Jump to content

Recommended Posts

  • Replies 147
  • Created
  • Last Reply

Top Posters In This Topic

Things were going so well this morning.....I'm not sure what has happened. I will try and re-evaluate my issues and post in PC Help as you suggest or just relagate this machine to paperweight status.

How do I attach this post into that forum?

Link to post
Share on other sites

I have left a message in my current PC Help topic to close it and will be returning to HJT Logs.

http://forums.malwarebytes.org/index.php?showtopic=121435

I think I have indentified some new issues that has not been identified in this thread thus far;

When I started this thread I was unable to get HJT to run, I have since been able to run it and would like to request this report be reviewed ( I realize that a pseudo is run in DDS).

I get the BSOD when trying to create a new user account.

I have reviewed the latest malware threats for diagnosis of my symptoms. I find some of the exploits to be familiar, especially in the following families; Bladabindi, Autorun and Bhoban. I have alot of "helpers" and issues with what appears to be IP intrusion. I reset my wireless connection security and reloaded my USB driver from disk, because my USB kept switching away from Windows control. I did this because of a security report (Sec Config Mgr) I ran (it says it fixed) made me believe I had been compromised. I am unsure this is completely resolved as I cannot get back into the console to run it but I intend to keep trying. I have an unknown file in my Winsock files. I have reset it but am still seeing entries that conflict with what KB811259 says it should read. I understand this could also be a compromise in my IP. I have blindly disabled the "non-essential" helpers from running in start-up with no apparent issues so far. I will manually check for their updates at this point.

MSE keeps giving me the message that I have not updated my virus protection in two days, when in fact I update all my Anti-Mals daily due to the current malware threat level (I understand how busy you might be). I have continual Windows Security Alert warnings.

I am unable to send troubleshooting reports to MS but could be due to the Fix-it BETA and I realize this might be an MS issue, but I do not wish to open multiple threads if I can help it. I am trying to diagnose this through my local and group settings. Could this be malware blocking the communication?.

My Desktop Icon tray needs to be reset constantly. Not sure why.

I would like your opinion on disabling Java 7, my add/delete shows release 10, my files show release 11 is installed. I might also have problems with Adobe and I am watching various threads for continued alerts on these two.

My monitor issues are changing somewhat: I can now use MBAM without obstruction and I am OK now when using search engines for anti-mal sites. Getting in to open MSE to run scans and into anti-viral websites continues to be a big problem. I cannot afford paid Anti-Mal, and am considering reloading either free AVG or Comodo (I kick myself for uninstalling them during the threat crisis). By the way, I was not running them concurrently. I am trying to uninstall some of their residuals....carefully! What is your opinion on this if you can?

The frustration in my previous post (paperweight) came about when I thought I was on the right path to recovery then my computer started to go haywire with so many issues I didn't understand or could keep up with. I just did a restore and shut it down. I now see that many threats were being updated during this time. This raises my suspicions once more.

If you would continue assisting me, or passing me on to other to assist, I would be extremely greatful.

Link to post
Share on other sites

Howdy preconmanager. :)

Getting in to open MSE to run scans and into anti-viral websites continues to be a big problem. I cannot afford paid Anti-Mal, and am considering reloading either free AVG or Comodo (I kick myself for uninstalling them during the threat crisis). By the way, I was not running them concurrently. I am trying to uninstall some of their residuals....carefully! What is your opinion on this if you can?

Leave it for the time being. If you do indeed have malware then you might run into issues. We can deal with this later.

I am unable to send troubleshooting reports to MS but could be due to the Fix-it BETA and I realize this might be an MS issue, but I do not wish to open multiple threads if I can help it. I am trying to diagnose this through my local and group settings. Could this be malware blocking the communication?.

Hard to say. It could be. Maybe it is just part of the many issues you have on your computer atm.

Let's start with OTL. Please post a fresh log from OTL.

Link to post
Share on other sites

I appreciate you returning and helping out

OTL logfile created on: 1/23/2013 9:48:00 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 509.04 Mb Available Physical Memory | 53.11% Memory free

2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.83% Paging File free

Paging file location(s): C:\pagefile.sys 1437 1437 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 177.81 Gb Total Space | 149.85 Gb Free Space | 84.28% Space Free | Partition Type: NTFS

Drive D: | 8.49 Gb Total Space | 0.40 Gb Free Space | 4.74% Space Free | Partition Type: FAT32

Drive K: | 7.28 Gb Total Space | 6.54 Gb Free Space | 89.86% Space Free | Partition Type: NTFS

Computer Name: CORNHSKRS1 | User Name: HP_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 21:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

PRC - [2012/12/31 21:21:46 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe

PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe

PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe

PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/09 01:17:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll

MOD - [2013/01/09 01:17:25 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

MOD - [2013/01/09 01:17:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

MOD - [2013/01/09 01:15:18 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2013/01/09 01:15:17 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2013/01/09 01:15:12 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2013/01/09 01:15:00 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

MOD - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe

MOD - [2010/07/09 16:38:00 | 000,286,720 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll

MOD - [2010/02/03 11:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll

MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2005/08/02 23:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013/01/19 23:09:01 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/18 17:59:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/31 21:21:46 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/09/23 06:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)

SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)

SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)

SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2008/04/13 16:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2008/04/13 16:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MFWCtwl.sys -- (SamsungMonitorFirmware)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)

DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/06/22 03:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2008/12/04 05:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)

DRV - [2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2005/12/12 15:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/11/21 16:27:15 | 000,021,120 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{085326CB-51A3560A-05010003})

DRV - [2005/07/29 16:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/07/29 16:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/06/29 16:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)

DRV - [2005/03/09 12:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/08/09 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2004/08/09 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2004/08/03 13:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

DRV - [2003/11/05 06:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {580E20EE-5EC3-480C-8BB1-8065078D64D7}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{580E20EE-5EC3-480C-8BB1-8065078D64D7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{11DBEFBC-BDD6-450B-836B-726914EE0A20}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=8W&apn_dtid=YYYYYYT2US&apn_uid=7180f432-45bd-4b15-8dc2-2f441849a123&apn_sauid=FC0FEDBC-D4B3-4DC5-B80B-29957050ED6A

IE - HKCU\..\SearchScopes\{580E20EE-5EC3-480C-8BB1-8065078D64D7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_enUS516

IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8ED78D72-5185-4E7A-BA8A-14F96E679640}&mid=dd84e028671247d19312d15e77eb6dc2-77ed74525ca4a002ea35700d50ae21a03af7db95〈=en&ds=AVG&pr=pr&d=2012-12-09 14:18:08&v=13.3.0.17&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll File not found

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 18:00:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/21 13:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2012/12/12 21:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nwhnc90v.default\extensions

[2013/01/18 17:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/01/18 18:00:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/12/30 11:31:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/12/30 11:31:09 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://us.yahoo.com?fr=fpc-comodo

CHR - homepage: http://us.yahoo.com?fr=fpc-comodo

O1 HOSTS File: ([2013/01/18 23:42:57 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340928547156 (MUWebControl Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab (GMNRev Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (LogData Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E518782A-6667-464A-9A06-0CE54C8FA163}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F70B6B08-5B6D-4E73-A19F-A0A751D2F05B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\viprotocol - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/09 16:17:46 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

Link to post
Share on other sites

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 15:06:49 | 000,642,432 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys

[2013/01/22 15:06:46 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll

[2013/01/22 15:06:46 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll

[2013/01/22 15:06:46 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys

[2013/01/22 15:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard

[2013/01/22 15:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR

[2013/01/22 15:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield

[2013/01/21 10:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\AppVerifierLogs

[2013/01/21 10:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Application Verifier

[2013/01/21 10:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier

[2013/01/20 23:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem

[2013/01/20 22:20:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent

[2013/01/19 17:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Uninstaller Tool(Comodo Forums)

[2013/01/19 01:02:27 | 000,141,640 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5DCF3DE2.sys

[2013/01/18 23:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2013/01/18 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2013/01/18 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information

[2013/01/18 23:34:09 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe

[2013/01/18 23:11:51 | 000,000,000 | ---D | C] -- C:\RegBackup

[2013/01/18 21:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware

[2013/01/18 20:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2013/01/18 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility

[2013/01/18 17:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/01/18 17:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone

[2013/01/17 13:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\VSRevoGroup

[2013/01/17 12:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/01/17 12:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Revo Uninstaller

[2013/01/17 10:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\ACW

[2013/01/17 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis

[2013/01/17 08:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/01/17 08:32:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/01/16 07:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com

[2013/01/15 15:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Search

[2013/01/15 14:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Desktop Search

[2013/01/15 14:35:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll

[2013/01/15 14:35:51 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll

[2013/01/15 14:35:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll

[2013/01/15 00:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2013/01/15 00:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2013/01/15 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/01/14 11:29:04 | 000,000,000 | ---D | C] -- C:\Samsung

[2013/01/13 22:44:48 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll

[2013/01/13 22:05:54 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2013/01/13 22:04:59 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs

[2013/01/12 08:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2013/01/11 14:54:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/01/11 14:54:15 | 000,000,000 | ---D | C] -- C:\tdsskiller

[2013/01/11 14:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine

[2013/01/10 21:20:17 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/01/10 13:30:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/01/10 13:30:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/01/10 13:30:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/01/10 13:30:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/01/10 13:29:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/10 13:29:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/01/10 13:03:38 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/01/07 10:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\FixItCenter

