Jump to content

Need help removing some viruses: Hijack.ControlPanelStyle, Trojan.WinLock, PUM.Hijack.StartMenu


Recommended Posts

Hello again malware forum!!

I discovered that my laptop has a few issues, while trying to fix a laptop for someone else (I have two threads on this forum going at once -- if that's not okay I'll wait until the other is resolved and apologize!). I have and regularly run COMODO Internet Security, but it didn't pick up on the threats MalWare's full system scan picked up:

  • Hijack.ControlPanelStyle
  • Trojan.WinLock
  • PUM.Hijack.StartMenu

(Same as what're in the topic title)

My laptop is rather old and I had to have Windows reinstalled a few years ago due to a virus at that time. In recent weeks I've had several blue screen incidents which are totally new for me and really an issue. (Any info on why that may have happened, especially if because of the viruses, would be greatly appreciated!)

Should I immediately change my passwords on another computer or stay off of the internet with this computer until this issue is resolved?

Anyway, thank you so much whoever looks at this!

Here are the two requested logs:

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2

Run by Owner at 20:18:10 on 2013-03-02

Microsoft Windows XP Professional 5.1.2600.3.1252.352.1033.18.3062.2147 [GMT -5:00]

.

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AIM\aim.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: SFCDisable = dword:-99

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=lb-LU

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [EPSON Stylus C86 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: MaxRecentDocs = dword:18

mPolicies-Explorer: NoSMConfigurePrograms = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoRecentDocsNetHood = dword:1

mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\2uuarflz.default\

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npo1d.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2013-01-15 19:27; jid1-F9UJ2thwoAm5gQ@jetpack; c:\documents and settings\owner\application data\mozilla\firefox\profiles\2uuarflz.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi

FF - ExtSQL: 2013-01-16 18:23; donottrackplus@abine.com; c:\documents and settings\owner\application data\mozilla\firefox\profiles\2uuarflz.default\extensions\donottrackplus@abine.com

.

============= SERVICES / DRIVERS ===============

.

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-10-7 18056]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-10-7 494968]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-10-7 31704]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-10-7 1983232]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-18 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-18 682344]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-18 21104]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

.

=============== File Associations ===============

.

ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"

ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"

.

=============== Created Last 30 ================

.

2013-02-27 03:27:38 16473456 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-02-19 03:22:20 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2013-02-19 03:21:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-02-19 03:21:54 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-19 03:21:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-02-08 04:01:51 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-08 04:01:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-02-27 03:27:42 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-27 03:27:42 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-08 04:01:25 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-02-08 04:01:25 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:32:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:45:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:32:36 1876224 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:48:28 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:48:28 1292288 ----a-w- c:\windows\system32\quartz.dll

2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:31:02 290560 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 20:19:04,04 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 26.08.2010 17:10:49

System Uptime: 02.03.2013 15:23:19 (5 hours ago)

.

Motherboard: Acer | | Columbia

Processor: Intel® Core2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1828/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 257,933 GiB free.

D: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/Wireless 3945ABG Network Connection

Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10008086&REV_02\4&29E2C51B&0&00E1

Manufacturer: Intel Corporation

Name: Intel® PRO/Wireless 3945ABG Network Connection

PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10008086&REV_02\4&29E2C51B&0&00E1

Service: NETw5x32

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Mass Storage Controller

Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_011F1025&REV_00\4&3B3A03B5&0&32F0

Manufacturer:

Name: Mass Storage Controller

PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_011F1025&REV_00\4&3B3A03B5&0&32F0

Service:

.

==== System Restore Points ===================

.

RP1: 26.08.2010 17:13:06 - System Checkpoint

RP2: 26.08.2010 17:16:07 - Installed Windows KB954550-v5.

RP3: 26.08.2010 17:16:12 - Printer Driver Microsoft XPS Document Writer Installed

RP4: 26.08.2010 16:19:25 - Installed Java 6 Update 13

RP5: 26.08.2010 16:19:47 - Installed User Profile Hive Cleanup Service

RP6: 26.08.2010 16:19:55 - Installed Alt-Tab Task Switcher Powertoy for Windows XP

RP7: 26.08.2010 16:20:14 - Installed Microsoft AppLocale

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 4.65

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 2.0

AIM 7

Alt-Tab Task Switcher Powertoy for Windows XP

ASPCA Tri Reminder by We-Care.com v4.0.13.5

Camera Support Core Library

Canon Camera Support Core Library

Canon Camera WIA Driver

Canon EOS Kiss_N REBEL_XT 350D WIA Driver

Canon iP2600 series

Canon iP2600 series User Registration

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities My Printer

Canon Utilities PhotoStitch 3.1

Canon Utilities Solution Menu

CCleaner

Comcast Desktop Software (v1.2.0.9)

COMODO Internet Security

Diskeeper Professional Premier Edition

Download Updater (AOL LLC)

Dream Aquarium

EPSON Printer Software

Foxit Reader

Google Chrome

Google Talk Plugin

HashCheck Shell Extension (x86-32)

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Java 7 Update 13

Java Auto Updater

Java 6 Update 30

K-Lite Mega Codec Pack 4.7.5

Malwarebytes Anti-Malware version 1.70.0.1100

MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft AppLocale

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows Application Compatibility Database

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Office Genuine Advantage Validation 2.0.48.0 Cracked V4

Open Command Prompt Shell Extension (x86-32)

PhotoStitch

PIXMA Extended Survey Program

QuickTime Alternative 2.8.0

RAW Image Task 2.0

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Click to Call

Skype™ 6.0

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmiiper

TurboTax 2010 wrapper

Unlocker 1.8.7

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Windows (KB971513)

Update for Outlook 2007 Junk Email Filter (KB2522999)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

User Profile Hive Cleanup Service

Wacom Tablet Driver

WebFldrs XP

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows Search 4.0

.

