log that was posted in bitdefender today had rootkit.tdss.bk twice. These were quarantined also. Could be rootkit.tdss just be tdsskiller program that I ran? Anyway here are the logs: # AdwCleaner v3.023 - Report created 10/04/2014 at 09:41:17 # Updated 01/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Compaq_Administrator - BETSY # Running from : C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : CltMngSvc ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Program Files\registry mechanic Folder Deleted : C:\Program Files\SearchProtect Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SearchProtect Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk File Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\searchplugins\conduit-search.xml File Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search"); Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search"); Line Deleted : user_pref("playsushi.position.button", true); -\\ Google Chrome v34.0.1847.116 [ File : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url ************************* AdwCleaner[R0].txt - [5296 octets] - [10/04/2014 08:44:54] AdwCleaner[s0].txt - [4646 octets] - [10/04/2014 09:41:17] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4706 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.10.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Compaq_Administrator :: BETSY [administrator] 4/10/2014 9:54:11 AM MBAM-log-2014-04-10 (10-16-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM Scan options disabled: Heuristics/Shuriken | P2P Objects scanned: 264039 Time elapsed: 17 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\setup_ic.exe (PUP.Optional.Bundlore) -> No action taken. (end)

Thanks. There were 2 logs from TDSSKiller. I have attached the scans because they were too long to paste and I got an error message when I tried to do that. log.txt TDSSKiller.3.0.0.30_09.04.2014_12.47.35_log.txt TDSSKiller.3.0.0.30_09.04.2014_12.43.10_log.txt

Thanks, Mr. Charlie, Here are the reports: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.08.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Compaq_Administrator :: BETSY [administrator] 4/8/2014 10:55:06 PM mbam-log-2014-04-08 (22-55-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM Scan options disabled: Heuristics/Shuriken | P2P Objects scanned: 261871 Time elapsed: 15 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Compaq_Administrator [Admin rights] Mode : Scan -- Date : 04/08/2014 23:23:41 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [WALLPAPER][PUM] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Compaq_Administrator\My Documents\My Pictures\Picasa\Backgrounds\picasabackground-001b.bmp) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 1 ¤¤¤ [FF][PUP] lnz31fjj.default : Yahoo Toolbar ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6L200M0 +++++ --- User --- [MBR] 397b623dbac3e08eb39e69b8f21d1d9d [bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8205 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16803990 | Size: 182574 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB SD Reader USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB CF Reader USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic USB SM Reader USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic USB MS Reader USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_04082014_232341.txt >>

forgot to mention I had recently installed bitdefender free edition since windows xp is no longer being updated. I had Microsoft Security Essentials. I am thinking of switching to Avast to see if the browser hangups is being caused by bitdefender. That is the only thing that is new on the computer. Thanks.

Hi, I found trojan.dropper/svchost-fake when doing a scan with super antispyware free edition. I removed it but I would like to make sure it is gone. I ran Farbar recovery snanner and the results are attached. I tried to paste the results and send it but my browser got hung up. My browser has been getting hung up after a few minutes all the time now when I try to go to another page or click on a link. The computer has been running extremely slow and everything I do takes forever. thanks!! FRST.txt Addition.txt

Thanks, again! I will try to follow all your suggestions. Poppy2

got Adobe reader taken care of. Computer seems to be working fine. Any other suggestions? This computer seems to get viruses a lot. I really appreciate your help, Kenny94.

awesome, that worked!