[2013/01/07 10:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS

[2013/01/06 16:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Boot.ini File Copy

[2013/01/06 11:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/01/06 00:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData

[2013/01/06 00:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling

[2013/01/06 00:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started

[2013/01/06 00:17:46 | 000,000,000 | ---D | C] -- C:\swsetup

[2013/01/05 17:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sonic

[2013/01/05 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\LUA Protocol

[2013/01/05 14:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads

[2013/01/04 18:46:01 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\FixitCenter_Run.exe

[2013/01/04 18:39:35 | 000,000,000 | ---D | C] -- C:\MATS

[2013/01/04 09:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/01/04 09:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/01/03 10:55:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm

[2013/01/03 10:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[2013/01/03 10:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WinUpdates

[2013/01/02 20:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\A&ADemo

[2013/01/02 20:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Atari

[2013/01/02 20:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atari

[2013/01/02 10:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\GeekBuddyRSP

[2013/01/01 21:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer

[2012/12/31 23:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun

[2012/12/31 21:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/12/31 21:22:30 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2012/12/31 21:22:30 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/12/31 21:22:30 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/12/31 21:22:19 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/12/31 21:22:19 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/12/31 21:22:19 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2012/12/31 21:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2012/12/30 11:46:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Favorites

[2012/12/29 18:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO

[2012/12/29 18:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP

[2012/12/29 18:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\COMODO

[2012/12/29 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo

[2012/12/29 18:01:07 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine

[2012/12/27 19:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IsolatedStorage

[2012/12/27 19:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP

[2012/12/27 15:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes

[2012/12/27 14:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\SecurityScans

[2012/12/27 14:04:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012/12/27 09:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Security

[2012/12/25 18:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2011/11/25 12:52:11 | 068,771,184 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe

[2011/04/29 20:21:39 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe

[2011/04/14 07:24:16 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe

[2011/04/04 11:25:21 | 287,796,859 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\aa_demo_setup.exe

========== Files - Modified Within 30 Days ==========

[2013/01/23 21:44:29 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk

[2013/01/23 21:30:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/01/23 21:30:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job

[2013/01/23 21:21:02 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job

[2013/01/23 21:20:59 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2013/01/23 21:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/23 21:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/23 00:07:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/22 21:04:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/01/22 20:52:24 | 000,009,298 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2013/01/22 15:11:29 | 000,588,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/22 15:11:29 | 000,119,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/22 15:07:36 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2013/01/22 15:06:45 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk

[2013/01/22 15:06:45 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk

[2013/01/21 12:37:57 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to dds.com.pif

[2013/01/21 10:34:19 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Application Verifier.lnk

[2013/01/21 00:10:13 | 000,001,125 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/01/21 00:10:13 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/20 23:19:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2013/01/20 23:19:45 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Security Essentials.lnk

[2013/01/20 22:30:23 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\pcdhdm.cpl

[2013/01/19 23:09:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/01/19 23:09:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/01/19 16:48:22 | 000,004,819 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/01/19 16:44:48 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2013/01/19 16:44:47 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2013/01/19 16:44:40 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/19 16:44:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2013/01/19 16:39:02 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/01/19 15:26:03 | 000,001,282 | RHS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.pol

[2013/01/19 01:02:28 | 000,141,640 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5DCF3DE2.sys

[2013/01/18 23:49:16 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2013/01/18 23:42:57 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/01/18 23:42:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2013/01/18 23:42:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2013/01/18 21:05:50 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk

[2013/01/18 20:56:22 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/01/18 20:56:22 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/01/18 20:53:41 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to LSDiagnosticUtility.exe.lnk

[2013/01/17 13:29:47 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2013/01/17 12:04:01 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk

[2013/01/16 06:41:09 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.lnk

[2013/01/15 14:37:29 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2013/01/11 16:34:58 | 151,469,960 | ---- | M] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe

[2013/01/10 21:50:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_188

[2013/01/10 21:20:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini

[2013/01/10 13:20:46 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Excel 2003.lnk

[2013/01/08 07:32:44 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2003.lnk

[2013/01/07 10:32:23 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk

[2013/01/06 19:44:12 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb

[2013/01/06 11:04:57 | 000,011,892 | ---- | M] () -- C:\WINDOWS\CUAppUsage.Dat

[2013/01/05 21:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/01/05 15:51:11 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\LUA Protocol.lnk

[2013/01/04 18:46:01 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\FixitCenter_Run.exe

[2013/01/03 22:32:49 | 000,027,678 | ---- | M] () -- C:\Program Files\CisReport_v6.0.260739.2674_20130103-223244.zip