==== Event Viewer Messages From Past Week ========

.

27.02.2013 22:00:34, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 a84d65c0, parameter3 a8144c84, parameter4 a8144980.

27.02.2013 20:37:22, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'NPSWF32_11_5_502_149.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

26.02.2013 09:57:19, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file '2554c0.rbf' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

24.02.2013 20:22:03, error: System Error [1003] - Error code 100000d1, parameter1 00000060, parameter2 00000002, parameter3 00000001, parameter4 85c8cfd5.

24.02.2013 20:20:32, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ntuser.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

24.02.2013 11:44:16, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'LastGood' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello chicacompu.

A copy of the last MBAM scan log would be quite helpful.

After a review of that, plus some additional diagnostics we could determine the severity and impact.

For now, you can keep the system connected, but do not do any websurfing, nor shopping, nor online banking.

Just only go to this forum and the sites I guide you to. Follow my guidance and do not do any fixes or changes nor run other tools on your own.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 4

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

There will be lots more to do later. Meantime have patience and treat this system as if it were in quarantine / isolation.

Link to post
Share on other sites

Thank you Maurice! Here we go...

Rkill.txt

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/05/2013 07:43:37 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe (PID: 524) [sUP-HEUR]

* C:\WINDOWS\system32\Tablet.exe (PID: 1496) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.

Startup Type set to: Automatic

* mnmsrvc [Missing Service]

* wscsvc [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]

+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361 600 : 06/20/2008 00:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]

* C:\WINDOWS\System32\UxTheme.dll [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 03/05/2013 07:44:28 PM

Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)

RKreport

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 03/05/2013 19:49:21

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[Microsoft][HJNAME] notepad.exe -- C:\WINDOWS\system32\notepad.exe [7] -> KILLED [TermProc]

[sUSP PATH] 25.0.1364.152_25.0.1364.97_chrome_updater.exe -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\Install\{BF535812-1A88-419D-8B03-67D88AADAF89}\25.0.1364.152_25.0.1364.97_chrome_updater.exe [7] -> KILLED [TermProc]

[sUSP PATH] setup.exe -- C:\Documents and Settings\Owner\Local Settings\Temp\CR_DC282.tmp\setup.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS +++++

--- User ---

[MBR] df79f9b36fdb07d315213bd8623a3387

[bSP] dc473650ff59efc80121f128dd8df072 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03052013_02d1949.txt >>

RKreport[1]_S_03052013_02d1949.txt

Link to post
Share on other sites

Do as much as you can of the following.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external storage drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Tell me if you can access Control Panel and Security Center.

There will be much more to do later.

Link to post
Share on other sites

Prescan didn't pick up anything, but a scan did. There was an extra item that it found in the registry that you didn't list, so I chose not to delete it. I deleted:

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

RK posted several reports onto my desktop... RKreport (dated 3/5), RKreport[2] (3/7), and RKreport[3] (3/7). Here's RKREPORT[2].TXT:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 03/07/2013 22:11:26

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS +++++

--- User ---

[MBR] df79f9b36fdb07d315213bd8623a3387

[bSP] dc473650ff59efc80121f128dd8df072 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_03072013_02d2211.txt >>

RKreport[1]_S_03052013_02d1949.txt ; RKreport[2]_S_03072013_02d2211.txt

RKreport[3]:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Remove -- Date : 03/07/2013 22:12:39

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS +++++

--- User ---

[MBR] df79f9b36fdb07d315213bd8623a3387

[bSP] dc473650ff59efc80121f128dd8df072 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_03072013_02d2212.txt >>

RKreport[1]_S_03052013_02d1949.txt ; RKreport[2]_S_03072013_02d2211.txt ; RKreport[3]_D_03072013_02d2212.txt

TDSSKILLER Report:

22:24:12.0453 0780 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

22:24:12.0781 0780 ============================================================

22:24:12.0781 0780 Current date / time: 2013/03/07 22:24:12.0781

22:24:12.0781 0780 SystemInfo:

22:24:12.0781 0780

22:24:12.0781 0780 OS Version: 5.1.2600 ServicePack: 3.0

22:24:12.0781 0780 Product type: Workstation

22:24:12.0781 0780 ComputerName: ANONYMOUS

22:24:12.0781 0780 UserName: Owner

22:24:12.0781 0780 Windows directory: C:\WINDOWS

22:24:12.0781 0780 System windows directory: C:\WINDOWS

22:24:12.0781 0780 Processor architecture: Intel x86

22:24:12.0781 0780 Number of processors: 2

22:24:12.0781 0780 Page size: 0x1000

22:24:12.0781 0780 Boot type: Normal boot

22:24:12.0781 0780 ============================================================

22:24:14.0671 0780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

22:24:14.0671 0780 ============================================================

22:24:14.0671 0780 \Device\Harddisk0\DR0:

22:24:14.0671 0780 MBR partitions:

22:24:14.0671 0780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800

22:24:14.0671 0780 ============================================================

22:24:14.0703 0780 C: <-> \Device\Harddisk0\DR0\Partition1

22:24:14.0703 0780 ============================================================

22:24:14.0703 0780 Initialize success

22:24:14.0703 0780 ============================================================

22:24:17.0625 3748 ============================================================

22:24:17.0625 3748 Scan started

22:24:17.0625 3748 Mode: Manual;

