Jump to content

Recommended Posts

Hello,

I noticed today that the Malwarebytes icon in the system tray is grey, not blue. When I opened it, the checkbox for "Enable malicious website blocking" was not checked, nor could I check it. I ran, "Perform Full Scan" but nothing was detected.

I have copied/pasted the following.

  • mbam-log
  • protection-log
  • dds.txt
  • attach.txt

Thank-you in advance for your help,

Frank

mbam-log

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.05.12

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Frank :: VM-1100 [administrator]

Protection: Enabled

3/5/2013 1:29:45 PM

mbam-log-2013-03-05 (13-29-45).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 455303

Time elapsed: 2 hour(s), 34 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

protection-log

2013/03/05 12:30:17 -0700 VM-1100 MESSAGE Executing scheduled update: Daily

2013/03/05 12:31:08 -0700 VM-1100 MESSAGE Scheduled update executed successfully: database updated from version v2013.03.04.09 to version v2013.03.05.12

2013/03/05 12:31:08 -0700 VM-1100 MESSAGE Starting database refresh

2013/03/05 12:31:14 -0700 VM-1100 MESSAGE Database refreshed successfully

2013/03/05 12:51:50 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:51:51 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:52:56 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:52:57 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:52:58 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:52:58 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:53:00 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:53:00 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:55:04 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:55:04 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:55:05 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:55:05 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:55:07 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:55:07 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:55:42 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:55:42 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:55:44 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:55:44 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:55:44 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:55:44 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 12:55:49 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 12:55:49 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 13:09:28 -0700 VM-1100 MESSAGE Starting protection

2013/03/05 13:09:28 -0700 VM-1100 MESSAGE Protection started successfully

2013/03/05 13:09:28 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 13:10:53 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 13:12:13 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 13:12:13 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 13:12:13 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 13:12:14 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 13:12:14 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 13:12:14 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 13:12:17 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 13:12:17 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 13:24:58 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 13:24:58 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 13:25:04 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 13:25:04 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 16:04:55 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 16:04:55 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 16:04:56 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 16:04:56 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 16:04:56 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 16:04:56 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

2013/03/05 16:20:40 -0700 VM-1100 MESSAGE Starting IP protection

2013/03/05 16:20:40 -0700 VM-1100 ERROR IP protection failed: PfMakeLog failed with error code 21

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2

Run by Frank at 16:12:08 on 2013-03-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3323.2061 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\sttray.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Google Update] "c:\documents and settings\frank\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.2.6)_Gecko/20100625_Firefox/3.6.6_(_.NET_CLR_3.5.30729)" -"http://cc.porsche.com/pva_new/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1278010797181"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 11.0.0.1217

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: HideShutdownScripts = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\frank\application data\mozilla\firefox\profiles\v1a3hutf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: c:\documents and settings\frank\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\frank\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\frank\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\frank\application data\mozilla\plugins\npo1d.dll

FF - plugin: c:\documents and settings\frank\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\frank\local settings\application data\skype\skypewebplugin\npSkypeWebPlugin.dll

FF - plugin: c:\documents and settings\frank\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2013-02-28 23:16; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-2-28 49320]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-2-28 163784]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-23 765808]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-13 368248]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-13 29880]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-28 66408]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 45248]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-10 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-9 682344]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-9 21104]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

.

=============== Created Last 30 ================

.

2013-03-05 20:18:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-02-28 17:58:02 163784 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-02-28 17:58:01 66408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-02-28 17:58:01 49320 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-02-24 14:37:54 -------- d-----w- c:\program files\iPod

2013-02-24 14:37:48 -------- d-----w- c:\program files\iTunes

2013-02-24 14:37:48 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-02-16 18:18:35 8281168 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.391.0oemBingBarSetup-Partner.EXE

2013-02-15 22:31:23 186432 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2013-02-06 09:52:54 -------- d-----w- c:\program files\Mozilla Firefox.bak

.

==================== Find3M ====================

.

2013-03-05 20:17:40 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-05 20:17:40 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-03-05 20:17:39 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-02-28 08:36:37 765808 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-28 08:36:07 41664 ----a-w- c:\windows\avastSS.scr

2013-02-26 20:50:00 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-26 20:50:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll

2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-10 23:20:30 207880 ----a-w- c:\program files\bigfishgames_p54055583_s1_l1.exe

2009-10-10 23:05:49 207880 ----a-w- c:\program files\bigfishgames_p50309728_s1_l1.exe

2009-10-10 23:04:16 207880 ----a-w- c:\program files\bigfishgames_p51573434_s1_l1.exe

.