[2013/01/02 20:31:36 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Axis & Allies Demo.lnk

[2013/01/02 08:13:50 | 000,008,404 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-081346.zip

[2013/01/02 05:34:21 | 000,007,221 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-053412.zip

[2013/01/01 20:24:14 | 000,007,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130101-202403.zip

[2012/12/31 21:21:48 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2012/12/31 21:21:46 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2012/12/31 21:21:46 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012/12/31 21:21:46 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/12/31 21:21:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/12/31 21:21:46 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/12/31 21:21:46 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/12/31 19:32:23 | 000,000,004 | ---- | M] () -- C:\WINDOWS\CSCCompactState

[2012/12/31 18:26:24 | 000,000,280 | ---- | M] () -- C:\Boot.bak

[2012/12/31 14:05:00 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Solitaire.lnk

[2012/12/30 12:44:10 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2012/12/28 15:49:52 | 000,005,956 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/12/27 13:15:43 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Hearts.lnk

[2012/12/26 12:32:00 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2013/01/23 21:44:29 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk

[2013/01/22 20:25:20 | 000,009,298 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2013/01/22 15:06:46 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2013/01/22 15:06:45 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk

[2013/01/22 15:06:45 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk

[2013/01/21 12:37:57 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to dds.com.pif

[2013/01/21 10:34:19 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Application Verifier.lnk

[2013/01/21 00:10:13 | 000,001,125 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/01/20 23:23:05 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Security Essentials.lnk

[2013/01/20 23:19:45 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/01/20 15:21:41 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/01/19 16:44:48 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2013/01/19 16:44:47 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2013/01/19 16:44:02 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2013/01/19 16:44:02 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk

[2013/01/18 21:05:50 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk

[2013/01/18 20:56:22 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/01/18 20:56:22 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2013/01/18 20:56:22 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/01/18 20:53:41 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to LSDiagnosticUtility.exe.lnk

[2013/01/18 17:02:05 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2013/01/17 12:04:01 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk

[2013/01/17 08:32:34 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/16 06:41:09 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.lnk

[2013/01/15 14:37:29 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk

[2013/01/15 14:37:29 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2013/01/13 21:58:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/11 16:28:50 | 151,469,960 | ---- | C] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe

[2013/01/10 13:30:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/01/10 13:30:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/01/10 13:30:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/01/10 13:30:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/01/10 13:30:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/01/07 10:36:06 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job

[2013/01/07 10:36:04 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job

[2013/01/07 10:32:23 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk

[2013/01/07 10:32:23 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk

[2013/01/06 19:44:11 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb

[2013/01/06 06:34:14 | 000,043,609 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb

[2013/01/05 15:47:22 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\LUA Protocol.lnk

[2013/01/03 22:32:47 | 000,027,678 | ---- | C] () -- C:\Program Files\CisReport_v6.0.260739.2674_20130103-223244.zip

[2013/01/02 20:31:36 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Axis & Allies Demo.lnk

[2013/01/02 08:13:49 | 000,008,404 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-081346.zip

[2013/01/02 05:34:20 | 000,007,221 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-053412.zip

[2013/01/01 20:24:13 | 000,007,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130101-202403.zip

[2013/01/01 19:59:44 | 000,011,892 | ---- | C] () -- C:\WINDOWS\CUAppUsage.Dat

[2012/12/31 19:27:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\CSCCompactState

[2012/12/30 11:48:23 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/12/30 11:48:23 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk

[2012/12/28 15:49:52 | 000,005,956 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/12/09 20:12:42 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config

[2012/12/09 10:12:29 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2012/12/06 16:39:33 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2012/12/06 16:39:33 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2012/12/06 16:39:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2012/12/06 16:38:32 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2012/02/15 16:30:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/26 19:46:24 | 000,000,448 | ---- | C] () -- C:\Program Files\0126201219462482.bat

[2012/01/06 17:22:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF645.ini

[2011/11/25 19:49:45 | 000,000,458 | ---- | C] () -- C:\Program Files\1125201119494514.bat

[2011/11/25 13:33:00 | 000,042,836 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/05/17 09:29:13 | 000,001,282 | RHS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.pol

[2011/05/15 19:10:29 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2011/05/15 19:10:29 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2011/05/15 19:10:28 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2011/05/15 19:10:28 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2011/05/15 19:10:28 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2011/05/15 19:10:28 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini

[2011/04/16 13:59:30 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2011/04/16 13:59:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2011/04/16 13:58:13 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2009/05/23 15:06:03 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/23 14:55:22 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/30 19:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/03/09 16:17:46 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT

[2012/12/31 18:26:24 | 000,000,280 | ---- | M] () -- C:\Boot.bak

[2013/01/10 21:20:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini

[2004/08/09 13:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2013/01/10 21:54:34 | 000,024,858 | ---- | M] () -- C:\ComboFix.txt