22:24:17.0625 3748 ============================================================

22:24:18.0703 3748 ================ Scan system memory ========================

22:24:18.0703 3748 System memory - ok

22:24:18.0703 3748 ================ Scan services =============================

22:24:18.0921 3748 Abiosdsk - ok

22:24:18.0937 3748 abp480n5 - ok

22:24:18.0968 3748 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:24:18.0968 3748 ACPI - ok

22:24:19.0000 3748 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

22:24:19.0000 3748 ACPIEC - ok

22:24:19.0078 3748 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

22:24:19.0093 3748 AdobeFlashPlayerUpdateSvc - ok

22:24:19.0093 3748 adpu160m - ok

22:24:19.0140 3748 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

22:24:19.0140 3748 aec - ok

22:24:19.0187 3748 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys

22:24:19.0187 3748 AFD - ok

22:24:19.0187 3748 Aha154x - ok

22:24:19.0203 3748 aic78u2 - ok

22:24:19.0218 3748 aic78xx - ok

22:24:19.0250 3748 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

22:24:19.0265 3748 Alerter - ok

22:24:19.0265 3748 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

22:24:19.0265 3748 ALG - ok

22:24:19.0281 3748 AliIde - ok

22:24:19.0296 3748 amsint - ok

22:24:19.0328 3748 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

22:24:19.0343 3748 AppMgmt - ok

22:24:19.0437 3748 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:24:19.0453 3748 Arp1394 - ok

22:24:19.0453 3748 asc - ok

22:24:19.0468 3748 asc3350p - ok

22:24:19.0484 3748 asc3550 - ok

22:24:19.0718 3748 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:24:19.0734 3748 aspnet_state - ok

22:24:19.0750 3748 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:24:19.0750 3748 AsyncMac - ok

22:24:19.0781 3748 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

22:24:19.0781 3748 atapi - ok

22:24:19.0796 3748 Atdisk - ok

22:24:19.0828 3748 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:24:19.0828 3748 Atmarpc - ok

22:24:19.0843 3748 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

22:24:19.0843 3748 AudioSrv - ok

22:24:19.0859 3748 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

22:24:19.0859 3748 audstub - ok

22:24:19.0890 3748 [ EA377A8E8E1000877210259750CBBF5F ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

22:24:19.0890 3748 b57w2k - ok

22:24:19.0921 3748 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

22:24:19.0921 3748 Beep - ok

22:24:19.0953 3748 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

22:24:19.0968 3748 BITS - ok

22:24:20.0000 3748 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser C:\WINDOWS\System32\browser.dll

22:24:20.0000 3748 Browser - ok

22:24:20.0015 3748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

22:24:20.0031 3748 cbidf2k - ok

22:24:20.0046 3748 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:24:20.0046 3748 CCDECODE - ok

22:24:20.0046 3748 cd20xrnt - ok

22:24:20.0062 3748 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

22:24:20.0062 3748 Cdaudio - ok

22:24:20.0093 3748 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

22:24:20.0093 3748 Cdfs - ok

22:24:20.0109 3748 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:24:20.0109 3748 Cdrom - ok

22:24:20.0125 3748 Changer - ok

22:24:20.0140 3748 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

22:24:20.0140 3748 CiSvc - ok

22:24:20.0156 3748 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

22:24:20.0156 3748 ClipSrv - ok

22:24:20.0187 3748 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:24:20.0234 3748 clr_optimization_v2.0.50727_32 - ok

22:24:20.0250 3748 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

22:24:20.0250 3748 CmBatt - ok

22:24:20.0390 3748 [ 907324001AE25AC5959C91EAA34CABAE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

22:24:20.0421 3748 cmdAgent - ok

22:24:20.0468 3748 [ 0EC8D44534D96776B04C6908E0B5F4B3 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys

22:24:20.0468 3748 cmderd - ok

22:24:20.0500 3748 [ BEE235831F8E3F0BAACA18B39D285CF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys

22:24:20.0500 3748 cmdGuard - ok

22:24:20.0531 3748 [ DE548946F36CAB62FEC2E6AA0149A619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

22:24:20.0531 3748 cmdHlp - ok

22:24:20.0546 3748 CmdIde - ok

22:24:20.0562 3748 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

22:24:20.0640 3748 Compbatt - ok

22:24:20.0656 3748 COMSysApp - ok

22:24:20.0687 3748 Cpqarray - ok

22:24:20.0718 3748 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

22:24:20.0718 3748 CryptSvc - ok

22:24:20.0718 3748 dac2w2k - ok

22:24:20.0734 3748 dac960nt - ok

22:24:20.0765 3748 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

22:24:20.0781 3748 DcomLaunch - ok

22:24:20.0796 3748 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

22:24:20.0796 3748 Dhcp - ok

22:24:20.0812 3748 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

22:24:20.0828 3748 Disk - ok

22:24:20.0890 3748 [ 7496908263A7C08DD8CCA9BADF053EE1 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

22:24:20.0906 3748 Diskeeper - ok

22:24:20.0906 3748 dmadmin - ok

22:24:20.0953 3748 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

22:24:20.0984 3748 dmboot - ok

22:24:21.0015 3748 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

22:24:21.0015 3748 dmio - ok

22:24:21.0046 3748 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

22:24:21.0046 3748 dmload - ok

22:24:21.0062 3748 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

22:24:21.0062 3748 dmserver - ok

22:24:21.0093 3748 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

22:24:21.0093 3748 DMusic - ok

22:24:21.0109 3748 [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

22:24:21.0125 3748 Dnscache - ok

22:24:21.0140 3748 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

22:24:21.0140 3748 Dot3svc - ok

22:24:21.0156 3748 dpti2o - ok

22:24:21.0171 3748 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

22:24:21.0218 3748 drmkaud - ok

22:24:21.0234 3748 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

22:24:21.0234 3748 EapHost - ok

22:24:21.0265 3748 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

22:24:21.0281 3748 ERSvc - ok

22:24:21.0312 3748 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog C:\WINDOWS\system32\services.exe