============= FINISH: 16:12:23.76 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 12/16/2007 1:06:23 PM

System Uptime: 3/5/2013 1:08:10 PM (3 hours ago)

.

Motherboard: Intel Corporation | | DG33TL

Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz | J1PR | 2325/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 164.768 GiB free.

D: is FIXED (NTFS) - 233 GiB total, 60.792 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1763: 12/6/2012 4:59:43 AM - System Checkpoint

RP1764: 12/7/2012 5:59:48 AM - System Checkpoint

RP1765: 12/8/2012 6:11:50 AM - System Checkpoint

RP1766: 12/9/2012 7:11:43 AM - System Checkpoint

RP1767: 12/10/2012 1:51:06 PM - System Checkpoint

RP1768: 12/11/2012 3:50:02 PM - System Checkpoint

RP1769: 12/12/2012 4:19:16 PM - System Checkpoint

RP1770: 12/13/2012 3:00:15 AM - Software Distribution Service 3.0

RP1771: 12/14/2012 3:27:03 AM - System Checkpoint

RP1772: 12/15/2012 4:27:02 AM - System Checkpoint

RP1773: 12/16/2012 4:39:02 AM - System Checkpoint

RP1774: 12/17/2012 7:40:22 AM - System Checkpoint

RP1775: 12/18/2012 9:33:13 AM - System Checkpoint

RP1776: 12/19/2012 9:37:25 AM - System Checkpoint

RP1777: 12/20/2012 1:08:28 PM - System Checkpoint

RP1778: 12/21/2012 3:00:15 AM - Software Distribution Service 3.0

RP1779: 12/22/2012 3:21:10 AM - System Checkpoint

RP1780: 12/23/2012 3:22:22 AM - System Checkpoint

RP1781: 12/24/2012 4:22:23 AM - System Checkpoint

RP1782: 12/25/2012 4:23:31 AM - System Checkpoint

RP1783: 12/26/2012 5:22:24 AM - System Checkpoint

RP1784: 12/27/2012 6:22:22 AM - System Checkpoint

RP1785: 12/28/2012 6:34:32 AM - System Checkpoint

RP1786: 12/29/2012 7:22:37 AM - System Checkpoint

RP1787: 12/30/2012 7:34:42 AM - System Checkpoint

RP1788: 12/31/2012 8:22:38 AM - System Checkpoint

RP1789: 1/1/2013 10:20:29 AM - System Checkpoint

RP1790: 1/2/2013 12:17:19 PM - System Checkpoint

RP1791: 1/3/2013 12:38:21 PM - System Checkpoint

RP1792: 1/3/2013 1:37:17 PM - Software Distribution Service 3.0

RP1793: 1/4/2013 2:53:48 PM - System Checkpoint

RP1794: 1/5/2013 3:22:48 PM - System Checkpoint

RP1795: 1/6/2013 4:22:48 PM - System Checkpoint

RP1796: 1/7/2013 5:41:58 PM - System Checkpoint

RP1797: 1/8/2013 5:52:41 PM - System Checkpoint

RP1798: 1/9/2013 6:22:50 PM - System Checkpoint

RP1799: 1/10/2013 3:00:16 AM - Software Distribution Service 3.0

RP1800: 1/11/2013 3:33:24 AM - System Checkpoint

RP1801: 1/12/2013 3:37:54 AM - System Checkpoint

RP1802: 1/13/2013 3:54:25 AM - System Checkpoint

RP1803: 1/14/2013 4:42:27 AM - System Checkpoint

RP1804: 1/14/2013 12:03:50 PM - Software Distribution Service 3.0

RP1805: 1/15/2013 12:20:39 PM - System Checkpoint

RP1806: 1/16/2013 7:23:43 AM - Installed Java 7 Update 11

