stonedlabradour Posted March 22, 2012 ID:536675 Share Posted March 22, 2012 Hi,Once again I'm getting the messages from antimalwarebytes blocking outgoing ip addresses.Can you please help meDDs.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by john gary at 0:04:40 on 2012-03-22Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.1790.1059 [GMT 0:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Uniblue\DriverScanner\dsmonitor.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Hotkey 1.0.4\FuncKey.exeC:\WINDOWS\system32\S3trayp.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\S3LoadSv.exeC:\Program Files\BitTorrent\BitTorrent.exeC:\Documents and Settings\john gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\john gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\john gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\john gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\john gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\john gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\john gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dlluRun: [Google Update] "c:\documents and settings\john gary\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [FuncKey] "c:\program files\hotkey 1.0.4\FuncKey.exe"mRun: [Apoint] c:\program files\apoint2k\Apoint.exemRun: [VTTimer] ;;; VTTimer.exemRun: [s3Trayp] S3trayp.exemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabTCP: DhcpNameServer = 89.101.160.4 89.101.160.5TCP: Interfaces\{1BED18EF-E2B0-4B2F-BADF-CA6094999F94} : DhcpNameServer = 89.101.160.4 89.101.160.5.============= SERVICES / DRIVERS ===============.R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2012-3-21 22168]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-4 652360]R2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [2012-3-21 69632]R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2012-3-7 33792]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-4 20464]R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2012-3-4 585728]RUnknown MpKslcedcbb55;MpKslcedcbb55; [x].=============== Created Last 30 ================.2012-03-21 22:42:29 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6b7a2b9-d5d7-44cd-ada9-5e3af58691fc}\mpengine.dll2012-03-21 20:00:25 1606368 ----a-w- c:\windows\system32\drivers\athw.sys2012-03-21 19:57:18 69632 ----a-w- c:\windows\system32\s3loadsv.exe2012-03-21 19:57:18 451584 ----a-w- c:\windows\system32\S3iset32.dll2012-03-21 19:57:18 297472 ----a-w- c:\windows\system32\S3minset.exe2012-03-21 19:57:18 2555904 ----a-w- c:\windows\system32\s3ginv.dll2012-03-21 19:57:18 176128 ----a-w- c:\windows\system32\drivers\ucb_32.sys2012-03-21 19:57:17 1769472 ----a-w- c:\windows\system32\VTROM.bin2012-03-21 19:57:17 110592 ----a-w- c:\windows\system32\s3hotplug.dll2012-03-21 19:56:21 319456 ----a-w- c:\windows\system32\difxapi.dll2012-03-21 19:53:30 10264 ----a-w- c:\windows\system32\Viagart.sys2012-03-21 19:53:25 22168 ----a-w- c:\windows\system32\drivers\xfilt.sys2012-03-21 19:53:11 13976 ----a-w- c:\windows\system32\drivers\videX32.sys2012-03-21 19:51:29 -------- d-sh--w- c:\documents and settings\john gary\PrivacIE2012-03-21 19:48:32 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll2012-03-21 19:48:20 -------- d-----w- c:\program files\Synaptics2012-03-21 19:48:08 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll2012-03-21 19:48:07 173352 ----a-w- c:\windows\system32\SynTPAPI.dll2012-03-21 19:48:07 1352368 ----a-w- c:\windows\system32\drivers\SynTP.sys2012-03-21 19:48:07 120104 ----a-w- c:\windows\system32\SynTPCo9.dll2012-03-21 19:48:06 222504 ----a-w- c:\windows\system32\SynCtrl.dll2012-03-21 19:48:05 177448 ----a-w- c:\windows\system32\SynCOM.dll2012-03-21 19:10:40 -------- d-----w- c:\documents and settings\all users\Uniblue2012-03-21 19:10:36 -------- d-----w- c:\documents and settings\john gary\application data\Uniblue2012-03-21 19:10:29 -------- d-----w- c:\program files\Uniblue2012-03-20 21:18:03 -------- d-----w- c:\program files\AC3Filter2012-03-20 21:13:35 -------- d-----w- c:\program files\GPL MPEG Decoder2012-03-18 17:29:12 -------- d-----w- c:\program files\Conduit2012-03-18 17:29:10 -------- d-----w- c:\documents and settings\john gary\local settings\application data\BitTorrentBar2012-03-18 17:29:09 -------- d-----w- c:\documents and settings\john gary\local settings\application data\Temp2012-03-18 17:29:09 -------- d-----w- c:\documents and settings\john gary\local settings\application data\Conduit2012-03-18 17:29:08 -------- d-----w- c:\program files\BitTorrentBar2012-03-18 17:29:00 -------- d-----w- c:\program files\BitTorrent2012-03-18 17:26:59 -------- d-----w- c:\documents and settings\john gary\application data\BitTorrent2012-03-15 23:38:27 -------- d-----w- c:\program files\common files\DivX Shared2012-03-15 23:37:22 -------- d-----w- c:\program files\DivX2012-03-10 13:01:48 -------- d-----w- c:\windows\pss2012-03-09 21:32:52 -------- d-----w- c:\documents and settings\john gary\local settings\application data\Identities2012-03-08 01:53:18 -------- d-sh--w- c:\documents and settings\john gary\IETldCache2012-03-08 01:46:53 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2012-03-08 01:46:21 -------- d-----w- c:\windows\ie8updates2012-03-08 01:46:08 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2012-03-08 01:46:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2012-03-08 01:46:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2012-03-08 01:46:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2012-03-08 01:46:07 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2012-03-08 01:46:07 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll2012-03-08 01:46:07 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll2012-03-08 01:44:25 -------- dc-h--w- c:\windows\ie82012-03-07 22:08:11 -------- d-----w- c:\documents and settings\john gary\application data\Dropbox2012-03-07 21:31:55 -------- d-----w- c:\documents and settings\john gary\application data\Steinberg2012-03-07 21:28:00 47616 ----a-w- c:\program files\windows media player\msoobci.dll2012-03-07 21:26:19 -------- d-----w- c:\program files\Steinberg2012-03-07 21:21:40 33792 ----a-w- c:\windows\system32\drivers\cledx.sys2012-03-07 21:21:20 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys2012-03-07 21:21:19 45056 ----a-w- c:\windows\system32\Synsopos.exe2012-03-07 21:21:11 147456 ----a-w- c:\windows\system32\SynsoLChk.dll2012-03-07 21:21:10 700416 ----a-w- c:\windows\system32\SYNSOACC.dll2012-03-07 21:21:10 17784 ----a-w- c:\windows\system32\drivers\NSynas32.sys2012-03-07 