22:24:21.0312 3748 Eventlog - ok

22:24:21.0375 3748 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINDOWS\system32\es.dll

22:24:21.0375 3748 EventSystem - ok

22:24:21.0406 3748 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys

22:24:21.0406 3748 exFat - ok

22:24:21.0421 3748 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

22:24:21.0437 3748 Fastfat - ok

22:24:21.0468 3748 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

22:24:21.0484 3748 FastUserSwitchingCompatibility - ok

22:24:21.0515 3748 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

22:24:21.0515 3748 Fdc - ok

22:24:21.0531 3748 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

22:24:21.0531 3748 Fips - ok

22:24:21.0531 3748 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

22:24:21.0531 3748 Flpydisk - ok

22:24:21.0593 3748 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

22:24:21.0593 3748 FltMgr - ok

22:24:21.0671 3748 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:24:21.0671 3748 FontCache3.0.0.0 - ok

22:24:21.0703 3748 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:24:21.0718 3748 Fs_Rec - ok

22:24:21.0734 3748 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:24:21.0734 3748 Ftdisk - ok

22:24:21.0750 3748 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:24:21.0750 3748 Gpc - ok

22:24:21.0765 3748 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:24:21.0781 3748 HDAudBus - ok

22:24:21.0812 3748 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:24:21.0828 3748 helpsvc - ok

22:24:21.0828 3748 HidServ - ok

22:24:21.0859 3748 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:24:21.0859 3748 HidUsb - ok

22:24:21.0875 3748 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

22:24:21.0875 3748 hkmsvc - ok

22:24:21.0890 3748 hpn - ok

22:24:21.0906 3748 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

22:24:21.0906 3748 HPZius12 - ok

22:24:21.0953 3748 [ 7D33D2B81BD8B4BC51B536B113295D51 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

22:24:21.0953 3748 HSFHWAZL - ok

22:24:22.0000 3748 [ FB6AD8A16E22C91D5978B26E0300A331 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

22:24:22.0031 3748 HSF_DPV - ok

22:24:22.0062 3748 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

22:24:22.0062 3748 HTTP - ok

22:24:22.0093 3748 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

22:24:22.0093 3748 HTTPFilter - ok

22:24:22.0109 3748 i2omgmt - ok

22:24:22.0109 3748 i2omp - ok

22:24:22.0140 3748 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:24:22.0140 3748 i8042prt - ok

22:24:22.0265 3748 [ C5DB546F9028CD00E64335091860D8F3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

22:24:22.0312 3748 ialm - ok

22:24:22.0375 3748 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:24:22.0406 3748 idsvc - ok

22:24:22.0484 3748 [ 04E385059DA704EC6659DDB1526C4193 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd32.sys

22:24:22.0546 3748 igfx - ok

22:24:22.0656 3748 [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

22:24:22.0656 3748 IJPLMSVC - ok

22:24:22.0687 3748 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

22:24:22.0687 3748 Imapi - ok

22:24:22.0718 3748 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

22:24:22.0718 3748 ImapiService - ok

22:24:22.0734 3748 ini910u - ok

22:24:22.0765 3748 [ F89849CF13805EF49DA64A8A63193AF7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys

22:24:22.0765 3748 Inspect - ok

22:24:22.0953 3748 [ 9C17560E7C3795BAD07B9EC9C479BEAE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

22:24:23.0000 3748 IntcAzAudAddService - ok

22:24:23.0015 3748 IntelIde - ok

22:24:23.0046 3748 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:24:23.0046 3748 intelppm - ok

22:24:23.0125 3748 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

22:24:23.0125 3748 IntuitUpdateService - ok

22:24:23.0156 3748 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

22:24:23.0156 3748 Ip6Fw - ok

22:24:23.0187 3748 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:24:23.0187 3748 IpFilterDriver - ok

22:24:23.0218 3748 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:24:23.0218 3748 IpInIp - ok

22:24:23.0234 3748 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:24:23.0234 3748 IpNat - ok

22:24:23.0250 3748 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:24:23.0250 3748 IPSec - ok

22:24:23.0281 3748 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys

22:24:23.0281 3748 irda - ok

22:24:23.0312 3748 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

22:24:23.0312 3748 IRENUM - ok

22:24:23.0328 3748 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll

22:24:23.0328 3748 Irmon - ok

22:24:23.0375 3748 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:24:23.0375 3748 isapnp - ok

22:24:23.0625 3748 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

22:24:23.0625 3748 JavaQuickStarterService - ok

22:24:23.0687 3748 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:24:23.0687 3748 Kbdclass - ok

22:24:23.0734 3748 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

22:24:23.0734 3748 kmixer - ok

22:24:23.0781 3748 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

22:24:23.0781 3748 KSecDD - ok

22:24:23.0828 3748 [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

22:24:23.0828 3748 LanmanServer - ok

22:24:23.0875 3748 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

22:24:23.0906 3748 lanmanworkstation - ok

22:24:23.0906 3748 lbrtfdc - ok

22:24:23.0937 3748 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

22:24:23.0953 3748 LmHosts - ok

22:24:23.0984 3748 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

22:24:23.0984 3748 MBAMProtector - ok

22:24:24.0062 3748 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:24:24.0062 3748 MBAMScheduler - ok