ok here is the log,thanks: Avira AntiVir Personal Report file date: Saturday, June 11, 2011 22:59 Scanning for 2752344 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : Compaq_Administrator Computer name : BETSY Version information: BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00 AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 21:07:43 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 21:07:57 LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 21:07:53 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:15:47 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:15:47 VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 02:48:23 VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 02:48:42 VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 02:48:42 VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 02:48:42 VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 02:48:42 VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 02:48:42 VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 02:48:43 VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 02:48:43 VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 02:48:43 VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 02:48:43 VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 02:48:44 VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 02:48:45 VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 02:48:47 VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 02:48:48 VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 02:48:49 VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 02:48:50 VBASE019.VDF : 7.11.9.144 2048 Bytes 6/10/2011 02:48:50 VBASE020.VDF : 7.11.9.145 2048 Bytes 6/10/2011 02:48:50 VBASE021.VDF : 7.11.9.146 2048 Bytes 6/10/2011 02:48:50 VBASE022.VDF : 7.11.9.147 2048 Bytes 6/10/2011 02:48:51 VBASE023.VDF : 7.11.9.148 2048 Bytes 6/10/2011 02:48:51 VBASE024.VDF : 7.11.9.149 2048 Bytes 6/10/2011 02:48:51 VBASE025.VDF : 7.11.9.150 2048 Bytes 6/10/2011 02:48:51 VBASE026.VDF : 7.11.9.151 2048 Bytes 6/10/2011 02:48:51 VBASE027.VDF : 7.11.9.152 2048 Bytes 6/10/2011 02:48:51 VBASE028.VDF : 7.11.9.153 2048 Bytes 6/10/2011 02:48:51 VBASE029.VDF : 7.11.9.154 2048 Bytes 6/10/2011 02:48:52 VBASE030.VDF : 7.11.9.155 2048 Bytes 6/10/2011 02:48:52 VBASE031.VDF : 7.11.9.159 8704 Bytes 6/11/2011 02:48:52 Engineversion : 8.2.5.14 AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 20:15:27 AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/12/2011 02:49:17 AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 20:15:27 AESBX.DLL : 8.2.1.34 323957 Bytes 6/12/2011 02:49:18 AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 16:21:38 AEPACK.DLL : 8.2.6.8 557430 Bytes 6/12/2011 02:49:14 AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/12/2011 02:49:11 AEHEUR.DLL : 8.1.2.125 3543415 Bytes 6/12/2011 02:49:10 AEHELP.DLL : 8.1.17.2 246135 Bytes 6/12/2011 02:48:58 AEGEN.DLL : 8.1.5.6 401780 Bytes 6/12/2011 02:48:57 AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 20:15:19 AECORE.DLL : 8.1.21.1 196983 Bytes 6/12/2011 02:48:55 AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 20:15:19 AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 20:15:31 AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 21:07:42 AVREP.DLL : 10.0.0.10 174120 Bytes 6/12/2011 02:49:20 AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 21:07:42 AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 21:07:43 AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 21:07:38 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 21:07:41 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 20:15:30 NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 20:15:39 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 21:07:58 RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 20:15:52 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Saturday, June 11, 2011 22:59 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '69' Module(s) have been scanned Scan process 'avconfig.exe' - '79' Module(s) have been scanned Scan process 'avcenter.exe' - '103' Module(s) have been scanned Scan process 'avgnt.exe' - '58' Module(s) have been scanned Scan process 'sched.exe' - '46' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'avguard.exe' - '56' Module(s) have been scanned Scan process 'iexplore.exe' - '121' Module(s) have been scanned Scan process 'iexplore.exe' - '71' Module(s) have been scanned Scan process 'ehmsas.exe' - '22' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'TomTomHOMERunner.exe' - '26' Module(s) have been scanned Scan process 'FUFAXSTM.exe' - '65' Module(s) have been scanned Scan process 'EEventManager.exe' - '56' Module(s) have been scanned Scan process 'qttask.exe' - '19' Module(s) have been scanned Scan process 'ARPWRMSG.EXE' - '14' Module(s) have been scanned Scan process 'ehtray.exe' - '45' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'Explorer.EXE' - '94' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '20' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '15' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '29' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '55' Module(s) have been scanned Scan process 'TomTomHOMEService.exe' - '9' Module(s) have been scanned Scan process 'svchost.exe' - '43' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'SeaPort.exe' - '45' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'MDM.EXE' - '22' Module(s) have been scanned Scan process 'LSSrvc.exe' - '16' Module(s) have been scanned Scan process 'E_S50ST7.EXE' - '16' Module(s) have been scanned Scan process 'ehSched.exe' - '21' Module(s) have been scanned Scan process 'ehRecvr.exe' - '43' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'arservice.exe' - '24' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned Scan process 'eEBSVC.exe' - '23' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'spoolsv.exe' - '62' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '166' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '36' Module(s) have been scanned Scan process 'winlogon.exe' - '82' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1060' files ). Starting the file scan: Begin scan in 'C:\' <PRESARIO> Begin scan in 'D:\' <PRESARIO_RP> End of the scan: Sunday, June 12, 2011 00:38 Used time: 1:39:15 Hour(s) The scan has been done completely. 14477 Scanned directories 532917 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 532917 Files not concerned 16260 Archives were scanned 0 Warnings 1 Notes 619571 Objects were scanned with rootkit scan 1 Hidden objects were found

