Jump to content

Infected by something - would appreciate some advice!


Recommended Posts

Hi,

I first noticed something wrong this morning when I clicked on a link on a page on amazon.com and my browser (Chrome) took me to a different page altogether. Then my computer started slowing down, and now I can't even get it to run unless I'm in safe mode.

I ran malwarebytes and it found:

Files Detected: 1

C:\Documents and Settings\Wan\Local Settings\Temporary Internet Files\Content.IE5\YMHN6HBS\MyPhoneExplorer_v2_5185[1].exe (Riskware.InstallMonetizer) -> Quarantined and deleted successfully.

But the problems persisted, and seemed to get worse. Based on advice from a different site, I then downloaded and ran RogueKiller and TDSSkiller.

Finally, I came across this site, and followed the instructions as best as I could for DDS.

The logs for all of the above scans are attached to this message. Please let me know how to best proceed, and thank you so much in advance for your help!

attach.txt

dds.txt

mbam-log-2012-11-24 (11-46-27).txt

RKreport1_S_11242012_02d1509.txt

TDSSKiller report.txt

Link to post
Share on other sites

Hello and welcome,

Re-run RogueKiller and post the log, I give instructions. If you already have on you Desktop no need to d/l again:

Download RogueKiller from here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save direct to your Desktop.

  • Quit all programs
  • Start RogueKiller.exe Capture-1.png
  • Wait until Prescan has finished ...
  • You will see the following EULA, select Accept to continue:
    RKLicence.png
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete.Copy/paste the content of the report and paste to next reply....

RKstarter.png

Kevin

Link to post
Share on other sites

Thanks for the quick reply! Pasting the 2nd RogueKiller scan report below. I should also mention that the first time it ran, it quarantined some files into a folder on my desktop (quarantine report pasted below as well).

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Wan [Admin rights]

Mode : Scan -- Date : 11/24/2012 16:19:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-00A7B2 +++++

--- User ---

[MBR] 9fff0dbc2e60d99879b3ee51435b2a9a

[bSP] 0b0b56354fe5426ad815a1a754ea4880 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51191 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104840190 | Size: 559286 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EACS-00C7B0 +++++

--- User ---

[MBR] 6cc990afca0b7be59f982cf455519016

[bSP] 7a364af20b3c83fded490ae0f5b56ab7 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive4: Patriot Memory USB Device +++++

--- User ---

[MBR] 6cdeb9b2eb2e69df7333f2da266e2984

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_S_11242012_02d1619.txt >>

RKreport[1]_S_11242012_02d1509.txt ; RKreport[2]_S_11242012_02d1619.txt

Quarantine report from the FIRST RogueKiller scan:

Time : 24/11/2012 15:09:34

--------------------------

[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys

[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys

Time : 24/11/2012 16:19:58

--------------------------

[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys

[61883.sys.vir] -> C:\WINDOWS\system32\drivers\61883.sys

Link to post
Share on other sites

RK log would seem to indicate the two suspect entries have returned after removal, did you use the Delete Function after running the initial scan?

If not run RogueKiller one more time, when the scan has finished use the Delete Function:

RGKRDelete.png

A log will be produced on your Desktop, can you post that log...

Thanks

Link to post
Share on other sites

Hi - I didn't actually delete anything the first time I ran RogueKiller, but this time I did:

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Wan [Admin rights]

Mode : Remove -- Date : 11/24/2012 16:56:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> DELETED

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\WINDOWS\system32\DRIVERS\61883.sys) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-00A7B2 +++++

--- User ---

[MBR] 9fff0dbc2e60d99879b3ee51435b2a9a

[bSP] 0b0b56354fe5426ad815a1a754ea4880 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51191 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104840190 | Size: 559286 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EACS-00C7B0 +++++

--- User ---

[MBR] 6cc990afca0b7be59f982cf455519016

[bSP] 7a364af20b3c83fded490ae0f5b56ab7 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive4: Patriot Memory USB Device +++++

--- User ---

[MBR] 6cdeb9b2eb2e69df7333f2da266e2984

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3]_D_11242012_02d1656.txt >>

RKreport[1]_S_11242012_02d1509.txt ; RKreport[2]_S_11242012_02d1619.txt ; RKreport[3]_D_11242012_02d1656.txt

Link to post
Share on other sites

Thanks for log and update, run the following:

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

Run Malwarebytes, check for updates then do a quick scan. Deal with anything it finds.