22:24:24.0093 3748 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

22:24:24.0109 3748 MBAMService - ok

22:24:24.0140 3748 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

22:24:24.0140 3748 mdmxsdk - ok

22:24:24.0156 3748 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

22:24:24.0156 3748 Messenger - ok

22:24:24.0203 3748 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

22:24:24.0218 3748 Microsoft Office Groove Audit Service - ok

22:24:24.0281 3748 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

22:24:24.0281 3748 Modem - ok

22:24:24.0328 3748 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:24:24.0343 3748 Mouclass - ok

22:24:24.0406 3748 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:24:24.0406 3748 mouhid - ok

22:24:24.0421 3748 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

22:24:24.0421 3748 MountMgr - ok

22:24:24.0421 3748 mraid35x - ok

22:24:24.0453 3748 [ 65E818C473E220B6AB762E1966296FD1 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:24:24.0453 3748 MRxDAV - ok

22:24:24.0500 3748 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:24:24.0515 3748 MRxSmb - ok

22:24:24.0546 3748 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

22:24:24.0546 3748 MSDTC - ok

22:24:24.0578 3748 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

22:24:24.0578 3748 Msfs - ok

22:24:24.0578 3748 MSIServer - ok

22:24:24.0625 3748 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:24:24.0625 3748 MSKSSRV - ok

22:24:24.0625 3748 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:24:24.0640 3748 MSPCLOCK - ok

22:24:24.0656 3748 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

22:24:24.0656 3748 MSPQM - ok

22:24:24.0703 3748 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:24:24.0703 3748 mssmbios - ok

22:24:24.0718 3748 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

22:24:24.0718 3748 MSTEE - ok

22:24:24.0765 3748 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

22:24:24.0765 3748 Mup - ok

22:24:24.0781 3748 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:24:24.0781 3748 NABTSFEC - ok

22:24:24.0812 3748 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

22:24:24.0812 3748 napagent - ok

22:24:24.0828 3748 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

22:24:24.0843 3748 NDIS - ok

22:24:24.0859 3748 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:24:24.0859 3748 NdisIP - ok

22:24:24.0890 3748 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:24:24.0890 3748 NdisTapi - ok

22:24:24.0906 3748 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:24:24.0906 3748 Ndisuio - ok

22:24:24.0921 3748 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:24:24.0937 3748 NdisWan - ok

22:24:24.0968 3748 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

22:24:24.0968 3748 NDProxy - ok

22:24:24.0984 3748 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

22:24:24.0984 3748 NetBIOS - ok

22:24:25.0015 3748 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

22:24:25.0015 3748 NetBT - ok

22:24:25.0031 3748 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

22:24:25.0031 3748 NetDDE - ok

22:24:25.0046 3748 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

22:24:25.0046 3748 NetDDEdsdm - ok

22:24:25.0078 3748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

22:24:25.0078 3748 Netlogon - ok

22:24:25.0093 3748 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

22:24:25.0109 3748 Netman - ok

22:24:25.0140 3748 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:24:25.0140 3748 NetTcpPortSharing - ok

22:24:25.0234 3748 [ D57258165ABA8162DE8E29D71487FC4B ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

22:24:25.0328 3748 NETw4x32 - ok

22:24:25.0468 3748 [ 05743FFFC2BC88CC8E426321BC6A762E ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

22:24:25.0562 3748 NETw5x32 - ok

22:24:25.0593 3748 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:24:25.0609 3748 NIC1394 - ok

22:24:25.0671 3748 [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla C:\WINDOWS\System32\mswsock.dll

22:24:25.0671 3748 Nla - ok

22:24:25.0703 3748 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

22:24:25.0703 3748 Npfs - ok

22:24:25.0718 3748 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys

22:24:25.0718 3748 NSCIRDA - ok

22:24:25.0750 3748 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

22:24:25.0765 3748 Ntfs - ok

22:24:25.0781 3748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

22:24:25.0796 3748 NtLmSsp - ok

22:24:25.0828 3748 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

22:24:25.0828 3748 NtmsSvc - ok

22:24:25.0859 3748 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

22:24:25.0859 3748 Null - ok

22:24:25.0875 3748 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:24:25.0875 3748 NwlnkFlt - ok

22:24:25.0890 3748 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:24:25.0890 3748 NwlnkFwd - ok

22:24:25.0984 3748 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:24:25.0984 3748 odserv - ok

22:24:26.0015 3748 [ 2553F7C60B8D291B5A812245E6D4DA6E ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:24:26.0031 3748 ohci1394 - ok

22:24:26.0046 3748 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:24:26.0046 3748 ose - ok

22:24:26.0093 3748 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

22:24:26.0093 3748 Parport - ok

22:24:26.0109 3748 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

22:24:26.0109 3748 PartMgr - ok

22:24:26.0125 3748 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

22:24:26.0140 3748 ParVdm - ok

22:24:26.0171 3748 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

22:24:26.0218 3748 PCI - ok

22:24:26.0234 3748 PCIDump - ok

22:24:26.0250 3748 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

22:24:26.0250 3748 PCIIde - ok

22:24:26.0265 3748 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

22:24:26.0281 3748 Pcmcia - ok

22:24:26.0281 3748 PDCOMP - ok

22:24:26.0296 3748 PDFRAME - ok

22:24:26.0312 3748 PDRELI - ok

22:24:26.0312 3748 PDRFRAME - ok

22:24:26.0343 3748 [ 4A108CC9CC0E0605E68CCE7021479879 ] PenClass C:\WINDOWS\system32\Drivers\PenClass.sys

22:24:26.0343 3748 PenClass - ok

22:24:26.0359 3748 perc2 - ok

22:24:26.0375 3748 perc2hib - ok

22:24:26.0406 3748 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay C:\WINDOWS\system32\services.exe