RP1807: 1/17/2013 10:35:50 AM - System Checkpoint

RP1808: 1/18/2013 11:39:00 AM - System Checkpoint

RP1809: 1/19/2013 12:20:48 PM - System Checkpoint

RP1810: 1/20/2013 1:12:43 PM - System Checkpoint

RP1811: 1/21/2013 3:03:21 PM - System Checkpoint

RP1812: 1/22/2013 5:08:37 PM - System Checkpoint

RP1813: 1/23/2013 5:20:53 PM - System Checkpoint

RP1814: 1/24/2013 6:19:06 PM - System Checkpoint

RP1815: 1/25/2013 6:34:05 PM - System Checkpoint

RP1816: 1/26/2013 7:29:57 PM - System Checkpoint

RP1817: 1/28/2013 1:37:25 AM - System Checkpoint

RP1818: 1/29/2013 2:21:08 AM - System Checkpoint

RP1819: 1/30/2013 3:21:10 AM - System Checkpoint

RP1820: 1/31/2013 4:22:14 AM - System Checkpoint

RP1821: 2/1/2013 5:21:13 AM - System Checkpoint

RP1822: 2/2/2013 6:21:18 AM - System Checkpoint

RP1823: 2/3/2013 9:30:07 AM - System Checkpoint

RP1824: 2/4/2013 9:35:35 AM - Removed Java 7 Update 7

RP1825: 2/4/2013 9:36:11 AM - Installed Java 7 Update 13

RP1826: 2/5/2013 12:56:25 PM - System Checkpoint

RP1827: 2/6/2013 3:53:33 PM - System Checkpoint

RP1828: 2/7/2013 4:06:59 PM - System Checkpoint

RP1829: 2/8/2013 5:16:31 PM - System Checkpoint

RP1830: 2/9/2013 5:36:23 PM - System Checkpoint

RP1831: 2/10/2013 6:36:23 PM - System Checkpoint

RP1832: 2/11/2013 7:36:26 PM - System Checkpoint

RP1833: 2/12/2013 8:36:24 PM - System Checkpoint

RP1834: 2/13/2013 3:00:15 AM - Software Distribution Service 3.0

RP1835: 2/14/2013 3:31:59 AM - System Checkpoint

RP1836: 2/15/2013 3:32:10 AM - System Checkpoint

RP1837: 2/16/2013 4:32:10 AM - System Checkpoint

RP1838: 2/17/2013 4:44:09 AM - System Checkpoint

RP1839: 2/18/2013 5:32:09 AM - System Checkpoint

RP1840: 2/19/2013 8:13:05 AM - System Checkpoint

RP1841: 2/20/2013 8:32:10 AM - System Checkpoint

RP1842: 2/21/2013 12:16:18 PM - System Checkpoint

RP1843: 2/22/2013 12:32:26 PM - System Checkpoint

RP1844: 2/23/2013 12:32:57 PM - System Checkpoint

RP1845: 2/24/2013 1:32:27 PM - System Checkpoint

RP1846: 2/25/2013 4:49:57 PM - System Checkpoint

RP1847: 2/26/2013 5:32:26 PM - System Checkpoint

RP1848: 2/27/2013 5:49:04 PM - System Checkpoint

RP1849: 2/28/2013 7:17:22 PM - System Checkpoint

RP1850: 2/28/2013 11:15:44 PM - Removed Java 6 Update 31

RP1851: 2/28/2013 11:16:14 PM - Installed Java 6 Update 39

RP1852: 3/1/2013 11:57:07 PM - System Checkpoint

RP1853: 3/3/2013 12:05:05 AM - System Checkpoint

RP1854: 3/3/2013 8:03:48 AM - Removed Java 7 Update 13

RP1855: 3/3/2013 8:04:24 AM - Installed Java 7 Update 15

RP1856: 3/4/2013 12:17:35 PM - System Checkpoint

RP1857: 3/5/2013 1:16:38 PM - Removed Java 7 Update 15

RP1858: 3/5/2013 1:17:28 PM - Installed Java 7 Update 17

.

==== Installed Programs ======================

.