21:21:10 -------- d-----w- c:\program files\Syncrosoft2012-03-07 11:43:22 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2012-03-07 11:41:40 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2012-03-07 11:40:40 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys2012-03-07 11:40:34 105472 -c----w- c:\windows\system32\dllcache\mup.sys2012-03-07 11:34:49 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2012-03-07 11:30:21 66560 -c----w- c:\windows\system32\dllcache\mshtmled.dll2012-03-07 11:30:21 611840 -c----w- c:\windows\system32\dllcache\mstime.dll2012-03-07 11:30:21 105984 -c----w- c:\windows\system32\dllcache\url.dll2012-03-07 11:21:22 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll2012-03-07 11:20:43 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys2012-03-07 11:20:39 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll2012-03-07 11:20:39 3072 ------w- c:\windows\system32\iacenc.dll2012-03-07 11:16:25 45568 -c----w- c:\windows\system32\dllcache\wab.exe2012-03-07 11:06:17 -------- d-----w- c:\windows\system32\scripting2012-03-07 11:06:16 -------- d-----w- c:\windows\l2schemas2012-03-07 11:06:15 -------- d-----w- c:\windows\system32\en2012-03-07 11:06:15 -------- d-----w- c:\windows\system32\bits2012-03-07 10:56:27 -------- d-----w- c:\windows\network diagnostic2012-03-06 17:59:21 -------- d-----w- c:\windows\system32\XPSViewer2012-03-06 17:58:48 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll2012-03-06 17:58:33 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2012-03-06 17:58:33 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2012-03-06 17:58:33 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe2012-03-06 17:58:33 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll2012-03-06 17:58:33 575488 ------w- c:\windows\system32\xpsshhdr.dll2012-03-06 17:58:33 117760 ------w- c:\windows\system32\prntvpt.dll2012-03-06 17:58:32 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll2012-03-06 17:58:32 1676288 ------w- c:\windows\system32\xpssvcs.dll2012-03-06 17:58:31 -------- d-----w- C:\9a7801d1daaeef7f9888612012-03-06 17:55:24 -------- d-----w- c:\program files\MSXML 6.02012-03-06 08:09:46 -------- d-----w- c:\windows\ServicePackFiles2012-03-05 22:35:48 -------- d-----w- c:\documents and settings\all users\application data\DivX2012-03-05 19:10:03 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-03-05 17:49:58 73216 ------w- c:\windows\system32\drivers\atintuxx.sys2012-03-05 17:36:20 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2012-03-05 17:36:19 272128 ------w- c:\windows\system32\drivers\bthport.sys2012-03-05 17:35:53 357888 -c----w- c:\windows\system32\dllcache\srv.sys2012-03-05 17:35:36 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2012-03-05 17:35:11 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2012-03-05 17:33:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2012-03-05 17:32:34 293376 ------w- c:\windows\system32\browserchoice.exe2012-03-05 17:23:25 274288 ----a-w- c:\windows\system32\mucltui.dll2012-03-05 17:23:25 215920 ----a-w- c:\windows\system32\muweb.dll2012-03-05 17:23:25 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2012-03-04 19:54:57 -------- d-----w- c:\program files\VideoLAN2012-03-04 18:16:30 -------- d-----w- c:\documents and settings\john gary\local settings\application data\Google2012-03-04 18:16:05 -------- d-----w- c:\documents and settings\john gary\local settings\application data\Deployment2012-03-04 18:15:14 -------- d-----w- c:\documents and settings\john gary\application data\Malwarebytes2012-03-04 18:15:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-03-04 18:14:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-04 18:14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-03-04 18:11:30 -------- d-s---w- c:\documents and settings\john gary\UserData2012-03-04 18:09:54 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-03-04 18:09:54 472808 ----a-w- c:\windows\system32\deployJava1.dll2012-03-04 18:00:43 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll.==================== Find3M ====================.2012-03-21 19:57:18 4684288 ----a-w- c:\windows\system32\s3gIGPgl.dll2012-03-21 19:57:17 737280 ----a-w- c:\windows\system32\S3Disply.dll2012-03-21 19:57:17 644096 ----a-w- c:\windows\system32\S3gIGP.dll2012-03-21 19:57:17 602112 ----a-w- c:\windows\system32\S3ovrlay.dll2012-03-21 19:57:17 585728 ----a-w- c:\windows\system32\drivers\S3gIGPm.sys2012-03-21 19:57:17 528384 ----a-w- c:\windows\system32\S3Gamma2.dll2012-03-21 19:57:17 446464 ----a-w- c:\windows\system32\S3Cfg3d.dll2012-03-21 19:57:17 352256 ----a-w- c:\windows\system32\S3Info2.dll2012-03-21 19:57:17 204800 ----a-w- c:\windows\system32\S3Trayp.exe2012-03-21 19:56:21 69632 ----a-w- c:\windows\system32\vuins32.dll2012-03-21 19:56:21 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys2012-02-23 21:23:38 4448256 ----a-w- c:\windows\system32\GPhotos.scr2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe2012-01-09 16:20:25 139784 ----a-r- c:\windows\system32\drivers\rdpwd.sys2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl.============= FINISH: 0:06:54.59 ===============Attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 04/03/2012 17:26:17System Uptime: 21/03/2012 22:33:18 (2 hours ago).Motherboard: FUJITSU SIEMENS | | AMILO PRO V3515Processor: Intel® Core Duo CPU T2450 @ 2.00GHz | mPGA 479M | 1596/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 74.648 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 04/03/2012 17:33:02 - System CheckpointRP2: 04/03/2012 17:36:26 - Installed Windows XP KB889673.RP3: 04/03/2012 17:37:05 - Installed PlatformRP4: 04/03/2012 17:41:34 - Installed Wireless LAN Driver Installation ProgramRP5: 04/03/2012 17:51:05 - Installed Windows XP KB914882.RP6: 04/03/2012 17:52:03 - Software Distribution Service 3.0RP7: 04/03/2012 17:59:57 - Software Distribution Service 3.0RP8: 04/03/2012 18:09:33 - Installed Java 6 Update 31RP9: 04/03/2012 18:40:40 - first formatRP10: 04/03/2012 19:00:46 - Installed Adobe Reader X (10.1.2).RP11: 05/03/2012 19:09:37 - Software Distribution Service 3.0RP12: 06/03/2012 08:06:18 - Software Distribution Service 3.0RP13: 06/03/2012 17:34:09 - Installed Windows XP WgaNotify.RP14: 06/03/2012 17:44:06 - Software Distribution Service 3.0RP15: 06/03/2012 17:53:35 - Software Distribution Service 3.0RP16: 06/03/2012 21:00:36 - Software Distribution Service 3.0RP17: 07/03/2012 10:44:34 - Software Distribution Service 3.0RP18: 07/03/2012 21:21:10 - RP19: 07/03/2012 