22:24:26.0421 3748 PlugPlay - ok

22:24:26.0437 3748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

22:24:26.0437 3748 PolicyAgent - ok

22:24:26.0453 3748 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:24:26.0453 3748 PptpMiniport - ok

22:24:26.0484 3748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

22:24:26.0484 3748 ProtectedStorage - ok

22:24:26.0500 3748 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

22:24:26.0500 3748 PSched - ok

22:24:26.0531 3748 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:24:26.0531 3748 Ptilink - ok

22:24:26.0531 3748 ql1080 - ok

22:24:26.0546 3748 Ql10wnt - ok

22:24:26.0562 3748 ql12160 - ok

22:24:26.0562 3748 ql1240 - ok

22:24:26.0578 3748 ql1280 - ok

22:24:26.0625 3748 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:24:26.0625 3748 RasAcd - ok

22:24:26.0656 3748 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

22:24:26.0656 3748 RasAuto - ok

22:24:26.0687 3748 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

22:24:26.0687 3748 Rasirda - ok

22:24:26.0718 3748 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:24:26.0718 3748 Rasl2tp - ok

22:24:26.0734 3748 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

22:24:26.0734 3748 RasMan - ok

22:24:26.0734 3748 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:24:26.0750 3748 RasPppoe - ok

22:24:26.0765 3748 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

22:24:26.0765 3748 Raspti - ok

22:24:26.0796 3748 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:24:26.0796 3748 Rdbss - ok

22:24:26.0812 3748 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:24:26.0812 3748 RDPCDD - ok

22:24:26.0843 3748 [ C694A927EB7C354F7AE97955043A9641 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:24:26.0843 3748 rdpdr - ok

22:24:26.0890 3748 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

22:24:26.0890 3748 RDPWD - ok

22:24:26.0921 3748 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

22:24:26.0921 3748 RDSessMgr - ok

22:24:26.0937 3748 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

22:24:26.0937 3748 redbook - ok

22:24:27.0015 3748 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

22:24:27.0015 3748 RemoteAccess - ok

22:24:27.0046 3748 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

22:24:27.0046 3748 RemoteRegistry - ok

22:24:27.0078 3748 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

22:24:27.0078 3748 RpcLocator - ok

22:24:27.0109 3748 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINDOWS\system32\rpcss.dll

22:24:27.0109 3748 RpcSs - ok

22:24:27.0140 3748 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys

22:24:27.0140 3748 rspndr - ok

22:24:27.0187 3748 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

22:24:27.0187 3748 RSVP - ok

22:24:27.0218 3748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

22:24:27.0218 3748 SamSs - ok

22:24:27.0250 3748 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

22:24:27.0265 3748 SCardSvr - ok

22:24:27.0281 3748 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

22:24:27.0296 3748 Schedule - ok

22:24:27.0312 3748 [ D4EFA70468110DBABB9BFE62E63AFA68 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys

22:24:27.0312 3748 sdbus - ok

22:24:27.0343 3748 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:24:27.0343 3748 Secdrv - ok

22:24:27.0343 3748 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

22:24:27.0359 3748 seclogon - ok

22:24:27.0359 3748 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

22:24:27.0375 3748 SENS - ok

22:24:27.0375 3748 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

22:24:27.0375 3748 Serial - ok

22:24:27.0406 3748 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

22:24:27.0406 3748 Sfloppy - ok

22:24:27.0437 3748 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

22:24:27.0437 3748 SharedAccess - ok

22:24:27.0468 3748 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

22:24:27.0468 3748 ShellHWDetection - ok

22:24:27.0484 3748 Simbad - ok

22:24:27.0562 3748 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

22:24:27.0562 3748 SkypeUpdate - ok

22:24:27.0578 3748 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:24:27.0578 3748 SLIP - ok

22:24:27.0593 3748 Sparrow - ok

22:24:27.0625 3748 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

22:24:27.0625 3748 splitter - ok

22:24:27.0656 3748 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

22:24:27.0656 3748 Spooler - ok

22:24:27.0671 3748 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

22:24:27.0687 3748 sr - ok

22:24:27.0703 3748 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

22:24:27.0718 3748 srservice - ok

22:24:27.0750 3748 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

22:24:27.0765 3748 Srv - ok

22:24:27.0796 3748 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

22:24:27.0812 3748 SSDPSRV - ok

22:24:27.0828 3748 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

22:24:27.0843 3748 stisvc - ok

22:24:27.0859 3748 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:24:27.0859 3748 streamip - ok

22:24:27.0875 3748 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

22:24:27.0875 3748 swenum - ok

22:24:27.0890 3748 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

22:24:27.0890 3748 swmidi - ok

22:24:27.0906 3748 SwPrv - ok

22:24:27.0921 3748 symc810 - ok

22:24:27.0937 3748 symc8xx - ok

22:24:27.0937 3748 sym_hi - ok

22:24:27.0953 3748 sym_u3 - ok

22:24:27.0984 3748 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

22:24:27.0984 3748 sysaudio - ok

22:24:28.0015 3748 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

22:24:28.0015 3748 SysmonLog - ok

22:24:28.0046 3748 [ F34AC959A168DABA26CE1213E210BC88 ] TabletService C:\WINDOWS\system32\Tablet.exe

22:24:28.0062 3748 TabletService - ok

22:24:28.0093 3748 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

22:24:28.0093 3748 TapiSrv - ok

22:24:28.0125 3748 [ BA8C046D98345129723E6BCAA1E8AB99 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:24:28.0125 3748 Tcpip - ok