[2005/08/30 20:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2013/01/04 18:46:01 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\FixitCenter_Run.exe

[2012/01/07 20:53:06 | 069,744,132 | ---- | M] () -- C:\hpWebHelper.log

[2005/08/30 20:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2005/08/30 20:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/09 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011/04/04 15:52:22 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2013/01/23 21:20:17 | 1506,803,712 | -HS- | M] () -- C:\pagefile.sys

[2013/01/23 00:01:26 | 000,006,792 | ---- | M] () -- C:\resetlog.txt

[2013/01/11 16:34:58 | 151,469,960 | ---- | M] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe

[2013/01/19 11:27:39 | 000,066,282 | ---- | M] () -- C:\SIGNED.TXT

[2013/01/19 11:27:39 | 000,092,506 | ---- | M] () -- C:\SIGVERIF.TXT

[2004/06/11 15:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

[2013/01/06 21:31:56 | 000,093,816 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.01.2013_21.31.19_log.txt

[2013/01/11 14:55:53 | 000,003,768 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_11.01.2013_14.55.21_log.txt

[2013/01/11 15:40:03 | 000,356,756 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_11.01.2013_15.00.58_log.txt

[2013/01/19 11:27:39 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT

[2013/01/19 11:27:39 | 000,025,560 | ---- | M] () -- C:\UNSCANNED.TXT

[2013/01/19 11:27:34 | 000,002,124 | ---- | M] () -- C:\UNSIGNED.TXT

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\volsnap.sys:SummaryInformation

< End of report >

Link to post
Share on other sites

Hello preconmanager,

Glad to be of help. Hopefully we can solve this issue.

There is always the option of reformatting, if you want to take the quick way out?

In the interim:

Please go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time.

C:\WINDOWS\armcex.dll

Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please resend the file.

Link to post
Share on other sites

<table style="margin-bottom:8px;margin-left:8px;">

<tbody>

<tr>

<td>

SHA256:</td>

<td>

244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708</td>

</tr>

<tr class="collapsable hide" style="display: table-row;">

<td>

SHA1:</td>

<td>

881df4df08eeba9390ff6ffeff6a49aea73045bd</td>

</tr>

<tr class="collapsable hide" style="display: table-row;">

<td>

MD5:</td>

<td>

21850af423e983904cd63d43a560387d</td>

</tr>

<tr class="collapsable hide" style="display: table-row;">

<td>

File size:</td>

<td>

49.0 KB ( 50176 bytes )</td>

</tr>

<tr>

<td>

File name:</td>

<td>

ARMCEX.DLL</td>

</tr>

<tr class="collapsable hide" style="display: table-row;">

<td>

File type:</td>

<td>

Win32 DLL</td>

</tr>

<tr>

<td>

Detection ratio:</td>

<td class="text-green ">

0 / 46</td>

</tr>

<tr>

<td>

Analysis date:</td>

<td>

2013-01-24 07:05:21 UTC ( 0 minutes ago )</td>

</tr>

</tbody>

</table>

<div id="votes-resume" style="float:right; margin-right:10px;">

<div class="popover-spot" data-content="This file has a reputation of 0 in an scale from -100 to 100" data-original-title="Reputation" data-placement="left" rel="popover" style="clear:both; float:right; width:125px;"><img id="google-o-meter" src="https://chart.googleapis.com/chart?chs=120x60&cht=gom&chco=d60c1A,379f32&chds=-100,100&chd=t:0" /></div>

<div style="clear:both;">

<div class="thumb-up" style="padding-left:8px;float:right">

<div class="value text-green" id="harmless-votes" style="float:right">0</div>

</div>

<div class="thumb-down" style="float:right">

<div class="value text-red" id="malicious-votes" style="float:right;display:block">0</div>

</div>

</div>

</div>

<div class="center toggle less" id="toggle-details">Less details</div>

<ul class="nav nav-tabs" id="tabs" style="float: none; display: block;">

<li class="active"><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#analysis">Analysis</a></li>

<li><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#comments">Comments</a></li>

<li><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#votes">Votes</a></li>

<li><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#additional-info">Additional information</a></li>

</ul>

<table class="table table-bordered table-striped" id="antivirus-results">

<thead>

<tr>

<th class="header headerSortDown">

Antivirus</th>

<th class="header" id="results-header" style="cursor:pointer;">

Result</th>

<th class="header">

Update</th>

</tr>

</thead>

<tbody>

<tr>

<td>

Agnitum</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

AhnLab-V3</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

AntiVir</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Antiy-AVL</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

Avast</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

AVG</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

BitDefender</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

ByteHero</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

CAT-QuickHeal</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

ClamAV</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Commtouch</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Comodo</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