21:22:45 - Unsigned driver installRP20: 07/03/2012 21:27:20 - Installed Windows Media Format RuntimeRP21: 07/03/2012 21:41:11 - Software Distribution Service 3.0RP22: 07/03/2012 21:54:13 - Software Distribution Service 3.0RP23: 08/03/2012 01:08:58 - Software Distribution Service 3.0RP24: 08/03/2012 11:45:30 - Software Distribution Service 3.0RP25: 08/03/2012 17:01:00 - Software Distribution Service 3.0RP26: 09/03/2012 04:21:04 - Software Distribution Service 3.0RP27: 09/03/2012 22:49:27 - Installed Windows XP -- Software Updates KB952011.RP28: 10/03/2012 12:33:25 - Software Distribution Service 3.0RP29: 11/03/2012 13:55:57 - Software Distribution Service 3.0RP30: 12/03/2012 14:36:26 - System CheckpointRP31: 12/03/2012 16:49:39 - Software Distribution Service 3.0RP32: 13/03/2012 17:11:12 - Software Distribution Service 3.0RP33: 13/03/2012 21:34:29 - Software Distribution Service 3.0RP34: 15/03/2012 22:35:28 - Software Distribution Service 3.0RP35: 18/03/2012 17:36:33 - Software Distribution Service 3.0RP36: 19/03/2012 17:58:10 - Software Distribution Service 3.0RP37: 20/03/2012 18:22:23 - System CheckpointRP38: 20/03/2012 20:47:47 - Software Distribution Service 3.0RP39: 20/03/2012 21:13:34 - Installed GPL MPEG-1/2 DirectShow Decoder FilterRP40: 21/03/2012 19:47:44 - DriverScanner - 3/21/2012 7:47:38 PMRP41: 21/03/2012 19:48:32 - Installed Windows XP Wdf01009.RP42: 21/03/2012 19:53:07 - DriverScanner - 3/21/2012 7:52:58 PMRP43: 21/03/2012 19:56:17 - DriverScanner - 3/21/2012 7:56:12 PMRP44: 21/03/2012 19:56:55 - DriverScanner - 3/21/2012 7:56:51 PMRP45: 21/03/2012 19:57:14 - DriverScanner - 3/21/2012 7:57:09 PMRP46: 21/03/2012 20:00:20 - DriverScanner - 3/21/2012 8:00:15 PMRP47: 21/03/2012 20:01:00 - DriverScanner - 3/21/2012 8:00:52 PMRP48: 21/03/2012 22:41:49 - Software Distribution Service 3.0.==== Installed Programs ======================.AC3Filter (remove only)AC3Filter 1.63bAdobe Reader X (10.1.2)ALPS Touch Pad DriverBitTorrentBitTorrentBar ToolbarConexant HD AudioDivX SetupDropboxGoogle ChromeGPL MPEG-1/2 DirectShow Decoder FilterHigh Definition Audio Driver Package - KB888111Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976002-v5)Hotfix for Windows XP (KB981793)Hotkey 1.0.4J2SE Runtime Environment 5.0 Update 6Java Auto UpdaterJava 6 Update 31Malwarebytes Anti-Malware version 1.60.1.1000Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft AntimalwareMicrosoft Application Error ReportingMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Security ClientMicrosoft Security EssentialsMSXML 6.0 Parser (KB933579)Picasa 3PlatformSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Media Player 9 (KB911565)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647516)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982381)Security Update for Windows XP (KB982665)Soft Data Fax Modem with SmartCPSteinberg Cubase SX v3.0.2.623Synaptics Pointing Device DriverSyncrosoft's License ControlSyncroSoft Emu (Remove only)Uniblue DriverScannerUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2641690)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VC80CRTRedist - 8.0.50727.6195VIA Chrome9 HC IGP Family Display DriverVIA Platform Device ManagerVIA Rhine-Family Fast-Ethernet AdapterVIA/S3G Display Driver 6.14.10.0071VideoLAN VLC media player 0.8.6cWebFldrs XPWindows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Genuine Advantage Notifications (KB905474)Windows Imaging ComponentWindows Internet Explorer 8Windows Media Format RuntimeWindows XP Service Pack 3WinRAR 4.11 (32-bit)Wireless LAN Driver Installation Program.==== Event Viewer Messages From Past Week ========.20/03/2012 21:33:30, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.20/03/2012 21:09:50, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\DivX\DivX Transcode Engine\mtw178.ddc. Reference error message: The operation completed successfully. .20/03/2012 21:09:49, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.ATL. Reference error message: The referenced assembly is not installed on your system. .20/03/2012 21:09:49, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\DivX\DivX Transcode Engine\gzHF330.ddc. Reference error message: The operation completed successfully. .20/03/2012 21:09:49, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.ATL could not be found and Last Error was The referenced assembly is not installed on your system.20/03/2012 21:01:12, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).20/03/2012 21:00:47, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the device specified.17/03/2012 14:18:16, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 00C0A8E81A36 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message)..==== End Of File ===========================My computer has been freezing alot. quite an old laptop at this stage( Fujitsu amilo pro, about 6 years old at least) so I installed more ram and updated all the drivers but its still happening.....really hope you can help! Thanks very muchMichael Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2012 ID:555755 Share Posted May 29, 2012 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
stonedlabradour Posted May 31, 2012 Author ID:556308 Share Posted May 31, 2012 Hey,Thanks for that! I think things are back on track again.Eset results:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=3b72fcf5fc4ef74f9380dd221e05af7d# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2012-05-31 01:09:56# local_time=2012-05-31 02:09:56 (+0000, GMT Daylight Time)# country="Ireland"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=1024 16777215 100 0 44525632 44525632 0 0# compatibility_mode=5891 16776533 42 93 5655 6151846 0 0# compatibility_mode=8192 67108863 100 0 216 216 0 0# scanned=58281# found=8# cleaned=8# scan_time=5699C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 CD:\Best Of VST\VSTFX - Camel Audio CamelPhat 3.42\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CD:\Best Of VST\VSTFX - Camel Audio Camelspace v1.42\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CD:\Best Of VST\VSTFX - D16 Group Decimort v1.0\Keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CD:\Best Of VST\VSTFX - Ohmforce Ohmicide 1.02\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CD:\Best Of VST\VSTFX - PSP Audioware Multidelay 608 v1.1.2\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CD:\My Documents\Downloads\VeohWebPlayerSetup_eng.