Post those two logs, let me know if any improvement,

Kevin

Link to post
Share on other sites

Ok, I d/l'ed and ran Adwcleaner and it found and deleted a few things. Then I ran Malwarebytes, and it didn't detect anything. I seem to still be having some problems, one of which is that Windows Explorer consistently crashes (and often taking the whole computer with it) when I try to open it. It doesn't crash in Safe Mode, though. The crash report for Windows Explorer says:

AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: infoatomsclientie.dll

ModVer: 1.4.0.0 Offset: 0000664b

Interestingly, infoatoms was one of the Chrome extensions I disabled earlier today, thinking that it was part of the problem.

Here is the Adwcleaner log:

# AdwCleaner v2.009 - Logfile created 11/24/2012 at 17:41:05

# Updated 24/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Wan - NEWGRONKER

# Boot Mode : Safe mode with networking

# Running from : C:\Documents and Settings\wan\Desktop\malware killers\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

Folder Deleted : C:\Documents and Settings\wan\Local Settings\Application Data\APN

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default

File : C:\Documents and Settings\wan\Application Data\Mozilla\Firefox\Profiles\yfswzluq.default\prefs.js

Deleted : user_pref("extensions.efwbjkbewre83sfr3.scode", "(function(){var bdomains={\"search.babylon.com\":1,[...]

-\\ Google Chrome v23.0.1271.64

File : C:\Documents and Settings\wan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1352 octets] - [24/11/2012 17:39:34]

AdwCleaner[s1].txt - [1291 octets] - [24/11/2012 17:41:05]

########## EOF - C:\AdwCleaner[s1].txt - [1351 octets] ##########

And here's the Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.24.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Wan :: NEWGRONKER [administrator]

11/24/2012 5:49:25 PM

mbam-log-2012-11-24 (17-49-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 242196

Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Infoatoms is an application that you have installed, it does show in the installed programs list of DDS log extras.txt, infoatomsclientie.dll is associated to that program. If this is something you do not know of, did not knowingly install or ever use, can you UNinstall it via Start > Control Panel > Add/Remove Programs. See if that makes any difference.

If you do UNinstall the program re-boot on completion. These can be run from Safemode with Networking if there are still issues with crashes.

Next,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    infoatomsclientie.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please... If Combofix is run from Safemode with NW and it re-boots the system, please ensure to go back to that mode...

Kevin

Link to post
Share on other sites

Hi - thanks again for your help!

Ok, last night I did uninstall Infoatoms -- I certainly don't remember installing it, so it may have piggybacked on some other software. In any case, it's gone, and afterwards things seemed more or less back to normal. Just to be safe, however, I followed your latest instructions and ran Systemlook with the code you supplied, and then I ran Combofix (after first disabling Microsoft Security Essentials, Spybot Search and Destroy, and the Windows Firewall). Combofix did not reboot the computer, which I suppose means it didn't find any rootkits? Both logs follow:

SystemLook 30.07.11 by jpshortstuff

Log created at 10:08 on 25/11/2012 by Han

Administrator - Elevation successful

========== filefind ==========

Searching for "infoatomsclientie.dll"

No files found.

-= EOF =-

ComboFix 12-11-25.01 - Wan 11/25/2012 16:40:17.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2540 [GMT -8:00]

Running from: c:\documents and settings\Wan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\100

c:\documents and settings\All Users\Application Data\69277E4D9E.sys

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Wan\g2mdlhlpx.exe

c:\documents and settings\Wan\Start Menu\Programs\1by1.lnk

c:\documents and settings\Wan\WINDOWS

C:\Documents

c:\program files\tcpview\tcpview.exe

c:\windows\system\Color

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\SET628.tmp

c:\windows\system32\SET62D.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))

.