DrWeb</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Emsisoft</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

eSafe</td>

<td>

-</td>

<td>

20130120</td>

</tr>

<tr>

<td>

ESET-NOD32</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

F-Prot</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

F-Secure</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Fortinet</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

GData</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Ikarus</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Jiangmin</td>

<td>

-</td>

<td>

20121221</td>

</tr>

<tr>

<td>

K7AntiVirus</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

Kaspersky</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Kingsoft</td>

<td>

-</td>

<td>

20130121</td>

</tr>

<tr>

<td>

Malwarebytes</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

McAfee</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

McAfee-GW-Edition</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Microsoft</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

MicroWorld-eScan</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

NANO-Antivirus</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Norman</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

nProtect</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Panda</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

PCTools</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Rising</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Sophos</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

SUPERAntiSpyware</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

Symantec</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

TheHacker</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

TotalDefense</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

TrendMicro</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

TrendMicro-HouseCall</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

VBA32</td>

<td>

-</td>

<td>

20130123</td>

</tr>

<tr>

<td>

VIPRE</td>

<td>

-</td>

<td>

20130124</td>

</tr>

<tr>

<td>

ViRobot</td>

<td>

-</td>

<td>

20130124</td>

</tr>

</tbody>

</table>

<p> </p>

Link to post
Share on other sites

Evening preconmanager,

OK.

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Link to post
Share on other sites

I re-ran the disk but did not run the scan. In the menu before the scan, there is an update key which says "Database Status Out of Date" as of 1/19/13.

Upon pressing the update button I got a malfunction notice that the "update source could not be found".

I poked around and found the following notification "Start Objects Scan-completed 15730 days ago. This was on a page showing the date of 1/25/13.

The internet connection was disconnected (lower right icon tray). I opened and found a notification menu and it said "unknown host www....(I've hidden)....com.".

This program could not connect to the Internet for an update.

I tried to record what I found with a screen shot, but could find no way to save it, I also tried to capture the page link no luck.

I could not find my file in the program cabinet, so the program didn't complete the copy to my C: files.

A side note: When running this program I did experience some screen distortion (1 inch black screen obstruction horizontally one side to the other) at times.

Link to post
Share on other sites

At conclusion of the scan, I was not prompted or did I see any popup regarding found objects.

I have files in C: now that I do not believe were on the original disk. I did not open because I do not recognize the file type:

There is a "report" subfile with the following tree below. They are all small (up to 11KB)

00-DAT Files.

0A-DAT Files

01 through 09 Files with typical entries

Detected.idx

Detected.rpt

3 more DAT Files

report.rpt

There is a scanobject file under the main withour a file type.

The qb subfile is showing no files.

Would you like me to "attach" these?

Link to post
Share on other sites

No need preconmanager, but thank you.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Farbar Service Scanner Version: 16-01-2013

Ran by HP_Administrator (administrator) on 25-01-2013 at 22:06:31

Running from "K:\"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys

[2004-08-09 20:00] - [2004-08-09 13:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Bridge(9) BridgeMP(8) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(11) NwlnkNb(12) PSched(7) Tcpip(3) Tcpip6(10)

0x0D000000040000000100000002000000030000000A0000000D0000000E00000005000000060000000700000008000000090000000B000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Good evening preconmanager,

OK that log didn't find anything amiss.

Please delete your current copy of ComboFix. Then, pease follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 13-01-26.02 - HP_Administrator 01/26/2013 8:58.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.464 [GMT -8:00]

Running from: c:\documents and settings\HP_Administrator\My Documents\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\HP_Administrator\Templates\Folder Options.lnk

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))

.

.

2013-01-26 10:35 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D865110-D78B-47EC-B7BB-B6F5F0926788}\mpengine.dll

2013-01-25 10:03 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-24 22:45 . 2013-01-25 00:02 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-01-23 18:29 . 2013-01-25 05:53 -------- d-----w- c:\documents and settings\Amanda1998

2013-01-23 07:47 . 2013-01-23 07:47 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-22 23:06 . 2009-11-06 16:26 642432 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys

2013-01-22 23:06 . 2010-02-03 19:21 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2013-01-22 23:06 . 2013-01-22 23:06 -------- d-----w- c:\program files\NETGEAR

2013-01-22 23:05 . 2013-01-22 23:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\InstallShield

2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\documents and settings\HP_Administrator\AppVerifierLogs

2013-01-21 18:32 . 2013-01-21 18:32 -------- d-----w- c:\program files\Application Verifier

2013-01-21 07:35 . 2013-01-21 07:35 -------- d-----w- c:\program files\LSI SoftModem

2013-01-21 06:09 . 2013-01-21 06:09 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\PCHealth