6200

6200_Help

6200Trb

7-Zip 4.65

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader X (10.1.6)

Adobe Shockwave Player 11.6

AiO_Scan

AiOSoftware

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Big Fish Games: Game Manager

Bing Bar

Bonjour

BufferChm

CDisplay 1.8

Cisco Connect

ConverterLite 0.1

Copy

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

CreativeProjects

CreativeProjectsTemplates

CueTour

Department 42: The Mystery of the Nine

Destinations

Digital Audio System

Director

DNA

DocProc

DocumentViewer

Drawn: The Painted Tower ™

Dream Chronicles: The Chosen Child

Dropbox

Facebook Plug-In

Fax

FLAC 1.2.1b (remove only)

Flickr Uploadr 2.5.0.15

Forgotten Riddles - The Mayan Princess

GeoGebra WebStart

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.0.0

Hide & Secret 3: Pharaoh's Quest

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 4.7

HP Image Zone 4.7

HP Product Assistant

HP Product Detection

HP PSC & OfficeJet 4.7

HP Update

HPSystemDiagnostics

InstantShare

InstantShareAlert

Intel® Management Engine Interface

Intel® PRO Network Connections Drivers

iriverter

iTunes

Ivory 1.0.1

Java 7 Update 17

Java Auto Updater

Java 6 Update 22

Java 6 Update 39

JavaFX 2.1.1

Junk Mail filter update

LifeTimer

Logitech Audio Echo Cancellation Component

Logitech Legacy USB Camera Driver Package

Logitech QuickCam

Logitech QuickCam Driver Package

Logitech Vid

Luxor 2

Machinarium

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

MediaMonkey 4.0

MediaMonkey AAC Plug-in 1.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows Journal Viewer

Microsoft XNA Framework Redistributable 3.1

MobileMe Control Panel

Moonwalk

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

Mp3tag v2.45a

MSN

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MVision

Myst III: Exile

Mystery Case Files: Return to Ravenhearst ™

Mystery Masterpiece: The Moonstone

Nero 8

neroxml

NVIDIA Drivers

NVIDIA nStant Media

OpenAL

OpenOffice.org 3.3

Othello v3.0

Palm Desktop

PanoStandAlone

PhotoGallery

PolyView 4.37

Princess Isabella: A Witch's Curse

ProductContext

PuppetShow: Mystery of Joyville ™

QFolder

QuickTime

Readme

Real Alternative 1.9.0 Lite

Realtek High Definition Audio Driver

Safari

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SigmaTel Audio

SkinsHP1

Skype Click to Call

Skype Web Plugin 1.9.10772.12905

Skype™ 6.1

Spades: The Card Game

Steam

SureThing CD Labeler 4 SE

swMSM

TrayApp

Uniblue RegistryBooster

Unity Web Player

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VCRedistSetup

VideoLAN VLC media player 0.8.6d

VisiPics V1.30

VUPlayer

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

3/5/2013 4:08:14 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Not enough storage is available to process this command.

3/5/2013 4:08:14 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Not enough storage is available to process this command.

3/1/2013 12:03:47 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

2/28/2013 6:49:47 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

2/28/2013 6:49:47 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/28/2013 6:49:46 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

2/27/2013 10:46:10 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

2/27/2013 10:46:10 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

2/27/2013 10:46:10 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hello Mr. Charlie,

Here is the RKreport.

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Frank [Admin rights]

Mode : Scan -- Date : 03/05/2013 16:56:33

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] CTHELPER.EXE -- C:\WINDOWS\CTHELPER.EXE [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725025VLA380 +++++

--- User ---

[MBR] 7ee04acf24b6f4ac52bf40842f88e0c9

[bSP] 823561e5d0e6d3686cc4db7a064aedf9 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT725025VLA380 +++++

--- User ---

[MBR] ebb3248b68c90a537343f1326df80353

[bSP] 618642948a23bb869e6899bf449d1aca : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03052013_02d1656.txt >>

RKreport[1]_S_03052013_02d1656.txt

Link to post
Share on other sites

Not much showing...lets run some scans:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

RogueKiller did create an RK_Quarantine folder on the desktop, do you need me to list the contents or is that contained in the RK log?

The anti-rootkit scan finished, no malware found. No clean-up required. Here are the two logs.

I checked, I have internet access, Windows Firewall is enabled and Windows Automatic Updated is enabled.

I still cannot check the box for Enable malicious website blocking.

Should I proceed with running the fixdamage tool?

Thank-you again for your help.