.

2012-11-24 23:12 . 2012-11-24 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-11-24 22:53 . 2012-11-24 22:53 1863682 ----a-w- C:\MGtools.exe

2012-11-24 19:44 . 2012-11-24 19:44 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat

2012-11-24 19:44 . 2012-09-25 07:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-24 18:55 . 2012-11-24 19:08 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-11-24 18:55 . 2012-11-24 19:12 -------- d-----w- c:\program files\TGF Interactive

2012-11-24 18:49 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F138628-6521-43E6-B0CE-D04CAF664B9F}\mpengine.dll

2012-11-24 02:31 . 2012-11-24 02:31 -------- d-----w- c:\documents and settings\Wan\Local Settings\Application Data\TX16Wx

2012-11-24 02:30 . 2012-11-24 02:30 -------- d-----w- c:\program files\TX16Wx Software Sampler

2012-11-23 14:31 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-09 16:21 . 2012-11-24 19:22 -------- d-----w- c:\documents and settings\Wan\Application Data\vlc

2012-11-05 05:22 . 2012-11-05 07:47 -------- d-----w- c:\documents and settings\Wan\Application Data\MetroTwit

2012-11-05 05:21 . 2012-11-05 07:45 -------- d-----w- c:\documents and settings\Wan\Local Settings\Application Data\Deployment

2012-11-05 05:13 . 2012-11-05 05:17 -------- d-----w- c:\documents and settings\Wan\Application Data\Jane

2012-11-03 20:00 . 2012-11-03 20:01 -------- d-----w- c:\program files\Cobian Backup 11

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-25 04:25 . 2012-09-20 06:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-25 04:25 . 2012-09-20 06:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-22 08:37 . 2008-04-14 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-09-30 03:54 . 2010-05-31 05:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-17 08:00 . 2004-04-05 17:31 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-09-17 08:00 . 2004-04-05 17:31 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-09-01 20:20 . 2012-05-27 21:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-01 20:20 . 2010-07-29 05:36 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-31 05:03 . 2010-10-25 05:25 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2008-04-14 12:42 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec

2012-10-14 10:44 . 2012-10-14 10:42 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-05-30 . CEF67ED9075EAB03094E2BAA51696EC9 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ------w- c:\documents and settings\Wan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2010-05-01 19523616]

"EzBackup Manager"="c:\program files\EZ-Backup\EZ-Backup Manager\ezbackupmanager.exe" [2006-08-16 1902080]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]

"iTraffic Monitor"="c:\program files\iTraffic Monitor\iTrafficMon.exe" [2009-04-22 942080]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2011-12-25 1377848]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-10 3165696]

"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 98304]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\Wan\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Wan\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-7-3 380928]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 01000000

"NoSMMyPictures"= 01000000

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

Ime File REG_SZ GOOGLEPINYIN2.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2012-07-30 22:02 640480 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2012-07-31 11:19 41944 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

2009-10-24 03:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2012-05-18 16:01 932528 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-09-17 08:00 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Documents and Settings\\Wan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Documents and Settings\\Wan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\HP\\HP LaserJet P1100 Series\\wificonfig.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Wan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port

"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port

"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port

"5353:TCP"= 5353:TCP:Adobe CSI CS4

.

R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [11/3/2012 12:00 PM 67584]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [8/28/2010 9:55 AM 99896]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 3:25 PM 13672]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/12/2010 8:08 AM 12184]

R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/7/2011 7:33 AM 3857408]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 9:07 AM 35088]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]

R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [11/5/2011 2:55 PM 5554552]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [11/5/2011 2:56 PM 451960]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/11/2012 8:33 PM 103040]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/5/2011 2:56 PM 10752]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EZ-Backup\EZ-Backup Manager\EzBackup.exe [5/30/2010 11:35 AM 1124352]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/30/2010 11:19 AM 1691480]

S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [12/2/2011 12:17 PM 20328]