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 CSecurity Check Results: Results of screen317's Security Check version 0.99.41 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 21 Java version out of date! Adobe Flash Player 10 Flash Player out of date! Adobe Flash Player 10.1.53.64 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 16% Defragment your hard drive soon!````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 5, 2012 ID:557702 Share Posted June 5, 2012 Hello,Proceed with the following, and post logs for review:Step 11. Go >> Here << and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Step 2Set Windows to show all files and all folders.On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed."CHECK" (turn on) Display the contents of system folders.Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.Next, un-check Hide extensions for known file types.Next un-check Hide protected operating system files.Step 3Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Step 4Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Step 5Close all open browsers at this point.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallStart Internet ExplorerUsing Internet Explorer browser only, go to BitDefender Quickscan website:http://quickscan.bitdefender.comand click "Start Scan".Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.If prompted, reply yes to allow it to run.Press the Allow button and follow prompts.Press the "Start Scan" once more.You'll see the EULA in a pop-up window. Click the I accept & then the OK buttonNote: The FAQ is here --> http://quickscan.bitdefender.com/faq/and that QuickScan has no removal capability.The site boasts a 60-second scan. Do have patience as it likely will take longer.It may seem to stall at moments, but have patience; it will move on.You'll see a progress bar at top right of window.Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.The log report will show in your text editor. Save the log.Do a Select ALL, Copy. Then paste contents into your next reply.Step 6 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started. For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad into your next reply.Step 7RE-Enable your antivirus program.Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.Use separate replies as needed if logs do not fit into one reply box. Link to post Share on other sites More sharing options...
stonedlabradour Posted June 6, 2012 Author ID:557945 Share Posted June 6, 2012 Ok...RSIT LOG:Logfile of random's system information tool 1.09 (written by random/random)Run by Conefry at 2012-06-06 11:40:42Microsoft Windows XP Professional Service Pack 3System drive C: has 3 GB (5%) free of 51 GBTotal RAM: 1790 MB (67% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:40:44, on 06/06/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\S3LoadSv.exeC:\Program Files\Uniblue\DriverScanner\dsmonitor.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\S3Trayp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Chrome\Application\chrome.exeD:\My Documents\Downloads\RSIT (1).exeC:\Program Files\trend micro\Conefry.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O4 - HKLM\..\Run: [VTTimer] ;;; VTTimer.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [s3Trayp] S3Trayp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253227706194O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{44E2C206-B6F5-407C-A352-8071FB753924}: NameServer = 89.101.160.4,89.101.160.5O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe--End of file - 6147 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\DriverScanner.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-602609370-725345543-1003Core.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-602609370-725345543-1003UA.jobC:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.jobC:\WINDOWS\tasks\tempoperfectShakeIcon.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{CCC7A320-B3CA-4199-B1A6-9F516DD69829}[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"VTTimer"=;;; VTTimer.exe []"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2005-04-16 172032]"S3Trayp"=C:\WINDOWS\system32\S3Trayp.exe [2008-07-08 204800]"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]C:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-22 133104][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2012-04-04 981680][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2011-11-28 4692296][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Conefry^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"Giraffic"=2[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=" "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"=1[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe"="C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server""C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java Platform SE binary""C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Program Files\River Past\Audio Converter\AudioConverter.exe"="C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter""C:\Documents and Settings\Conefry\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Conefry\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox""C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth""C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer""C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Vuze""C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player ""C:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe"="C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]"midimapper"=midimap.dll"msacm.imaadpcm"=imaadp32.acm"msacm.msadpcm"=msadp32.acm"msacm.msg711"=msg711.acm"msacm.msgsm610"=msgsm32.acm"msacm.trspch"=tssoft32.acm"vidc.cvid"=iccvid.dll"vidc.I420"=msh263.drv"vidc.iv31"=ir32_32.dll"vidc.iv32"=ir32_32.dll"vidc.iv41"=ir41_32.ax"vidc.iyuv"=iyuv_32.dll"vidc.mrle"=msrle32.dll"vidc.msvc"=msvidc32.dll"vidc.uyvy"=msyuv.dll"vidc.yuy2"=msyuv.dll"vidc.yvu9"=tsbyuv.dll"vidc.yvyu"=msyuv.dll"wavemapper"=msacm32.drv"msacm.msg723"=msg723.acm"vidc.M263"=msh263.drv"vidc.M261"=msh261.drv"msacm.msaudio1"=msaud32.acm"msacm.sl_anet"=sl_anet.acm"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax"vidc.iv50"=ir50_32.dll"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm"wave"=wdmaud.drv"midi"=wdmaud.drv"mixer"=wdmaud.drv"aux"=wdmaud.drv"wave1"=wdmaud.drv"midi1"=wdmaud.drv"mixer1"=wdmaud.drv"aux1"=wdmaud.drv"wave2"=wdmaud.drv"midi2"=wdmaud.drv"mixer2"=wdmaud.drv"aux2"=wdmaud.drv"wave3"=wdmaud.drv"midi3"=wdmaud.drv"mixer3"=wdmaud.drv"aux3"=wdmaud.drv======List of files/folders created in the last 1 month======2012-06-06 11:29:01 ----D---- C:\rsit2012-06-06 