2013-01-20 01:37 . 2013-01-20 01:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uninstaller Tool(Comodo Forums)

2013-01-19 09:02 . 2013-01-19 09:02 141640 ----a-w- c:\windows\system32\drivers\5DCF3DE2.sys

2013-01-19 07:45 . 2013-01-26 07:13 -------- d-----w- c:\windows\system32\CatRoot2

2013-01-19 07:34 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe

2013-01-19 07:11 . 2013-01-19 07:11 -------- d-----w- C:\RegBackup

2013-01-19 05:25 . 2013-01-19 05:25 -------- d-----w- c:\windows\Microsoft Antimalware

2013-01-19 04:54 . 2013-01-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

2013-01-19 04:45 . 2013-01-19 04:45 -------- d-----w- c:\program files\LightScribe Diagnostic Utility

2013-01-17 21:05 . 2013-01-17 21:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\VSRevoGroup

2013-01-17 20:04 . 2013-01-17 20:04 -------- d-----w- c:\program files\VS Revo Group

2013-01-17 18:56 . 2013-01-17 18:56 -------- d-----w- c:\program files\ACW

2013-01-17 16:32 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-16 15:02 . 2013-01-21 06:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com

2013-01-15 23:09 . 2013-01-15 23:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Windows Search

2013-01-15 22:37 . 2013-01-15 22:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search

2013-01-15 22:35 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2013-01-15 22:35 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2013-01-15 22:35 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2013-01-15 08:25 . 2013-01-26 16:51 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-01-15 08:25 . 2013-01-15 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2013-01-14 19:29 . 2013-01-14 19:29 -------- d-----w- C:\Samsung

2013-01-14 06:44 . 2001-08-17 22:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2013-01-14 06:05 . 2013-01-19 07:49 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-01-14 06:04 . 2013-01-19 07:49 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2013-01-12 16:59 . 2013-01-12 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2013-01-12 00:28 . 2013-01-12 00:34 151469960 ----a-w- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe

2013-01-11 22:54 . 2013-01-11 22:54 -------- d-----w- C:\tdsskiller

2013-01-10 21:03 . 2013-01-10 21:03 -------- d-----w- C:\_OTL

2013-01-08 17:07 . 2013-01-08 17:07 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple

2013-01-07 18:42 . 2013-01-07 18:42 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\FixItCenter

2013-01-07 18:32 . 2013-01-07 18:32 -------- d-----w- c:\windows\MATS

2013-01-06 19:09 . 2013-01-21 07:19 -------- d-----w- c:\program files\Microsoft Security Client

2013-01-06 08:21 . 2013-01-06 08:21 -------- d-----w- C:\ProgramData

2013-01-06 08:18 . 2013-01-06 08:18 -------- d---a-w- c:\program files\Common Files\LS Getting Started

2013-01-06 08:17 . 2013-01-19 04:04 -------- d---a-w- C:\swsetup

2013-01-06 01:37 . 2013-01-06 01:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic

2013-01-05 02:46 . 2013-01-05 02:46 450352 ----a-w- C:\FixitCenter_Run.exe

2013-01-05 02:39 . 2013-01-20 22:07 -------- d-----w- C:\MATS

2013-01-04 17:58 . 2013-01-04 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-01-04 17:58 . 2013-01-21 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-03 18:55 . 2013-01-03 18:55 -------- d-----w- c:\windows\system32\winrm

2013-01-03 18:54 . 2013-01-03 18:55 -------- dc----w- c:\windows\$968930Uinstall_KB968930$

2013-01-03 18:54 . 2013-01-03 19:00 -------- d-----w- c:\documents and settings\HP_Administrator\WinUpdates

2013-01-03 04:30 . 2013-01-03 04:30 -------- d-----w- c:\program files\Atari

2013-01-03 04:29 . 2013-01-03 04:29 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2013-01-03 04:29 . 2013-01-03 04:29 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2013-01-03 01:13 . 2013-01-03 01:13 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\isp2A.tmp\Setup.dll

2013-01-03 01:13 . 2013-01-03 01:13 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\isp2D.tmp\IGdi.dll

2013-01-03 01:13 . 2003-02-28 00:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2013-01-03 01:13 . 2002-12-05 22:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2013-01-03 01:13 . 2002-12-02 23:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2013-01-03 01:13 . 2002-12-02 21:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2013-01-03 01:13 . 2002-12-02 21:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2013-01-02 19:13 . 2013-01-02 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2013-01-02 19:12 . 2013-01-02 19:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2013-01-02 19:12 . 2013-01-02 19:12 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Box Sync

2013-01-02 18:58 . 2013-01-02 18:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\GeekBuddyRSP

2013-01-02 05:45 . 2013-01-02 05:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2013-01-01 07:20 . 2013-01-01 07:20 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sun