S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\deltaII.sys --> c:\windows\system32\DRIVERS\deltaII.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 1:01 AM 42648]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 1:01 AM 12184]

S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [8/28/2010 9:55 AM 17408]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [3/18/2012 12:30 PM 176128]

S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [7/13/2011 9:02 PM 98672]

S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [7/13/2011 9:02 PM 14960]

S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [7/13/2011 9:02 PM 124016]

S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [7/13/2011 9:02 PM 117872]

S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [7/13/2011 9:02 PM 25456]

S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [7/13/2011 9:02 PM 113904]

S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [7/13/2011 9:02 PM 123504]

S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7/13/2011 9:01 PM 155344]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 04:25]

.

2012-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:52]

.

2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:52]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-115176313-1177238915-1003Core.job

- c:\documents and settings\Wan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 05:47]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-115176313-1177238915-1003UA.job

- c:\documents and settings\Wan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 05:47]

.

2012-11-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25]

.

2012-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-115176313-1177238915-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

2012-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-115176313-1177238915-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

2012-11-26 c:\windows\Tasks\User_Feed_Synchronization-{B1955055-9F23-4E8E-BFB5-E62C91B44324}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/webhp?client=aff-ime

uInternet Settings,ProxyOverride = *.local

IE: &Clean Traces

IE: &Download with &DAP

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download &all with DAP

IE: Download all with Free Download Manager

IE: Download selected with Free Download Manager

IE: Download video with Free Download Manager

IE: Download with Free Download Manager

IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.5.1

FF - ProfilePath - c:\documents and settings\Wan\Application Data\Mozilla\Firefox\Profiles\yfswzluq.default\

FF - prefs.js: browser.startup.homepage - about:home

.

.

------- File Associations -------

.

txtfile="c:\program files\JGsoft\EditPadLite\EditPadLite.exe" "%1"

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-25 16:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1016)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Completion time: 2012-11-25 16:45:47

ComboFix-quarantined-files.txt 2012-11-26 00:45

.

Pre-Run: 4,409,925,632 bytes free

Post-Run: 4,922,867,712 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 177AEFFA15F78F792A0E2DEB25CCE2AA

Link to post
Share on other sites

Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

You can refer to this animation by neomage if needed.

Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Link to post
Share on other sites

Please download OTM by OldTimer.

Alternative Mirror 1

Alternative Mirror 2

Save it to your desktop.

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\system32\tgghskowsg.exe
    D:\software\unlocker1.9.0.exe
    :Commands
    [EmptyTemp]
    [createRestorePoint]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Post fresh set of DDS logs, also tell how your system is responding and if any issues or concerns remain. I give instruction for DDS incase needed...

Download and save DDS to your Desktop from either of the following links:

http://download.blee...om/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Link to post
Share on other sites

The OTM results log:

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:\Documents and Settings\Wan\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Wan\Desktop\cmd.txt deleted successfully.

C:\WINDOWS\system32\tgghskowsg.exe moved successfully.

D:\software\unlocker1.9.0.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56504 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

User: Wan

->Temp folder emptied: 5439191 bytes

->Temporary Internet Files folder emptied: 29124498 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 119906948 bytes

->Google Chrome cache emptied: 221523976 bytes

->Flash cache emptied: 1161048 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32835 bytes

->Flash cache emptied: 434 bytes

User: NetworkService

->Temp folder emptied: 1548902 bytes

->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1701642 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 363.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.21.0 log created on 11272012_200926

Files moved on Reboot...

File C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-6B-20FFC3D1-F96A-40f1-81FD-EA9C5847B465.lock not found!