Regards,

Frank

mbar-log-2013-03-05 (17-38-28).txt

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

www.malwarebytes.org

Database version: v2013.03.05.14

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Frank :: VM-1100 [administrator]

3/5/2013 5:38:28 PM

mbar-log-2013-03-05 (17-38-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 29573

Time elapsed: 14 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

system-log.txt

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_39

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.325000 GHz

Memory total: 3483955200, free: 2448056320

------------ Kernel report ------------

03/05/2013 17:22:26

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

aswVmm.sys

aswRvrt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HECI.sys

\SystemRoot\system32\DRIVERS\e1e5132.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\drivers\pfc.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\ctaud2k.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ctoss2k.sys

\SystemRoot\system32\drivers\ctprxy2k.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\ha10kx2k.sys

\SystemRoot\system32\drivers\emupia2k.sys

\SystemRoot\system32\drivers\ctsfm2k.sys

\SystemRoot\system32\drivers\ctac32k.sys

\SystemRoot\system32\drivers\sthda.sys

\SystemRoot\system32\drivers\sfng32.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\System32\Drivers\aswRdr.SYS

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\lvuvcflt.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LVMVDrv.sys

\SystemRoot\system32\drivers\LVUSBSta.sys

\SystemRoot\system32\DRIVERS\lvuvc.sys

\SystemRoot\system32\DRIVERS\lvpopflt.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\LVcKap.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\PfModNT.sys

\SystemRoot\system32\DRIVERS\LVPr2Mon.sys

\??\C:\DOCUME~1\Frank\LOCALS~1\Temp\mbr.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff8b189ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\

Lower Device Object: 0xffffffff8b18ed98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8b1eeab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\

Lower Device Object: 0xffffffff8b1ebb00

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2013.03.05.14

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8b1eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8b1d0e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8b1eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8b1c49e8, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8b1ebb00, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffffffff2a46bd8, 0xffffffff8b1eeab8, 0xffffffff88178a38

Lower DeviceData: 0xffffffffea279c80, 0xffffffff8b1ebb00, 0xffffffff892f5540

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E083E240

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 488392704

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8b189ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8b2332b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8b189ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8b1ed9e8, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8b18ed98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe39004a0, 0xffffffff8b189ab8, 0xffffffff870bc180

Lower DeviceData: 0xffffffffe1091538, 0xffffffff8b18ed98, 0xffffffff894c5950

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 31BDD409

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 488392002

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Read File: File "c:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.dat" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.lan" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.par" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\instance.dat" is compressed (flags = 1)

Done!

Scan finished

Link to post
Share on other sites

Don't worry about that folder.

No need to run fixdamage tool.

-------------------------------

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I downloaded Combofix to my desktop, disabled Avast and Malwarebytes. I ran Combofix from my desktop, it installed the MS Windows recovery console. I saw messages saying it had completed the first couple of stages and walked away. When I came back, my system had rebooted. There was a message saying my pc had been restarted due to a very serious problem.

When my PC reboots, my account requires a password to be entered. I have just now removed this, thinking perhaps it caused a problem.

There was no log file, ComboFix.txt on my C drive. There is a very odd directory structure now; I'm seeing my drives in Windows Explorer; C, D, E, F and when I look at the C drive there's a folder for C:\Combofix and under that folder, my drives are listed again. If I look at the Combfix folder under this level, the drives are listed again and when I look at the Combofix folder under this listing, the pattern repeats.

Thank-you for your help. What should I do next?

Link to post
Share on other sites

Other than the weird directory structure I mentioned earlier, the computer seems OK.

Should I uninstall combofix?

FYI - I do have the restore point I created yesterday prior to running the Malwarebytes Anti-Rootkit, should I restore to it and download Combofix again and try running it again? Should I stop throwing these ideas out there and just wait for you to tell me what to do? :)

Link to post
Share on other sites

I used the restore point I created yesterday prior to running the Malwarebytes Anti-Rootkit. While there isn't a Combofix icon on my desktop any longer, there is a Combofix folder. Along with many other files, the folder contains a Combofix.txt file with a date/time stamp of 3/6/2013 8:24 AM. The contents are as shown below.

ComboFix 13-03-05.01 - Frank 03/06/2013 8:24:14.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3323.2616 [GMT -7:00]

Running from: C:\Documents and Settings\Frank\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

Link to post
Share on other sites

I ran CF_UNINST.EXE and got a pop-up saying Done! However, I am still seeing the ComboFix folder (211 files, 1 folder).

Shouldn't these have been removed by the uninstall? Should I delete these manually?