thanks, Kenny94, that worked. here is the log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6832 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/10/2011 10:05:05 PM mbam-log-2011-06-10 (22-05-05).txt Scan type: Quick scan Objects scanned: 170434 Time elapsed: 5 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

when I try to update malwarebytes it looks like it's updating but it keeps loading over and over and never finishes. then I got a popup with an error code that says PROGRAM_ERROR_UPDATING (5,0, Create File) Access is denied I did a manual update and here is the log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6516 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/9/2011 10:14:46 PM mbam-log-2011-06-09 (22-14-46).txt Scan type: Quick scan Objects scanned: 164484 Time elapsed: 5 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

here is the combofix log, thanks: . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk . . ((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 ))))))))))))))))))))))))))))))) . . 2011-06-09 04:05 . 2011-06-09 04:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG10 2011-06-09 03:37 . 2011-06-09 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ---ha-w- c:\windows\system32\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91917DC6-93B9-4E62-B2D6-D39C9618C418}] 2010-04-12 14:34 630272 ---ha-w- c:\program files\Shop to Win 4\ShoppingBHO.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-02-25 05:07 548352 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"= "c:\\Program Files\\WildTangent\\Apps\\Compaq Game Console\\GameConsole.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 67656] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [1/3/2011 12:02 AM 153600] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 8:29 AM 92008] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 12872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2011-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.drudgereport.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q= FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-09 00:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(588) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2011-06-09 00:30:00 ComboFix-quarantined-files.txt 2011-06-09 04:29 . Pre-Run: 90,197,950,464 bytes free Post-Run: 90,294,259,712 bytes free . - - End Of File - - E9CE23BEC2DC2EFD12FBAB8AD75FB469