22:24:28.0156 3748 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

22:24:28.0156 3748 TDPIPE - ok

22:24:28.0171 3748 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

22:24:28.0187 3748 TDTCP - ok

22:24:28.0218 3748 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

22:24:28.0234 3748 TermDD - ok

22:24:28.0296 3748 [ 37981A741AD7B04258E87129FFE79AB9 ] TermService C:\WINDOWS\System32\termsrv.dll

22:24:28.0296 3748 TermService - ok

22:24:28.0328 3748 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

22:24:28.0328 3748 Themes - ok

22:24:28.0375 3748 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

22:24:28.0375 3748 TlntSvr - ok

22:24:28.0375 3748 TosIde - ok

22:24:28.0406 3748 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

22:24:28.0406 3748 TrkWks - ok

22:24:28.0437 3748 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

22:24:28.0437 3748 Udfs - ok

22:24:28.0453 3748 ultra - ok

22:24:28.0484 3748 [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys

22:24:28.0484 3748 UnlockerDriver5 - ok

22:24:28.0515 3748 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

22:24:28.0531 3748 Update - ok

22:24:28.0562 3748 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe

22:24:28.0562 3748 UPHClean - ok

22:24:28.0593 3748 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

22:24:28.0609 3748 upnphost - ok

22:24:28.0625 3748 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

22:24:28.0625 3748 UPS - ok

22:24:28.0656 3748 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:24:28.0656 3748 usbccgp - ok

22:24:28.0687 3748 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:24:28.0687 3748 usbehci - ok

22:24:28.0718 3748 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:24:28.0718 3748 usbhub - ok

22:24:28.0781 3748 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:24:28.0781 3748 usbprint - ok

22:24:28.0796 3748 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:24:28.0796 3748 usbscan - ok

22:24:28.0828 3748 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:24:28.0828 3748 USBSTOR - ok

22:24:28.0859 3748 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:24:28.0859 3748 usbuhci - ok

22:24:28.0890 3748 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

22:24:28.0906 3748 usbvideo - ok

22:24:28.0921 3748 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

22:24:28.0921 3748 VgaSave - ok

22:24:28.0937 3748 ViaIde - ok

22:24:28.0953 3748 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

22:24:28.0953 3748 VolSnap - ok

22:24:28.0968 3748 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

22:24:28.0984 3748 VSS - ok

22:24:29.0000 3748 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time C:\WINDOWS\system32\w32time.dll

22:24:29.0000 3748 W32Time - ok

22:24:29.0031 3748 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:24:29.0031 3748 Wanarp - ok

22:24:29.0031 3748 WDICA - ok

22:24:29.0062 3748 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

22:24:29.0062 3748 wdmaud - ok

22:24:29.0078 3748 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

22:24:29.0093 3748 WebClient - ok

22:24:29.0125 3748 [ 9692AB8BA2DCD649A86B1B9B81154278 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

22:24:29.0156 3748 winachsf - ok

22:24:29.0265 3748 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

22:24:29.0265 3748 winmgmt - ok

22:24:29.0328 3748 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

22:24:29.0328 3748 WmdmPmSN - ok

22:24:29.0359 3748 [ C8A6C82F90B055149925DC7526B2D78C ] Wmi C:\WINDOWS\System32\advapi32.dll

22:24:29.0390 3748 Wmi - ok

22:24:29.0406 3748 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

22:24:29.0406 3748 WmiAcpi - ok

22:24:29.0453 3748 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:24:29.0453 3748 WmiApSrv - ok

22:24:29.0515 3748 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

22:24:29.0562 3748 WMPNetworkSvc - ok

22:24:29.0562 3748 WSearch - ok

22:24:29.0593 3748 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:24:29.0593 3748 WSTCODEC - ok

22:24:29.0625 3748 [ AAE1A6FFBA2B0436E91795120F48C461 ] wuauserv C:\WINDOWS\system32\wuauserv.dll

22:24:29.0625 3748 wuauserv - ok

22:24:29.0656 3748 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:24:29.0656 3748 WudfPf - ok

22:24:29.0656 3748 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:24:29.0671 3748 WudfRd - ok

22:24:29.0687 3748 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

22:24:29.0687 3748 WudfSvc - ok

22:24:29.0718 3748 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

22:24:29.0750 3748 WZCSVC - ok

22:24:29.0765 3748 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

22:24:29.0765 3748 xmlprov - ok

22:24:29.0796 3748 ================ Scan global ===============================

22:24:29.0812 3748 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

22:24:29.0859 3748 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll

22:24:29.0890 3748 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll

22:24:29.0921 3748 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] C:\WINDOWS\system32\services.exe

22:24:29.0921 3748 [Global] - ok

22:24:29.0921 3748 ================ Scan MBR ==================================

22:24:29.0937 3748 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

22:24:30.0171 3748 \Device\Harddisk0\DR0 - ok

22:24:30.0171 3748 ================ Scan VBR ==================================

22:24:30.0187 3748 [ 900C83A9FE7B641A92F0BD876A81FCDB ] \Device\Harddisk0\DR0\Partition1

22:24:30.0187 3748 \Device\Harddisk0\DR0\Partition1 - ok

22:24:30.0187 3748 ============================================================

22:24:30.0187 3748 Scan finished

22:24:30.0187 3748 ============================================================

22:24:30.0203 2660 Detected object count: 0

22:24:30.0203 2660 Actual detected object count: 0

YES, I can access Control Panel. It was fast the first time (opening it); second time was slow. I clicked 'Add Remove Programs' to check, and that was pretty slow to populate. I see some really strange items on there now, though, that I don't remember seeing before. 'Alt-Tab Switcher Powertoy for Windows XP', 'Microsoft.NET framework'... Anyway, sorry, I'll get back on track!