11:29:01 ----D---- C:\Program Files\trend micro2012-06-06 11:26:39 ----D---- C:\Program Files\ERUNT2012-06-05 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$2012-05-25 02:57:05 ----A---- C:\WINDOWS\system32\d3d9caps.dat2012-05-11 11:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$2012-05-11 11:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$2012-05-11 11:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$2012-05-09 21:44:02 ----D---- C:\Documents and Settings\Conefry\Application Data\4Sync2012-05-09 21:43:23 ----D---- C:\Documents and Settings\All Users\Application Data\4Sync2012-05-09 21:43:18 ----D---- C:\Program Files\4Sync======List of files/folders modified in the last 1 month======2012-06-06 11:35:51 ----D---- C:\WINDOWS\Prefetch2012-06-06 11:32:49 ----SD---- C:\WINDOWS\Tasks2012-06-06 11:32:31 ----SH---- C:\boot.ini2012-06-06 11:32:31 ----D---- C:\WINDOWS\pss2012-06-06 11:32:31 ----A---- C:\WINDOWS\win.ini2012-06-06 11:32:31 ----A---- C:\WINDOWS\system.ini2012-06-06 11:29:01 ----D---- C:\Program Files2012-06-06 11:23:46 ----D---- C:\WINDOWS\Temp2012-06-05 22:34:38 ----D---- C:\WINDOWS\system32\CatRoot22012-06-05 22:31:43 ----A---- C:\WINDOWS\SchedLgU.Txt2012-06-05 03:51:01 ----D---- C:\WINDOWS\system322012-06-05 03:17:27 ----D---- C:\WINDOWS2012-06-05 03:01:04 ----HD---- C:\WINDOWS\inf2012-06-05 03:00:55 ----RSHDC---- C:\WINDOWS\system32\dllcache2012-06-04 21:27:17 ----HD---- C:\WINDOWS\$hf_mig$2012-05-31 14:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll2012-05-31 00:31:25 ----SD---- C:\WINDOWS\Downloaded Program Files2012-05-31 00:31:22 ----D---- C:\Program Files\ESET2012-05-30 23:28:51 ----D---- C:\WINDOWS\system32\drivers2012-05-30 16:43:41 ----D---- C:\WINDOWS\network diagnostic2012-05-30 16:00:05 ----D---- C:\Documents and Settings\Conefry\Application Data\Azureus2012-05-23 09:53:26 ----D---- C:\WINDOWS\Microsoft.NET2012-05-23 09:31:58 ----SHD---- C:\WINDOWS\Installer2012-05-23 09:31:58 ----SHD---- C:\Config.Msi2012-05-18 11:31:48 ----D---- C:\Program Files\Microsoft Silverlight2012-05-12 03:02:28 ----D---- C:\WINDOWS\system32\CatRoot2012-05-11 11:40:57 ----RSD---- C:\WINDOWS\assembly2012-05-11 11:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2012-05-11 11:34:10 ----A---- C:\WINDOWS\imsins.BAK2012-05-11 11:34:07 ----D---- C:\WINDOWS\WinSxS2012-05-11 11:33:34 ----D---- C:\WINDOWS\system32\XPSViewer2012-05-11 11:30:35 ----A---- C:\WINDOWS\system32\MRT.exe2012-05-11 11:29:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI2012-05-09 20:43:06 ----D---- C:\Documents and Settings\Conefry\Application Data\vlc======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-09-26 717296]R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2012-04-13 13976]R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2012-04-13 22168]R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2012-04-14 1938272]R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2012-04-14 46592]R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\fspad.sys [2006-07-01 19584]R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-24 594432]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-03-09 995712]R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-03-09 206976]R3 L8042Kbd;Logitech SetPoint Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2012-04-13 13440]R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2009-03-17 561152]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-03-09 726400]S3 ab9ho3ej;ab9ho3ej; C:\WINDOWS\system32\drivers\ab9ho3ej.sys []S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-04-23 112751]S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-03-23 488992]S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2012-04-14 46592]S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-08-14 13224]S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-08-14 25512]S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys []S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2012-04-14 40848]S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340); C:\WINDOWS\system32\drivers\WPRO_40_1340.sys []S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 1680704]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]R2 S3LoadSv;S3LoadSv; C:\WINDOWS\system32\S3LoadSv.exe [2009-01-20 69632]S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-27 136176]S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-27 136176]S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF-----------------Security Check Log: Results of screen317's Security Check version 0.99.41 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 21 Java version out of date! Adobe Flash Player 10 Flash Player out of date! Adobe Flash Player 10.1.53.64 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 15% Defragment your hard drive soon!````````````````````End of Log`````````````````````` Bitdefender report:Bitdefender report (no infections found):QuickScan 32-bit v0.9.9.114---------------------------Scan date: Wed Jun 06 11:49:11 2012Machine ID: 14E5A38DNo infection found.-------------------Processes---------(verified) CodeMeter 1740 C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe(verified) DriverScanner Monitor 224 C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe(verified) Java Platform SE 6 U21 1880 C:\Program Files\Java\jre6\bin\jqs.exe(verified) Java Platform SE Auto Updater 2 0 1012 C:\Program Files\Common Files\Java\Java Update\jucheck.exe(verified) Java Platform SE Auto Updater 2 0 1232 C:\Program Files\Common Files\Java\Java Update\jusched.exe(verified) Microsoft Malware Protection 1108 C:\Program Files\Microsoft Security Client\MsMpEng.exe(verified) Microsoft Security Client 1344 C:\Program Files\Microsoft Security Client\msseces.exe(verified) Microsoft® Windows® Operating System 264 C:\WINDOWS\explorer.exe(verified) Microsoft® Windows® Operating System 2200 C:\WINDOWS\system32\alg.exe(verified) Microsoft® Windows® Operating System 752 C:\WINDOWS\system32\csrss.exe(verified) Microsoft® Windows® Operating System 1384 C:\WINDOWS\system32\ctfmon.exe(verified) Microsoft® Windows® Operating System 832 C:\WINDOWS\system32\lsass.exe(verified) Microsoft® Windows® Operating System 820 C:\WINDOWS\system32\services.exe(verified) Microsoft® Windows® Operating System 692 C:\WINDOWS\system32\smss.exe(verified) Microsoft® Windows® Operating System 1556 C:\WINDOWS\system32\spoolsv.exe(verified) Microsoft® Windows® Operating System 280 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1004 