Nothing was found. Here is the log, thanks: 2011/06/08 22:58:14.0968 2576 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/08 22:58:15.0453 2576 ================================================================================ 2011/06/08 22:58:15.0453 2576 SystemInfo: 2011/06/08 22:58:15.0453 2576 2011/06/08 22:58:15.0453 2576 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/08 22:58:15.0453 2576 Product type: Workstation 2011/06/08 22:58:15.0453 2576 ComputerName: BETSY 2011/06/08 22:58:15.0453 2576 UserName: Compaq_Administrator 2011/06/08 22:58:15.0453 2576 Windows directory: C:\WINDOWS 2011/06/08 22:58:15.0453 2576 System windows directory: C:\WINDOWS 2011/06/08 22:58:15.0453 2576 Processor architecture: Intel x86 2011/06/08 22:58:15.0453 2576 Number of processors: 1 2011/06/08 22:58:15.0453 2576 Page size: 0x1000 2011/06/08 22:58:15.0453 2576 Boot type: Normal boot 2011/06/08 22:58:15.0453 2576 ================================================================================ 2011/06/08 22:58:17.0531 2576 Initialize success 2011/06/08 22:58:59.0328 2164 ================================================================================ 2011/06/08 22:58:59.0328 2164 Scan started 2011/06/08 22:58:59.0328 2164 Mode: Manual; 2011/06/08 22:58:59.0328 2164 ================================================================================ 2011/06/08 22:59:00.0062 2164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/08 22:59:00.0156 2164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/08 22:59:00.0359 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/08 22:59:00.0500 2164 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/06/08 22:59:00.0687 2164 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/06/08 22:59:01.0312 2164 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/06/08 22:59:01.0687 2164 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/06/08 22:59:01.0937 2164 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys 2011/06/08 22:59:02.0000 2164 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 2011/06/08 22:59:02.0078 2164 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 2011/06/08 22:59:02.0140 2164 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 2011/06/08 22:59:02.0265 2164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/08 22:59:02.0343 2164 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys 2011/06/08 22:59:02.0640 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/08 22:59:02.0828 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/08 22:59:02.0984 2164 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/06/08 22:59:03.0109 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/08 22:59:03.0312 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/08 22:59:03.0437 2164 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/06/08 22:59:03.0546 2164 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/06/08 22:59:03.0750 2164 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/06/08 22:59:03.0875 2164 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/06/08 22:59:04.0000 2164 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/06/08 22:59:04.0218 2164 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/06/08 22:59:04.0390 2164 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/06/08 22:59:04.0453 2164 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/06/08 22:59:04.0671 2164 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys 2011/06/08 22:59:04.0734 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/08 22:59:04.0828 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/08 22:59:05.0062 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/08 22:59:05.0171 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/08 22:59:05.0343 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/08 22:59:05.0828 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/08 22:59:06.0046 2164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/08 22:59:06.0203 2164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/08 22:59:06.0453 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/08 22:59:06.0578 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/08 22:59:06.0890 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/08 22:59:07.0109 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/08 22:59:07.0171 2164 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys 2011/06/08 22:59:07.0312 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/06/08 22:59:07.0390 2164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/08 22:59:07.0578 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/06/08 22:59:07.0718 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/08 22:59:07.0890 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/08 22:59:07.0984 2164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/08 22:59:08.0046 2164 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys 2011/06/08 22:59:08.0140 2164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/06/08 22:59:08.0312 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/08 22:59:08.0546 2164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/08 22:59:08.0734 2164 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/06/08 22:59:08.0859 2164 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/06/08 22:59:09.0031 2164 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/06/08 22:59:09.0171 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/08 22:59:09.0609 2164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/08 22:59:09.0765 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/08 22:59:09.0984 2164 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/08 22:59:10.0078 2164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/08 22:59:10.0312 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/08 22:59:10.0406 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/08 22:59:10.0531 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/08 22:59:10.0718 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/08 22:59:10.0828 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/08 22:59:10.0937 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/08 22:59:11.0125 2164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/08 22:59:11.0281 2164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/08 22:59:11.0437 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/08 22:59:11.0593 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/08 22:59:11.0921 2164 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/06/08 22:59:12.0031 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/08 22:59:12.0125 2164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/08 22:59:12.0218 2164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/08 22:59:12.0328 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/08 22:59:12.0500 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/08 22:59:12.0625 2164 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/08 22:59:12.0812 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/08 22:59:12.0953 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/08 22:59:13.0062 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/08 22:59:13.0187 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/08 22:59:13.0343 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/08 22:59:13.0484 2164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/08 22:59:13.0656 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/08 22:59:13.0718 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/08 22:59:13.0781 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/08 22:59:13.0890 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/08 22:59:14.0062 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/08 22:59:14.0203 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/08 22:59:14.0343 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/08 22:59:14.0593 2164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/08 22:59:14.0718 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/08 22:59:14.0812 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/08 22:59:15.0031 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/08 22:59:15.0109 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/08 22:59:15.0171 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/08 22:59:15.0328 2164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/08 22:59:15.0515 2164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/08 22:59:15.0578 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/08 22:59:15.0718 2164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/08 22:59:15.0812 2164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/08 22:59:16.0046 2164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/08 22:59:16.0125 2164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/08 22:59:16.0750 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/08 22:59:16.0796 2164 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/06/08 22:59:16.0968 2164 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys 2011/06/08 22:59:17.0140 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/08 22:59:17.0359 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/08 22:59:17.0500 2164 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/08 22:59:17.0953 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/08 22:59:18.0078 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/08 22:59:18.0218 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/08 22:59:18.0312 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/08 22:59:18.0421 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/08 22:59:18.0562 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/08 22:59:18.0718 2164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/08 22:59:18.0890 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/08 22:59:19.0046 2164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/08 22:59:19.0296 2164 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 2011/06/08 22:59:19.0390 2164 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/06/08 22:59:19.0546 2164 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/06/08 22:59:19.0625 2164 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 2011/06/08 22:59:19.0703 2164 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 2011/06/08 22:59:19.0890 2164 Secdrv (2defb161a0afadc085f55450b706677e) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/08 22:59:20.0015 2164 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/08 22:59:20.0203 2164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/08 22:59:20.0312 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/08 22:59:20.0609 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/08 22:59:20.0796 2164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/08 22:59:20.0890 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/08 22:59:21.0078 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/08 22:59:21.0156 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/08 22:59:21.0734 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/08 22:59:21.0968 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/08 22:59:22.0156 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/08 22:59:22.0359 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/08 22:59:22.0593 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/08 22:59:22.0765 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/08 22:59:22.0953 2164 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/08 22:59:23.0015 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/08 22:59:23.0171 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/08 22:59:23.0296 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/08 22:59:23.0359 2164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/06/08 22:59:23.0468 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/08 22:59:23.0562 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/08 22:59:23.0609 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/08 22:59:23.0671 2164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/08 22:59:23.0781 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/08 22:59:23.0843 2164 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/06/08 22:59:24.0031 2164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/08 22:59:24.0171 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/08 22:59:24.0515 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/08 22:59:24.0812 2164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/06/08 22:59:24.0937 2164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/06/08 22:59:25.0156 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/08 22:59:25.0312 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/08 22:59:25.0437 2164 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0 2011/06/08 22:59:25.0453 2164 ================================================================================ 2011/06/08 22:59:25.0468 2164 Scan finished 2011/06/08 22:59:25.0468 2164 ================================================================================ 2011/06/08 22:59:25.0515 0200 Detected object count: 0 2011/06/08 22:59:25.0515 0200 Actual detected object count: 0