When I looked at the properties of the CF_UNINST.EXE icon on my desktop, the field label Security, has this text "This file came from another computer and might be blocked to help protect this computer." There is an Unblock button. Do I need to unblock and run the uninstaller again?

Link to post
Share on other sites

The name of the folder is ComboFix. It has 211 files under it. It has one sub-folder named "N_". The N_ sub-folder has one file named 16224 with no file extension.

Here are the files in the ComboFix folder. Name Size Last Modified 023.dat 53 KB 3/6/2013 8:05:19 AM 023v.dat 3 KB 11/26/2010 12:07:20 PM 023w7.dat 1 KB 2/12/2010 10:55:28 AM <a class="file">

Link to post
Share on other sites

The name of the folder is ComboFix. It has 211 files under it. It has one sub-folder named "N_". The N_ sub-folder has one file named 16224 with no file extension.

Here are the files in the ComboFix folder. Name Size Last Modified 023.dat 53 KB 3/6/2013 8:05:19 AM 023v.dat 3 KB 11/26/2010 12:07:20 PM 023w7.dat 1 KB 2/12/2010 10:55:28 AM <a class="file">

Link to post
Share on other sites

Unfortunately I forgot to launch ComboFix in safe mode but fortunately it ran to completion.

<p>ComboFix 13-03-05.01 - Frank 03/06/2013 15:57:51.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3323.2637 [GMT -7:00]

Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Frank\flac-1.2.1b.exe

c:\documents and settings\Frank\WINDOWS

c:\program files\bigfishgames_p50309728_s1_l1.exe

c:\program files\bigfishgames_p51573434_s1_l1.exe

c:\program files\bigfishgames_p54055583_s1_l1.exe

c:\program files\Luxor 2

c:\program files\Luxor 2\3rdparty.gvf

c:\program files\Luxor 2\activation_info.xml

c:\program files\Luxor 2\assets\splashscreen.jpg

c:\program files\Luxor 2\bfgstate.xml

c:\program files\Luxor 2\data.mjz

c:\program files\Luxor 2\DSETUP.dll

c:\program files\Luxor 2\engine.dll

c:\program files\Luxor 2\file.dll

c:\program files\Luxor 2\fmodex.dll

c:\program files\Luxor 2\gfx.dll

c:\program files\Luxor 2\gfx_dd7.dll

c:\program files\Luxor 2\gfx_dx8.dll

c:\program files\Luxor 2\img_jpg.dll

c:\program files\Luxor 2\img_png.dll

c:\program files\Luxor 2\img_tga.dll

c:\program files\Luxor 2\LaunchGame.bfg

c:\program files\Luxor 2\locale\english.mjz

c:\program files\Luxor 2\logger.dll

c:\program files\Luxor 2\Luxor 2.exe

c:\program files\Luxor 2\pics\175x150.swf

c:\program files\Luxor 2\pics\60x40.jpg

c:\program files\Luxor 2\pics\80x80.jpg

c:\program files\Luxor 2\pics\feature.jpg

c:\program files\Luxor 2\pics\luxor2_175x150.swf

c:\program files\Luxor 2\platform.dll

c:\program files\Luxor 2\Read_Me.html

c:\program files\Luxor 2\snd3d.dll

c:\program files\Luxor 2\snd3d_fmod.dll

c:\program files\Luxor 2\thread.dll

c:\program files\Luxor 2\Uninstall.exe

c:\program files\Luxor 2\UnlockGame.bfg

c:\program files\Luxor 2\wxrgvcj.exe

c:\windows\system32\SET1EB.tmp

c:\windows\system32\SET1ED.tmp

c:\windows\system32\SET1F2.tmp

c:\windows\system32\SET1F9.tmp

c:\windows\system32\Thumbs.db

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-02-06 to 2013-03-06 )))))))))))))))))))))))))))))))

.

.

2013-03-06 17:22 . 2013-03-06 17:22 -------- d-----w- c:\windows\system32\wbem\Repository

2013-03-06 15:05 . 2013-03-06 17:21 -------- d-----w- C:\ABC ComboFix

2013-03-05 20:18 . 2013-03-05 20:17 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-02-28 17:58 . 2013-02-28 08:36 163784 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-02-28 17:58 . 2013-02-28 08:36  %2

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.