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1144 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1248 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1628 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 776 C:\WINDOWS\system32\winlogon.exe(verified) Microsoft® Windows® Operating System 3400 C:\WINDOWS\system32\wscntfy.exe(verified) Microsoft® Windows® Operating System 3992 C:\WINDOWS\system32\wuauclt.exe(verified) Part of S3 Screen Toys 1224 C:\WINDOWS\system32\S3Trayp.exe(verified) S3 Graphics, Co., Inc. s3loadsv 200 C:\WINDOWS\system32\s3loadsv.exe(verified) Windows® Internet Explorer 552 C:\Program Files\Internet Explorer\iexplore.exe(verified) Windows® Internet Explorer 3508 C:\Program Files\Internet Explorer\iexplore.exe(verified) Windows® Internet Explorer 4024 C:\Program Files\Internet Explorer\iexplore.exeNetwork activity----------------Process iexplore.exe (552) connected on port 80 (HTTP) --> 66.235.142.3Process iexplore.exe (552) connected on port 80 (HTTP) --> 92.122.127.26Process iexplore.exe (552) connected on port 80 (HTTP) --> 66.235.142.3Process iexplore.exe (552) connected on port 80 (HTTP) --> 209.85.143.100Process jucheck.exe (1012) connected on port 80 (HTTP) --> 92.122.126.241Process iexplore.exe (4024) connected on port 443 (HTTP over SSL) --> 209.85.143.84Process iexplore.exe (4024) connected on port 80 (HTTP) --> 199.7.71.190Process iexplore.exe (4024) connected on port 443 (HTTP over SSL) --> 209.85.143.100Process iexplore.exe (4024) connected on port 443 (HTTP over SSL) --> 209.85.143.120Process iexplore.exe (4024) connected on port 443 (HTTP over SSL) --> 209.85.143.101Process iexplore.exe (4024) connected on port 443 (HTTP over SSL) --> 209.85.143.148Process svchost.exe (1068) listens on ports: 135 (RPC)Autoruns and critical files---------------------------(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe(verified) Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe(verified) Google Update C:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe(verified) Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll(verified) Microsoft Malware Protection c:\Program Files\Microsoft Security Client\MpCmdRun.exe(verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll(verified) Part of S3 Screen Toys C:\WINDOWS\system32\S3Trayp.exe(verified) TempoPerfect Metronome Software C:\Program Files\NCH Swift Sound\TempoPerfect\tempoperfect.exe(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dllBrowser plugins---------------(unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll(verified) Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll(verified) Google Update C:\Documents and Settings\Conefry\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll(verified) Google Update C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll(verified) Java Platform SE 6 U21 C:\Program Files\Java\jre6\bin\jp2ssv.dll(verified) Java Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll(verified) Java Platform SE 6 U21 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll(verified) Messenger C:\Program Files\Messenger\msmsgs.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll(verified) Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll(verified) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll(verified) Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dllMissing files-------------File not found: ;;; VTTimer.exe --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"VTTimer"Scan----MD5: 712a287f9141bf4d0ce32d88b008a475 C:\Program Files\4Sync\ShellCp.dllMD5: 426afad485d376fdbda70d329d12b639 C:\Program Files\4Sync\ShellExt.dllMD5: 8b322b3c8b91bddec77c613a8ce22adb C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllMD5: 62bdf8e945f23bee485bb3cb4ed19cb7 C:\WINDOWS\system32\SHDOCVW.dllNo file uploaded.Scan finished - communication took 0 secTotal traffic - 0.00 MB sent, 0.06 KB recvdScanned 524 files and modules - 7 seconds==============================================================================RogueKiller V7.5.3 [06/05/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser: Conefry [Admin rights]Mode: Remove -- Date: 06/06/2012 11:56:02¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 3 ¤¤¤[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{44E2C206-B6F5-407C-A352-8071FB753924} : NameServer (89.101.160.4,89.101.160.5) -> NOT REMOVED, USE DNSFIX[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{44E2C206-B6F5-407C-A352-8071FB753924} : NameServer (89.101.160.4,89.101.160.5) -> NOT REMOVED, USE DNSFIX[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [LOADED] ¤¤¤IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40)IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40)IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40)IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40)IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40)IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40)¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD1200BEVS-07RST0 +++++--- User ---[MBR] f7319d14e6c9005f5cf41451029bad17[bSP] bb28756947f1573fa49102dd8e60cff1 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104856255 | Size: 63271 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[2].txt >>RKreport[1].txt ; RKreport[2].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 7, 2012 ID:558461 Share Posted June 7, 2012 Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallIf you have a prior copy of Combofix, delete it now !Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2* IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.------------------------------------------------------- A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. RE-Enable your AntiVirus and AntiSpyware applications. Link to post Share on other sites More sharing options...