C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Wan at 20:18:01 on 2012-11-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.1969 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cobian Backup 11\cbVSCService11.exe

C:\Program Files\EZ-Backup\EZ-Backup Manager\EzBackup.exe

C:\WINDOWS\system32\HPSIsvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\EZ-Backup\EZ-Backup Manager\ezbackupmanager.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTraffic Monitor\iTrafficMon.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe

C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Launchy\Launchy.exe

C:\Documents and Settings\Wan\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Wan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/webhp?client=aff-ime

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: <No Name>: {FFFFFEF0-5B30-21D4-945D-000000000000} - c:\program files\star downloader\SDIEInt.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [EzBackup Manager] c:\program files\ez-backup\ez-backup manager\ezbackupmanager.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [iTraffic Monitor] c:\program files\itraffic monitor\iTrafficMon.exe

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Ai Quicker Help] "c:\program files\asus\asus dh remote\AsRc.exe"

mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\Wan\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\Wan\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &Clean Traces - <no file>

IE: &Download with &DAP - <no file>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Download &all with DAP - <no file>

IE: Download all with Free Download Manager - <no file>

IE: Download selected with Free Download Manager - <no file>

IE: Download video with Free Download Manager - <no file>

IE: Download with Free Download Manager - <no file>

IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346049785546

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

TCP: NameServer = 192.168.5.1

TCP: Interfaces\{26C26DE0-0E91-4DB6-AF5E-A239E12A4315} : DHCPNameServer = 192.168.5.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\Wan\application data\mozilla\firefox\profiles\yfswzluq.default\

FF - prefs.js: browser.startup.homepage - about:home

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 193552]

R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-11-3 67584]

R2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\ez-backup\ez-backup manager\EzBackup.exe [2010-5-30 1124352]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-8-28 99896]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-6-12 12184]

R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-4-7 3857408]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-5 5554552]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-5 451960]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-9-11 103040]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-5 10752]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-30 1691480]

S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-12-2 20328]

S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaii.sys --> c:\windows\system32\drivers\deltaII.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 42648]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 12184]

S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-8-28 17408]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2012-3-18 176128]

S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-7-13 98672]

S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-7-13 14960]

S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-7-13 124016]

S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-7-13 117872]

S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-7-13 25456]

S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-7-13 113904]

S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-7-13 123504]

S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-7-13 155344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"

FileExt: .ini: Ini File=notepad.exe %1

.

=============== Created Last 30 ================

.

2012-11-28 04:09:26 -------- d-----w- C:\_OTM

2012-11-27 06:09:50 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1054bc18-65d5-4bfb-84d9-092a02f2369d}\offreg.dll

2012-11-27 00:34:08 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1054bc18-65d5-4bfb-84d9-092a02f2369d}\mpengine.dll

2012-11-26 16:32:43 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-11-26 06:19:05 -------- d-----w- c:\program files\ESET

2012-11-26 00:37:02 -------- d-sha-r- C:\cmdcons

2012-11-26 00:35:24 98816 ----a-w- c:\windows\sed.exe

2012-11-26 00:35:24 256000 ----a-w- c:\windows\PEV.exe

2012-11-26 00:35:24 208896 ----a-w- c:\windows\MBR.exe

2012-11-24 23:12:42 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2012-11-24 22:53:56 1863682 ----a-w- C:\MGtools.exe

2012-11-24 19:44:49 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat

2012-11-24 19:44:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-24 18:55:34 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-11-24 18:55:25 -------- d-----w- c:\program files\TGF Interactive

2012-11-24 02:31:14 -------- d-----w- c:\documents and settings\Wan\local settings\application data\TX16Wx

2012-11-24 02:30:36 -------- d-----w- c:\program files\TX16Wx Software Sampler

2012-11-05 05:22:03 -------- d-----w- c:\documents and settings\Wan\application data\MetroTwit

2012-11-05 05:21:27 -------- d-----w- c:\documents and settings\Wan\local settings\application data\Deployment

2012-11-05 05:13:50 -------- d-----w- c:\documents and settings\Wan\application data\Jane

2012-11-03 20:00:58 -------- d-----w- c:\program files\Cobian Backup 11

.

==================== Find3M ====================

.

2012-11-25 04:25:14 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-25 04:25:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-17 08:00:07 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-09-17 08:00:06 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-09-01 20:20:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-01 20:20:31 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-31 05:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

============= FINISH: 20:18:26.56 ===============

ATTACH.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/30/2010 11:08:47 AM

System Uptime: 11/27/2012 8:11:11 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | LGA 775 | 2404/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 50 GiB total, 4.521 GiB free.