Hi Kenny, thanks for your help. Here is the aswMBR file: aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software Run date: 2011-06-08 22:38:50 ----------------------------- 22:38:50.937 OS Version: Windows 5.1.2600 Service Pack 3 22:38:50.937 Number of processors: 1 586 0x2F02 22:38:50.937 ComputerName: BETSY UserName: 22:38:51.734 Initialize success 22:38:53.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 22:38:53.890 Disk 0 Vendor: Maxtor_6L200M0 BACE1G10 Size: 190782MB BusType: 3 22:38:55.921 Disk 0 MBR read successfully 22:38:55.921 Disk 0 MBR scan 22:38:55.921 Disk 0 unknown MBR code 22:38:57.921 Disk 0 scanning sectors +390716865 22:38:57.953 Disk 0 scanning C:\WINDOWS\system32\drivers 22:39:05.640 Service scanning 22:39:06.765 Disk 0 trace - called modules: 22:39:06.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 22:39:06.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86310ab8] 22:39:06.781 3 CLASSPNP.SYS[f76b0fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8638da98] 22:39:06.781 5 ACPI.sys[f7547620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637e940] 22:39:06.781 Scan finished successfully 22:39:50.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat" 22:39:50.125 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"

Hi, I have had fake pop ups etc. and ran mbam (not updated version since update would not work) which found trojan.fakems and trojan.agent.gd. Under the start menu - all programs - there are no programs and on the desktop all icons dissapeared. The favorites in Internet Explorer are all gone also. I tried to run different versions of rkill and it would always say acess denied. I managed to manually update mbam and ran it again and it found one of the versions of rkill but nothing else. I can't retrieve the latest mbam log because the program won't start. I have attached the logs from mbam, dds and gmer. Sorry I can't figure out how to zip them since the program seems to be missing. The fake pop ups have stopped since mbam removed the trojans but my computer is still a mess and I can't update anything. Thanks for any help you can give me! dds.txt ark.txt Attach.txt mbam-log-2011-06-06 (06-41-12).txt