2013-01-01 05:22 . 2013-01-01 05:22 -------- d-----w- c:\program files\Common Files\Java

2013-01-01 05:22 . 2013-01-01 05:21 859072 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-01-01 05:22 . 2013-01-01 05:21 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-01-01 05:22 . 2013-01-01 05:21 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-01 05:19 . 2013-01-01 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-12-30 02:16 . 2013-01-02 19:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO

2012-12-30 02:16 . 2012-12-30 02:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\GeekBuddyRSP

2012-12-30 02:16 . 2013-01-20 01:49 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\COMODO

2012-12-30 02:16 . 2013-01-17 19:34 -------- d-----w- c:\program files\Comodo

2012-12-30 02:01 . 2013-01-04 02:52 -------- d-----w- C:\CCE_Quarantine

2012-12-28 03:39 . 2012-12-28 03:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\IsolatedStorage

2012-12-28 03:39 . 2012-12-28 03:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\HP

2012-12-27 23:53 . 2012-12-27 23:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2012-12-27 22:28 . 2012-12-27 22:28 -------- d-----w- c:\documents and settings\HP_Administrator\SecurityScans

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-21 06:30 . 2011-05-13 02:13 38400 ----a-w- c:\windows\system32\pcdhdm.cpl

2013-01-20 07:09 . 2012-05-08 02:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-20 07:09 . 2011-12-29 23:49 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-01 05:21 . 2011-12-08 00:52 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-16 12:23 . 2004-08-10 04:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2004-08-10 04:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2009-08-20 00:07 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2004-08-10 04:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec

2012-01-27 03:46 . 2012-01-27 03:46 448 ----a-w- c:\program files\0126201219462482.bat

2011-11-26 03:49 . 2011-11-26 03:49 458 ----a-w- c:\program files\1125201119494514.bat

2011-11-25 21:13 . 2011-11-25 20:52 68771184 ----a-w- c:\program files\iTunesSetup.exe

2011-04-30 04:22 . 2011-04-30 04:21 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe

2011-04-14 15:24 . 2011-04-14 15:24 38808920 ----a-w- c:\program files\FileFormatConverters.exe

2011-04-07 22:10 . 2011-04-04 19:25 287796859 ----a-w- c:\program files\aa_demo_setup.exe

2013-01-19 02:00 . 2013-01-19 01:59 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]

@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"

[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]

2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]

@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"

[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]

2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]

@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"

[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]

2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]

@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"

[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]

2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]

@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"

[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]

2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136]

.

c:\documents and settings\Amanda1998\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136]

.

c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2013-1-22 4577760]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"5985:TCP"= 5985:TCP:Windows Remote Management

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 10:54 AM 116608]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 12:13 PM 38144]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/9/2004 8:00 PM 14336]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [1/22/2013 3:06 PM 642432]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]

S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]

S1 MpKsl0132abf7;MpKsl0132abf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D865110-D78B-47EC-B7BB-B6F5F0926788}\MpKsl0132abf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D865110-D78B-47EC-B7BB-B6F5F0926788}\MpKsl0132abf7.sys [?]

S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [?]

S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [1/22/2013 3:06 PM 285152]

S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 4:27 PM 21120]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]

S3 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys --> c:\windows\system32\drivers\MFWCtwl.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [5/23/2009 4:49 PM 627072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2012-07-02 23:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 07:09]

.

2013-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2013-01-26 c:\windows\Tasks\ConfigExec.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]

.

2013-01-26 c:\windows\Tasks\DataUpload.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]

.

2013-01-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 01:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nwhnc90v.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-23437648.sys

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-26 09:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCD5SRVC{085326CB-51A3560A-05010003}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1696)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Box Sync\BoxIconOverlayHandler.dll

c:\program files\Box Sync\BoxUtils.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\msdtc.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Google\Update\GoogleUpdate.exe

c:\windows\system32\nvsvc32.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\windows\system32\tcpsvcs.exe

c:\windows\System32\snmp.exe

c:\windows\system32\mqsvc.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

.

**************************************************************************

.

Completion time: 2013-01-26 09:12:45 - machine was rebooted

ComboFix Qoobox-quarantined-files.txt 2013-01-26 16:34

ComboFix-quarantined-files.txt 2013-01-26 17:12

ComboFix2.txt 2013-01-11 05:54

.

Pre-Run: 160,234,500,096 bytes free

Post-Run: 160,248,852,480 bytes free

.

- - End Of File - - 50486FF10BA0DA944D8085147A1F2088

Link to post
Share on other sites

G'day preconmanager,

I think the following file is from Kaspersky but I would like to make sure:

Pease go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time.

c:\windows\system32\drivers\5DCF3DE2.sys

Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please resend the file.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.