stonedlabradour Posted June 12, 2012 Author ID:559790 Share Posted June 12, 2012 ComboFix 12-06-11.04 - Conefry 12/06/2012 2:39.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.1790.1355 [GMT 1:00]Running from: d:\my documents\Downloads\Combo-Fix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Conefry\Start Menu\Programs\Uninstall.lnkc:\documents and settings\Conefry\WINDOWSc:\windows\iun6002.exec:\windows\system32\dllcache\dlimport.exec:\windows\system32\drivers\etc\hosts.icsc:\windows\system32\SET3A5.tmp..((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))..2012-06-12 01:29 . 2012-06-12 01:29 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA06D2EC-C29C-4B3A-9263-BFD3D02FBB1D}\MpKsle95b7798.sys2012-06-12 01:29 . 2012-06-12 01:29 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA06D2EC-C29C-4B3A-9263-BFD3D02FBB1D}\offreg.dll2012-06-11 16:29 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA06D2EC-C29C-4B3A-9263-BFD3D02FBB1D}\mpengine.dll2012-06-10 00:55 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-06-07 11:30 . 2012-06-07 11:30 -------- d-----w- C:\Program FilesVolume Control2012-06-07 11:30 . 2012-06-07 11:30 -------- d-----w- c:\windows\uninstall2012-06-07 10:32 . 2012-06-07 10:32 -------- d-----w- c:\documents and settings\Conefry\Application Data\ElevatedDiagnostics2012-06-07 10:28 . 2012-06-07 10:28 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys2012-06-06 13:27 . 2002-09-26 16:34 153088 ----a-w- c:\windows\system32\IWUninstall.exe2012-06-06 13:27 . 2002-08-28 10:09 611840 ----a-w- c:\windows\system32\vobhw.dll2012-06-06 13:27 . 2002-04-17 19:27 11264 ----a-w- c:\windows\system32\drivers\asapi.sys2012-06-06 13:27 . 2012-06-06 13:27 -------- d-----w- c:\program files\VOB2012-06-06 13:27 . 2000-04-27 11:31 19456 ----a-w- c:\windows\system32\asapi.dll2012-06-06 11:05 . 2012-06-06 11:05 -------- d-----w- c:\program files\Common Files\Java2012-06-06 11:05 . 2012-06-06 11:04 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-06-06 11:05 . 2012-06-06 11:04 476960 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-06 11:04 . 2012-06-06 11:04 -------- d-----w- c:\program files\Java2012-06-06 10:43 . 2012-06-06 10:49 -------- d-----w- c:\documents and settings\Conefry\Application Data\QuickScan2012-06-06 10:29 . 2012-06-06 10:41 -------- d-----w- c:\program files\trend micro2012-06-06 10:29 . 2012-06-06 10:29 -------- d-----w- C:\rsit2012-06-06 10:26 . 2012-06-06 10:26 -------- d-----w- c:\program files\ERUNT...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-06 11:04 . 2010-09-08 13:42 472864 ----a-w- c:\windows\system32\deployJava1.dll2012-05-31 13:22 . 2004-08-03 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll2012-04-13 23:25 . 2012-04-13 23:25 1938272 ----a-w- c:\windows\system32\drivers\athw.sys2012-04-13 23:25 . 2012-04-13 23:25 319456 ----a-w- c:\windows\system32\difxapi.dll2012-04-13 23:25 . 2009-09-17 21:23 69632 ----a-w- c:\windows\system32\vuins32.dll2012-04-13 23:25 . 2009-09-17 21:23 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys2012-04-13 23:25 . 2012-04-13 23:25 40848 ----a-w- c:\windows\system32\drivers\point32.sys2012-04-13 23:25 . 2012-04-13 23:25 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll2012-04-13 13:11 . 2012-04-13 13:11 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys2012-04-13 13:04 . 2012-04-13 13:04 10264 ----a-w- c:\windows\system32\Viagart.sys2012-04-13 13:03 . 2012-04-13 13:03 22168 ----a-w- c:\windows\system32\drivers\xfilt.sys2012-04-13 13:03 . 2012-04-13 13:03 13976 ----a-w- c:\windows\system32\drivers\videX32.sys2012-04-11 13:14 . 2004-08-03 12:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-11 13:12 . 2004-08-03 12:17 1862272 ----a-w- c:\windows\system32\win32k.sys2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-04-04 14:56 . 2009-09-18 00:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]2011-11-04 15:46 1196544 ----a-w- c:\program files\4Sync\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]2011-11-04 15:46 1196544 ----a-w- c:\program files\4Sync\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]2011-11-04 15:46 1196544 ----a-w- c:\program files\4Sync\ShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Volume2"="d:\my documents\Downloads\Volume2_1_1_2_159_Portable\Volume2\Volume2.exe" [2012-01-08 1577984].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VTTimer"="VTTimer.exe" [2006-08-03 53248]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-04-16 172032]"S3Trayp"="S3Trayp.exe" [2008-07-08 204800]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^Conefry^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]path=c:\documents and settings\Conefry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnkbackup=c:\windows\pss\ERUNT AutoBackup.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2009-09-22 17:27 133104 ----atw- c:\documents and settings\Conefry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]2012-04-04 14:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]2011-11-28 12:36 4692296 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"Giraffic"=2 (0x2).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="c:\\Documents and Settings\\Conefry\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"50000:TCP"= 50000:TCP:Vuze"50000:UDP"= 50000:UDP:Vuze.R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/09/2009 01:16 717296]R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [06/06/2012 14:27 11264]R1 MpKsle95b7798;MpKsle95b7798;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA06D2EC-C29C-4B3A-9263-BFD3D02FBB1D}\MpKsle95b7798.sys [12/06/2012 02:29 29904]R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [03/04/2009 04:01 1680704]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/09/2009 01:01 654408]R2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [20/01/2009 08:22 69632]R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [01/07/2006 02:44 19584]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/09/2009 01:01 22344]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/12/2010 15:08 136176]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [14/08/2010 16:44 13224]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/12/2010 15:08 136176]S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?].--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSLE95B7798.Contents of the 'Scheduled Tasks' folder.2012-06-12 c:\windows\Tasks\DriverScanner.job- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-04-13 11:56].2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:53].2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:53].2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-602609370-725345543-1003Core.job- c:\documents and settings\Conefry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-22 17:27].2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-602609370-725345543-1003UA.job- c:\documents and settings\Conefry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-22 17:27].2012-06-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03].2012-04-14 c:\windows\Tasks\tempoperfectShakeIcon.job- c:\program files\NCH Swift Sound\TempoPerfect\tempoperfect.exe [2012-04-14 09:43]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.ie/IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: Interfaces\{44E2C206-B6F5-407C-A352-8071FB753924}: NameServer = 89.101.160.4,89.101.160.5.