I cannot find Windows Security Center -- I hope it's not me overlooking something obvious, but I'm not sure where to access it.

Link to post
Share on other sites

.net Framework is not un-expected. Those are MS widgets. Normal !

Powertoy for XP you are another of your users must have gotten long ago. Not a danger. Normal.

XP Security Center should be seen off of Control Panel.

Do as much as possible of the following, at a point where you are not using the system.

Logoff and Restart the system fresh.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member chicacompu only. If you are a casual viewer, do NOT try this on your system!

If you are not chicacompu and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now ! i_arrow-l.gif

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now icon_question.gif

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

I disabled my Anti-Malware for the scan, but when I opened up COMODO Internet Security to reactivate my protection, the Defense + section said it had blocked intruders, and listed Combo-Fix.exe. >_< I didn't get any pop-ups or errors while running Combo-Fix, though, and you said not to run it more than once, so this is the log that it gave me:

ComboFix 13-03-12.02 - Owner 12.03.2013 20:48:14.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.352.1033.18.3062.2468 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\My Documents\~WRL0005.tmp

c:\documents and settings\Owner\WINDOWS

c:\windows\apppatch\AppLoc.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\ShellExt\CmdOpen.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))

.

.

2013-03-06 00:17 . 2013-03-06 00:18 -------- d-----w- c:\program files\ERUNT

2013-02-27 03:27 . 2013-02-27 03:27 16473456 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-02-19 03:22 . 2013-02-19 03:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2013-02-19 03:21 . 2013-02-19 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-02-19 03:21 . 2013-02-19 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-02-19 03:21 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-27 03:27 . 2011-11-26 19:12 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-27 03:27 . 2011-11-26 19:12 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-08 04:01 . 2013-02-08 04:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-02-08 04:01 . 2013-02-08 04:01 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-08 04:01 . 2010-09-06 19:11 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-02-08 04:01 . 2010-08-26 20:19 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:32 . 2009-04-20 18:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:45 . 2009-02-06 10:30 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:32 . 2009-04-20 18:19 1876224 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:48 . 2009-04-20 18:18 1292288 ----a-w- c:\windows\system32\quartz.dll

2013-01-02 06:48 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2012-12-26 20:16 . 2009-04-20 18:19 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16 . 2009-04-20 18:17 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16 . 2009-04-20 18:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40 . 2009-04-20 18:17 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:31 . 2009-04-20 18:16 290560 ----a-w- c:\windows\system32\atmfd.dll

2013-03-10 16:19 . 2013-02-27 03:44 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

.

.

c:\windows\System32\wscntfy.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files\AIM\aim.exe" [2010-05-21 3824472]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-08 16859136]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"EPSON Stylus C86 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE" [2003-11-25 99840]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-04-20 128512]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-3 113664]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 18 (0x12)

"NoSMConfigurePrograms"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

2006-06-07 17:35 319488 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

.

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [07.10.2011 19:48 18056]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [07.10.2011 19:48 494968]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [07.10.2011 19:48 31704]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [18.02.2013 23:21 398184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.02.2013 23:21 682344]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.02.2013 23:21 21104]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09.11.2012 12:21 160944]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-26 03:27]

.

2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-2139871995-1801674531-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 21:38]

.

2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-2139871995-1801674531-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 21:38]

.

2013-03-12 c:\windows\Tasks\User_Feed_Synchronization-{12AD6616-449D-4EFE-9BC4-7AADBCC43A19}.job

- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2uuarflz.default\

FF - ExtSQL: 2013-01-15 19:27; jid1-F9UJ2thwoAm5gQ@jetpack; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2uuarflz.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi

FF - ExtSQL: 2013-01-16 18:23; donottrackplus@abine.com; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2uuarflz.default\extensions\donottrackplus@abine.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-12 20:52

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(996)

c:\windows\system32\guard32.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'lsass.exe'(1064)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'csrss.exe'(964)

c:\windows\system32\cmdcsr.dll

.

Completion time: 2013-03-12 20:53:49

ComboFix-quarantined-files.txt 2013-03-13 00:53

.

Pre-Run: 289 741 139 968 bytes free

Post-Run: 289 936 715 776 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 6F2FB99DF5EC1EAF3F104896048391F7

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

ESET Online Scanner Log:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=670a9201bc75034a8b8262509f3fdc6d

# engine=13375

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-03-13 11:19:53

# local_time=2013-03-13 07:19:53 (-0500, Eastern Daylight Time)

# country="Luxembourg"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=3074 16777213 100 100 0 52971007 0 0

# scanned=46680

# found=0

# cleaned=0

# scan_time=2785

Security Check Log:

Results of screen317's Security Check version 0.99.61

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

Java 6 Update 30

Java 7 Update 13

Java version out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader XI

Mozilla Firefox (19.0.2)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 2%

````````````````````End of Log``````````````````````

I blue-screened again yesterday, said something like 'BAD_POOL_RUN' -- three words with underscores separating them. Otherwise I seem to be running okay as far as I can tell... I have not done a Malware Bytes scan or any other type of full system scan since instructed, should I go ahead and do so?

Thanks again for all of the help, Maurice! :>

Link to post
Share on other sites

Regarding the "blue screen STOP exception"

I need to have the STOP code information, along with any descriptive information :excl:

Your STOP screen info will look similar to this:

STOP-sample_zpsac08f8e3.gif

I need all the information from yours..... if and when the next time it happens.

Older versions of Java pose a security risk. Uninstall Java 6 Update 30

Java 7 Update 13

And if you do not need Java for the programs that you use, keep Java off your system .

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

As noted by Brian Krebs,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.