D: is FIXED (NTFS) - 546 GiB total, 65.481 GiB free.

E: is Removable

F: is Removable

H: is Removable

J: is FIXED (NTFS) - 932 GiB total, 65.963 GiB free.

V: is CDROM ()

W: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter

Device ID: USB\VID_0BDA&PID_8187\0015AF09B8F7

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter #2

PNP Device ID: USB\VID_0BDA&PID_8187\0015AF09B8F7

Service: RTLWUSB

.

==== System Restore Points ===================

.

RP920: 11/19/2012 11:07:21 PM - Software Distribution Service 3.0

RP921: 11/21/2012 12:18:15 AM - System Checkpoint

RP922: 11/21/2012 8:14:35 PM - Software Distribution Service 3.0

RP923: 11/22/2012 9:20:30 PM - System Checkpoint

RP924: 11/23/2012 6:31:08 AM - Software Distribution Service 3.0

RP925: 11/23/2012 6:30:35 PM - Installed TX16Wx Software Sampler 2 (x86)

RP926: 11/24/2012 10:49:16 AM - Software Distribution Service 3.0

RP927: 11/24/2012 11:07:09 AM - Revo Uninstaller's restore point - Genius Box

RP928: 11/24/2012 11:07:40 AM - Removed Genius Box

RP929: 11/24/2012 11:35:27 AM - Installed Java 7 Update 9

RP930: 11/25/2012 12:33:20 PM - System Checkpoint

RP931: 11/26/2012 8:32:41 AM - Software Distribution Service 3.0

RP932: 11/26/2012 4:34:07 PM - Software Distribution Service 3.0

RP933: 11/27/2012 8:09:56 PM - OTM Restore Point

.

==== Installed Programs ======================

.

??????? 2.6

µTorrent

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Audition 1.5

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Master Collection

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Photoshop Elements 6.0

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader X (10.1.4)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Album Art Downloader XUI 0.44

Amazon MP3 Downloader 1.0.15

AMD Catalyst Install Manager

Anki

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

ASUS DH Remote

Audacity 1.3.12 (Unicode)

Avidemux 2.5 (32-bit)

Bamboo

Belarc Advisor 8.1

Bonjour

Cantabile 2.0 Lite

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CDBurnerXP

CDisplayEx 1.8

CKRename

ClearType Tuning Control Panel Applet

Cobian Backup 11 Gravity

Collab

Connect

Corel WinDVD 9

CPUID CPU-Z 1.59

daHornet Version 1.34

DarkWave Studio 3.7.8

Data Lifeguard Diagnostic for Windows 1.21

Debugging Tools for Windows (x86)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler

Delta

discoDSP HighLife v1.4

Dropbox

DSP/FX v6.2a

Duplicate Cleaner 2.1b

DVD43 v4.6.0

eReg

ESET Online Scanner v3

Exact Audio Copy 0.99pb5

EyeDefender 1.08

EZ-Backup Manager

FileZilla Client 3.5.3

FL Studio 8

FLAC 1.2.1b (remove only)

foobar2000 v1.1.13

FreeFileSync v3.8

GEAR driver installer for x86 and x64

GetDiz

GetDiz 4.5

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

HammerHead Rhythm Station

Handbrake 0.9.4

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Deskjet 3050 J610 series Basic Device Software

HP Deskjet 3050 J610 series Help

HP LaserJet Professional P1100-P1560-P1600 Series

IL Download Manager

Image Resizer Powertoy for Windows XP

Imgur Uploader

inSSIDer

IsoBuster 2.8

iTraffic Monitor v1.0

iTunes

Java 7 Update 9

Java Auto Updater

JavaFX 2.1.0

JMicron JMB36X Driver

Just Great Software EditPad Lite 6.6.3

KeePass Password Safe 2.20.1

kuler

LameXP

Launchy 2.5

Live 8.1

Logitech SetPoint 6.32

Malwarebytes Anti-Malware version 1.65.1.1000

Marvell Miniport Driver

microKORG SoundEditor

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 7.1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Professional 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Windows SDK for Windows 7 (7.1)

MiniTool Power Data Recovery

Miro

Mozilla Firefox 17.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 12.0.1 (x86 en-US)

Mp3tag v2.51

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MultiPar version 1.2.0.5

MusicBee 2.0

MyPhoneExplorer

Native Instruments Controller Editor

Native Instruments Guitar Rig 5

Native Instruments Guitar Rig Mobile I/O

Native Instruments Guitar Rig Session I/O

Native Instruments Kontakt 4

Native Instruments Kontakt Factory Selection

Native Instruments Rig Kontrol 3

Native Instruments Service Center

NetSpeedMonitor 2.5.4.0 x86

Network Stumbler 0.4.0 (remove only)

NexusFont 2.5 (ver 2.5.7.1562)

Octoshape add-in for Adobe Flash Player

PC Probe II

PC Wizard 2010.1.96

PDF Settings CS4

PDFCreator

PdfMerge

Pegtop PMeter

Photoshop Camera Raw

Picasa 3

PicPick

Pixel Bender Toolkit

PoiZone

Poladroid

PowerISO

Quicken 2011

QuickPar 0.9

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

REAPER

ReBirth RB-338 2.0

Recuva

Revo Uninstaller 1.94

rgc:audio sfz VSTi v1.96

rgc:audio sfz+ VSTi v1.01

SABnzbd 0.6.15

SeaTools for Windows

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

sfArk

shortcircuit

Shred 1.06

Skype Toolbars

Skype™ 5.10

Sony Ericsson PC Companion 2.01.210

Speccy

SpeedFan (remove only)

Spotify

Spybot - Search & Destroy

Star Downloader Free

Studio Devil BVC 1.2

Studio Units version 1.1.2

Suite Shared Configuration CS4

SyncToy 2.1 (x86)

TagScanner 5.1.612

Toxic Biohazard

TreeComp 4.0 b14

TreeSize Free V2.7

TubeOhm Alpha-Ray

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 wcaiper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Tweak UI

TweetDeck

TX16Wx Software Sampler 2 (x86)

Unlocker 1.9.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB980182)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.0.4

WD Align - Powered by Acronis

WebFldrs XP

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

Winamp

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

WinPcap 4.1.2

WinRAR archiver

Wireshark 1.6.4

Wunderlist

XnView 1.99

Yahoo Message Archive Decoder 4.5

Yahoo! Detect

Zen 1.6.6

Zune Desktop Theme

.

==== Event Viewer Messages From Past Week ========

.

11/27/2012 9:21:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TouchServicePen service.

11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:28 PM, error: Service Control Manager [7034] - The NIHardwareService service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Wacom Consumer Touch Service service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Cobian Backup 11 Volume Shadow Copy Requester service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V6 service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The HP SI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

11/27/2012 8:09:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/25/2012 6:08:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.373.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.

11/25/2012 4:43:55 PM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.

11/25/2012 4:40:09 PM, error: Service Control Manager [7034] - The EZ-Backup Manager service terminated unexpectedly. It has done this 1 time(s).

11/24/2012 3:57:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/24/2012 3:12:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/24/2012 3:09:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO BANTExt Fips intelppm Lbd MpFilter SCDEmu

11/24/2012 3:08:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/24/2012 11:59:35 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/24/2012 11:25:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

.

==== End Of File ===========================

Link to post
Share on other sites

Thanks for the update, OK we can clean up...

Remove Combofix now that we're done with it

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

We need to remove ESET Online Scanner (If installed).

  • Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER.
  • Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted

Next,

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Next,

Delete the following from your Desktop:

RogueKiller, RK_Quarantine folder and any logs

SystemLook and any logs..

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

Link 1

Link 2

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, if no issues let me know if OK to close the thread...

Thanks,

Kevin...

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.