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)AddRemove-Steinberg Cubase SX v2.2.0.33 - c:\progra~1\STEINB~1\CUBASE~1\UNWISE.EXEAddRemove-Worms Armageddon - c:\microprose\Worms Armageddon\Uninst.isu...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-06-12 02:42Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]@Denied: (3) (LocalSystem)"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\""DataDir"="ESET\\ESET NOD32 Antivirus\\""EditionName"="Student Edition""InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\""LanguageId"=dword:00000409"ProductBase"=dword:00000000"ProductCode"="{4EAE8F8E-0C2E-4814-9A04-635AFB9050AA}""ProductName"="ESET NOD32 Antivirus""ProductType"="eav""ProductVersion"="3.0.684.0""UniqueId"="0028ED0D4AB2B756""ScannerBuild"=dword:00000ed0"ScannerVersionId"=dword:00000de1"ScannerVersion"="""FixId"=dword:00000005.Completion time: 2012-06-12 02:44:36ComboFix-quarantined-files.txt 2012-06-12 01:44.Pre-Run: 8,341,651,456 bytes freePost-Run: 11,953,909,760 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 96932A0D19537DC48EAF80364285FC9F Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 13, 2012 ID:560212 Share Posted June 13, 2012 Turn off your antivirus so that it does not interfere. Leave your firewall on.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsPlease perform this online scan: F-Secure Online Scanner The online scanner is on the bottom right of the page. Follow the directions in the F-Secure page for proper Installation. You may receive an alert on the address bar at this point to install the ActiveX control. Click on that alert and then click "Install ActiveX component". Read the license agreement and click "Accept". Click "Custom Scan" and be sure the following are checked:Scan whole System Scan all files Scan whole system for rootkits Scan whole system for spyware Use advanced heuristics When the scan completes, click the "I want to decide item by item" button. For each item found, Select "Disinfect" and click "Next". When done, click the "Show Report" button, then copy and paste the entire report into your next replyRe-enable your antivirus. Link to post Share on other sites More sharing options...
stonedlabradour Posted June 14, 2012 Author ID:560412 Share Posted June 14, 2012 Scanning Report Thursday, June 14, 2012 13:10:31 - 13:50:44Computer name: CONEFRY-LAPTOPScanning type: Scan system for malware, spyware and rootkitsTarget: C:\ D:\ 2 malware foundTrackingCookie.2o7 (spyware)System (Disinfected)TrackingCookie.Yieldmanager (spyware)System (Disinfected) StatisticsScanned:Files: 61501System: 3060Not scanned: 50Actions:Disinfected: 2Renamed: 0Deleted: 0Not cleaned: 0Submitted: 0Files not scanned:C:\PAGEFILE.SYSC:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F8.DATC:\WINDOWS\SYSTEM32\CONFIG\DEFAULTC:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOGC:\WINDOWS\SYSTEM32\CONFIG\SAMC:\WINDOWS\SYSTEM32\CONFIG\SAM.LOGC:\WINDOWS\SYSTEM32\CONFIG\SECURITYC:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOGC:\WINDOWS\SYSTEM32\CONFIG\SOFTWAREC:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOGC:\WINDOWS\SYSTEM32\CONFIG\SYSTEMC:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOGC:\QOOBOX\BACKENV\APPDATA.FOLDER.DATC:\QOOBOX\BACKENV\CACHE.FOLDER.DATC:\QOOBOX\BACKENV\COOKIES.FOLDER.DATC:\QOOBOX\BACKENV\DESKTOP.FOLDER.DATC:\QOOBOX\BACKENV\FAVORITES.FOLDER.DATC:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DATC:\QOOBOX\BACKENV\HISTORY.FOLDER.DATC:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DATC:\QOOBOX\BACKENV\MUSIC.FOLDER.DATC:\QOOBOX\BACKENV\NETHOOD.FOLDER.DATC:\QOOBOX\BACKENV\PERSONAL.FOLDER.DATC:\QOOBOX\BACKENV\PICTURES.FOLDER.DATC:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DATC:\QOOBOX\BACKENV\PROFILES.FOLDER.DATC:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DATC:\QOOBOX\BACKENV\SENDTO.FOLDER.DATC:\QOOBOX\BACKENV\RECENT.FOLDER.DATC:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DATC:\QOOBOX\BACKENV\SETPATH.BATC:\QOOBOX\BACKENV\SYSPATH.DATC:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DATC:\QOOBOX\BACKENV\VIKPEV00C:\QOOBOX\BACKENV\STARTUP.FOLDER.DATC:\QOOBOX\BACKENV\STARTMENU.FOLDER.DATC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOGC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOGC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOGC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOGC:\DOCUMENTS AND SETTINGS\CONEFRY\NTUSER.DATC:\DOCUMENTS AND SETTINGS\CONEFRY\NTUSER.DAT.LOGC:\DOCUMENTS AND SETTINGS\CONEFRY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\DOCUMENTS AND SETTINGS\CONEFRY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOGC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\IMPSERVICEEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.LOCKC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN OptionsScanning engines:Scanning options:Scan all filesUse advanced heuristics Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 14, 2012 ID:560427 Share Posted June 14, 2012 F-Secure only found 2 tracking cookies, which are NOT malware. That is a good result overall.Let's follow-up with the following:Step 1 MBAM update + scanSave and close any work documents, close any apps that you started.Turn OFF your antivirus app How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsStart your MBAM MalwareBytes' Anti-Malware.Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button.If prompted for a Restart, do that.When done, click the Scanner tab.Do a FULL Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Step 2Download Dr.Web CureIt to the desktop.Turn OFF your antivirus program.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDoubleclick the drweb-cureit.exe file, then on Start and allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, chose the Complete Scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look and see if you can click the following icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.Step 3Re-Enable your antivirus program when all done.Copy and Paste contents of last MBAM scan log + log from DrWeb Cure-Itand Tell me How is your system now ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 17, 2012 ID:561349 Share Posted June 17, 2012 Kindly provide status update. Have you managed any progress ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 18, 2012 ID:561632 Share Posted June 18, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts