lgalante Posted May 17, 2013 ID:680860 Share Posted May 17, 2013 Can someone tell me if they see what's causing the problem? The below is the log from hijackthis:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:28:20 PM, on 5/17/2013Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exeC:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeC:\WINDOWS\system32\svchost.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\IPS\IPSBHO.DLLO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\coIEPlg.dllO4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367286251796O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exeO23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exeO23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\lou~1.her\locals~1\temp\cdm\{18a10932-bce4-4e5c-8d03-f5119e32204b}\STacSV.exe (file missing)--End of file - 5741 bytes Link to post Share on other sites More sharing options...
MrCharlie Posted May 17, 2013 ID:680863 Share Posted May 17, 2013 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.<====><====><====><====><====><====><====><====>Next................Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller 32 bit to your desktop.RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)MrCNote:Please read all of my instructions completely including these.Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
lgalante Posted May 17, 2013 Author ID:680864 Share Posted May 17, 2013 RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Lou [Admin rights]Mode : Scan -- Date : 05/17/2013 13:03:02| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A0959A0)SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A095A80)SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A737400)SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A095148)SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8AB6B250)SSDT[43] : NtCreateMutant @ 0x806177F2 -> HOOKED (Unknown @ 0x8A0956F0)SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x89FEAF60)SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A737888)SSDT[57] : NtDebugActiveProcess @ 0x80643C82 -> HOOKED (Unknown @ 0x8A095228)SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A7375D0)SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A7371B8)SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9332 -> HOOKED (Unknown @ 0x8A0957E0)SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A0958C0)SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A83DC00)SSDT[108] : unknown @ 0x805B2042 -> HOOKED (Unknown @ 0x8A7370B8)SSDT[114] : NtOpenEvent @ 0x8060F1B0 -> HOOKED (Unknown @ 0x8A095610)SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A737770)SSDT[123] : NtOpenProcessToken @ 0x805EE000 -> HOOKED (Unknown @ 0x8A7374F0)SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A095450)SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A7376A0)SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8A095058)SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A095B60)SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A095E00)SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A095EE0)SSDT[240] : NtSetSystemInformation @ 0x8060FE68 -> HOOKED (Unknown @ 0x8A095308)SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A095530)SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A095C40)SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A78C7F0)SSDT[258] : unknown @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A095D20)SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A095FD0)SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A7372A8)S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AC0D1D0)S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AC01140)S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8ABFEE50)S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AC02528)S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AD9CFC0)S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8AC75440)S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8AD72F78)S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8AD8A008)S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8AEDA4B8)S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AC88688)IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8ADC8F3B)¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3250410AS +++++--- User ---[MBR] 0d9b0351e1bbe8591cfab4141d56e257[bSP] 5d4db1f5caaf845802fc3bfbf738bfb5 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] 1e5b9c4feb7de06276edef79b6b2aa0d[bSP] 92ce88c3bc6cdac424b20b3121993001 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 MoFinished : << RKreport[3]_S_05172013_02d1303.txt >>RKreport[1]_S_05172013_02d1250.txt ; RKreport[2]_D_05172013_02d1251.txt ; RKreport[3]_S_05172013_02d1303.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 17, 2013 ID:680866 Share Posted May 17, 2013 I need to see the 2 logs from DDS, MrC Link to post Share on other sites More sharing options...
lgalante Posted May 17, 2013 Author ID:680935 Share Posted May 17, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 12/20/2009 12:08:39 PMSystem Uptime: 5/17/2013 4:35:09 PM (0 hours ago).Motherboard: Intel Corporation | | DG33TLProcessor: Intel Pentium III Xeon processor | J1PR | 2992/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 233 GiB total, 164.464 GiB free.D: is RemovableE: is RemovableF: is RemovableG: is RemovableH: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: PCI Simple Communications ControllerDevice ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&61AAA01&0&18Manufacturer:Name: PCI Simple Communications ControllerPNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&61AAA01&0&18Service:.Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}Description: Audio Device on High Definition Audio BusDevice ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7627&SUBSYS_80864001&REV_1002\4&D766753&0&0201Manufacturer:Name: Audio Device on High Definition Audio BusPNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7627&SUBSYS_80864001&REV_1002\4&D766753&0&0201Service:.Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: SM Bus ControllerDevice ID: PCI\VEN_8086&DEV_2930&SUBSYS_50448086&REV_02\3&61AAA01&0&FBManufacturer:Name: SM Bus ControllerPNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_50448086&REV_02\3&61AAA01&0&FBService:.==== System Restore Points ===================.RP1050: 2/17/2013 9:05:23 PM - System CheckpointRP1051: 2/19/2013 2:46:12 PM - System CheckpointRP1052: 2/20/2013 6:27:20 PM - System CheckpointRP1053: 2/22/2013 10:10:24 AM - System CheckpointRP1054: 2/23/2013 12:52:26 PM - System CheckpointRP1055: 2/24/2013 1:04:51 PM - System CheckpointRP1056: 2/25/2013 6:41:48 PM - System CheckpointRP1057: 2/27/2013 9:02:50 AM - System CheckpointRP1058: 2/28/2013 5:51:40 PM - System CheckpointRP1059: 3/1/2013 6:29:28 PM - System CheckpointRP1060: 3/4/2013 8:52:27 AM - System CheckpointRP1061: 3/6/2013 2:32:01 PM - System CheckpointRP1062: 3/10/2013 11:33:18 AM - System CheckpointRP1063: 3/11/2013 8:31:58 PM - System CheckpointRP1064: 3/13/2013 7:57:45 AM - System CheckpointRP1065: 3/14/2013 11:39:19 AM - System CheckpointRP1066: 3/15/2013 4:52:00 PM - System CheckpointRP1067: 3/17/2013 9:28:06 PM - System CheckpointRP1068: 3/20/2013 9:54:31 AM - System CheckpointRP1069: 3/24/2013 8:48:35 PM - System CheckpointRP1070: 3/26/2013 9:39:18 AM - System CheckpointRP1071: 3/28/2013 9:32:36 AM - System CheckpointRP1072: 3/30/2013 7:56:32 PM - System CheckpointRP1073: 3/31/2013 9:11:29 PM - System CheckpointRP1074: 4/3/2013 1:08:10 PM - System CheckpointRP1075: 4/5/2013 12:49:01 PM - System CheckpointRP1076: 4/7/2013 12:10:42 PM - System CheckpointRP1077: 4/7/2013 12:51:52 PM - Installed Strongvault Online BackupRP1078: 4/7/2013 1:02:32 PM - Removed Strongvault Online BackupRP1079: 4/7/2013 1:02:41 PM - Removed Strongvault Online BackupRP1080: 4/9/2013 8:34:58 AM - System CheckpointRP1081: 4/11/2013 8:54:54 AM - System CheckpointRP1082: 4/13/2013 11:41:18 AM - System CheckpointRP1083: 4/14/2013 9:17:41 PM - System CheckpointRP1084: 4/15/2013 9:38:36 PM - System CheckpointRP1085: 4/17/2013 9:10:54 AM - System CheckpointRP1086: 4/17/2013 8:49:28 PM - Removed Java 6 Update 32RP1087: 4/17/2013 8:51:09 PM - Installed Java 7 Update 21RP1088: 4/18/2013 6:29:45 PM - Removed InstallIQ UpdaterRP1089: 4/18/2013 6:42:17 PM - Removed SafariRP1090: 4/18/2013 6:43:11 PM - Removed MSXML 4.0 SP2 Parser and SDKRP1091: 4/18/2013 6:43:18 PM - Removed MSXML 6.0 Parser (KB933579)RP1092: 4/18/2013 6:43:55 PM - Removed Java 7 Update 21RP1093: 4/18/2013 6:44:38 PM - Removed Apple Mobile Device SupportRP1094: 4/18/2013 7:48:41 PM - Norton Security Suite RegistryRP1095: 4/18/2013 8:51:15 PM - Installed Windows Media Player 11RP1096: 4/18/2013 8:52:12 PM - Installed Windows XP Wudf01000.RP1097: 4/20/2013 1:55:45 PM - System CheckpointRP1098: 4/21/2013 2:36:02 PM - System CheckpointRP1099: 4/22/2013 8:51:51 PM - System CheckpointRP1100: 4/24/2013 6:41:39 PM - System CheckpointRP1101: 4/26/2013 9:16:42 AM - System CheckpointRP1102: 4/28/2013 12:55:33 PM - Restore OperationRP1103: 4/28/2013 1:05:28 PM - Restore OperationRP1104: 4/28/2013 1:10:22 PM - Restore OperationRP1105: 4/28/2013 2:46:16 PM - Software Distribution Service 3.0RP1106: 4/28/2013 3:19:46 PM - Software Distribution Service 3.0RP1107: 4/28/2013 4:02:41 PM - Software Distribution Service 3.0RP1108: 4/29/2013 5:46:01 PM - System CheckpointRP1109: 5/1/2013 11:11:32 AM - System CheckpointRP1110: 5/4/2013 10:17:22 AM - Installed Driver Manager.RP1111: 5/4/2013 10:28:28 AM - Removed Driver Manager.RP1112: 5/5/2013 11:29:16 AM - Installed %1 %2.RP1113: 5/7/2013 1:01:00 PM - System CheckpointRP1114: 5/9/2013 8:48:40 AM - System CheckpointRP1115: 5/11/2013 11:09:56 PM - System CheckpointRP1116: 5/12/2013 11:56:15 PM - System CheckpointRP1117: 5/14/2013 8:06:00 AM - System CheckpointRP1118: 5/15/2013 9:34:50 AM - System CheckpointRP1119: 5/16/2013 9:40:49 AM - System Checkpoint.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7)Compatibility Pack for the 2007 Office systemFlipShareGoogle Update HelperHiJackThisHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976098-v2)Intel® Network Connections 14.8.43.0Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft IntelliPoint 5.2Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office File Validation Add-InMicrosoft Office Professional Edition 2003Microsoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Mozilla Firefox 12.0 (x86 en-US)NETGEAR XET1001 Powerline Encryption UtilityNorton PC CheckupNorton Security SuiteNVIDIA Display Control PanelNVIDIA DriversNVIDIA nView Desktop ManagerNVIDIA PhysXQuickTimeRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219-v2)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135-v2)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371-v2)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB976325)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982665)Spybot - Search & DestroyUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB973687)Update for Windows XP (KB973815)WebFldrs XPWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 7Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows PowerShell 1.0Windows XP Service Pack 3WinZip 16.5.==== Event Viewer Messages From Past Week ========.5/17/2013 12:54:55 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.5/17/2013 11:20:30 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.5/17/2013 1:03:01 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 6 time(s).5/16/2013 9:19:28 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 9 time(s).5/16/2013 9:19:28 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 7 time(s).5/16/2013 8:31:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}5/16/2013 8:11:17 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 17 time(s).5/12/2013 9:56:25 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.5/12/2013 9:55:31 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.5/12/2013 9:55:31 AM, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the path specified.5/12/2013 9:54:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}5/12/2013 9:54:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}5/12/2013 9:26:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip WS2IFSL5/12/2013 9:26:51 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 9:26:51 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 9:26:51 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 9:26:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 9:21:38 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. .5/12/2013 11:22:30 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 30 time(s).5/12/2013 11:22:30 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 24 time(s).5/12/2013 11:16:49 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 29 time(s).5/12/2013 11:16:49 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 23 time(s).5/12/2013 11:07:11 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 16 time(s).5/12/2013 11:07:11 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 16 time(s).5/12/2013 11:07:11 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 14 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The CryptSvc service terminated unexpectedly. It has done this 2 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The CryptSvc service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.5/12/2013 10:36:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI5/12/2013 10:29:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}5/12/2013 10:27:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}5/12/2013 1:44:00 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751).==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by Lou at 16:57:05 on 2013-05-17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2069 [GMT -4:00].AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *Enabled*.============== Running Processes ================.C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exeC:\Program Files\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exeC:\Program Files\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exeC:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.3.1.22\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.3.1.22\ips\ipsbho.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.3.1.22\coieplg.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.3.1.22\coieplg.dlluRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDrives = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367286251796DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{B89A7249-EAC8-4A04-B473-5AD489E2B4B6} : DHCPNameServer = 192.168.1.1SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\lou.here-9aeda77103\application data\mozilla\firefox\profiles\y46co8v7.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.search.selectedEngine - BingFF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN40941204103250614&UM=2&SearchSource=13FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm0025DUS&ptb=bZ3XGBZBnyevooKITmGZPw&psa=&ind=2010112222&ptnrS=RGxdm0025DUS&si=&st=kwd&n=77cfe0de&searchfor=FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npptools.dllFF - ExtSQL: !HIDDEN! 2012-06-09 17:45; links@rivalgaming.com; c:\documents and settings\lou.here-9aeda77103\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com.---- FIREFOX POLICIES ----FF - user.js: extensions.funmoods.hmpg - falseFF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtByBtDzzyDyD0DtByCyCtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=878585359FF - user.js: extensions.funmoods.dfltSrch - falseFF - user.js: extensions.funmoods.srchPrvdr - SearchFF - user.js: extensions.funmoods.dnsErr - trueFF - user.js: extensions.funmoods_i.newTab - falseFF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtByBtDzzyDyD0DtByCyCtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=878585359FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtByBtDzzyDyD0DtByCyCtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=878585359&q=FF - user.js: extensions.funmoods.id - 001CC0270855D266FF - user.js: extensions.funmoods.instlDay - 15552FF - user.js: extensions.funmoods.vrsn - 1.5.23.22FF - user.js: extensions.funmoods.vrsni - 1.5.23.22FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:12:26FF - user.js: extensions.funmoods.prtnrId - funmoodsFF - user.js: extensions.funmoods.prdct - funmoodsFF - user.js: extensions.funmoods.aflt - adknlgFF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods.tlbrId - baseFF - user.js: extensions.funmoods.instlRef - adknlgFF - user.js: extensions.funmoods.dfltLng -FF - user.js: extensions.funmoods.excTlbr - falseFF - user.js: extensions.funmoods.autoRvrt - falseFF - user.js: extensions.funmoods.envrmnt - productionFF - user.js: extensions.funmoods.isdcmntcmplt - trueFF - user.js: extensions.funmoods.mntrvrsn - 1.3.0FF - user.js: extensions.autoDisableScopes - 14.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\symds.sys [2013-5-16 367704]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\symefa.sys [2013-5-16 934488]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-4-18 34592]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130502.001\BHDrvx86.sys [2013-5-7 1000024]R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys [2013-5-16 134304]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\ironx86.sys [2013-5-16 175264]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-15 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-15 701512]R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.3.1.22\ccsvchst.exe [2013-5-16 144520]R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-12 132504]R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.7\ccSvcHst.exe [2010-11-23 126392]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-5-11 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130516.001\IDSXpx86.sys [2013-5-16 373728]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-15 22856]R3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130517.002\NAVENG.SYS [2013-5-17 93296]R3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130517.002\NAVEX15.SYS [2013-5-17 1603824]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]S3 XET1001Sp50;XET1001Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\XET1001Sp50.sys [2009-8-24 35256].=============== Created Last 30 ================.2013-05-17 15:28:10 388096 ----a-r- c:\documents and settings\lou.here-9aeda77103\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe2013-05-17 15:28:09 -------- d-----w- c:\program files\Trend Micro2013-05-17 02:00:52 934488 ----a-w- c:\windows\system32\drivers\n360\1403010.016\symefa.sys2013-05-17 02:00:52 394656 ----a-r- c:\windows\system32\drivers\n360\1403010.016\symtdi.sys2013-05-17 02:00:52 367704 ----a-w- c:\windows\system32\drivers\n360\1403010.016\symds.sys2013-05-17 02:00:52 350368 ----a-r- c:\windows\system32\drivers\n360\1403010.016\symtdiv.sys2013-05-17 02:00:52 338592 ----a-r- c:\windows\system32\drivers\n360\1403010.016\symnets.sys2013-05-17 02:00:52 32344 ----a-w- c:\windows\system32\drivers\n360\1403010.016\srtspx.sys2013-05-17 02:00:52 21400 ----a-r- c:\windows\system32\drivers\n360\1403010.016\symelam.sys2013-05-17 02:00:51 602712 ----a-w- c:\windows\system32\drivers\n360\1403010.016\srtsp.sys2013-05-17 02:00:51 175264 ----a-r- c:\windows\system32\drivers\n360\1403010.016\ironx86.sys2013-05-17 02:00:51 134304 ----a-w- c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys2013-05-17 02:00:29 14818 ----a-w- c:\windows\system32\drivers\n360\1403010.016\symvtcer.dat2013-05-17 02:00:29 -------- d-----w- c:\windows\system32\drivers\n360\1403010.0162013-05-17 01:45:11 -------- d-----w- c:\documents and settings\lou.here-9aeda77103\application data\SparkTrust2013-05-17 01:44:48 -------- d-----w- c:\documents and settings\all users.windows\application data\SparkTrust2013-05-16 01:16:34 9195912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-05-16 00:09:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-05-16 00:09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-05-16 00:04:36 -------- d-----w- c:\documents and settings\all users.windows\application data\PC Utility Kit2013-05-10 07:57:26 187456 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll2013-04-29 22:36:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-04-29 22:36:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-04-29 02:50:48 -------- d-sha-r- C:\cmdcons2013-04-29 02:45:47 98816 ----a-w- c:\windows\sed.exe2013-04-29 02:45:47 256000 ----a-w- c:\windows\PEV.exe2013-04-29 02:45:47 208896 ----a-w- c:\windows\MBR.exe2013-04-28 22:24:11 222448 ----a-w- c:\windows\system32\muweb.dll2013-04-28 18:52:05 164352 ----a-w- c:\windows\system32\staco.dll2013-04-28 18:52:04 23552 ----a-w- c:\windows\system32\wdmaud.drv2013-04-28 18:52:04 1271032 ----a-w- c:\windows\system32\drivers\sthda.sys2013-04-28 18:52:03 49408 ----a-w- c:\windows\system32\drivers\stream.sys2013-04-28 18:52:03 146048 ----a-w- c:\windows\system32\drivers\portcls.sys2013-04-28 18:52:01 4096 ----a-w- c:\windows\system32\ksuser.dll2013-04-28 18:52:01 141056 ----a-w- c:\windows\system32\drivers\ks.sys2013-04-28 18:52:01 129536 ----a-w- c:\windows\system32\ksproxy.ax2013-04-28 18:52:00 60160 ----a-w- c:\windows\system32\drivers\drmk.sys2013-04-19 20:48:45 -------- d-----w- c:\program files\Spybot - Search & Destroy2013-04-19 20:48:45 -------- d-----w- c:\documents and settings\all users.windows\application data\Spybot - Search & Destroy2013-04-19 16:28:14 -------- d-----w- c:\documents and settings\all users.windows\application data\IObit2013-04-19 00:51:01 34592 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-04-18 22:14:53 -------- d-----w- C:\temp2013-04-18 22:03:22 -------- d-----w- c:\documents and settings\lou.here-9aeda77103\application data\DriverCure2013-04-18 22:03:00 -------- d-----w- c:\documents and settings\all users.windows\application data\ParetoLogic2013-04-18 13:15:25 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2013-04-18 13:12:20 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys2013-04-18 13:12:20 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys2013-04-18 13:11:27 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2013-04-18 13:10:46 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll2013-04-18 13:09:43 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll2013-04-18 13:08:17 536576 -c----w- c:\windows\system32\dllcache\msado15.dll2013-04-18 13:08:13 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2013-04-18 13:06:48 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2013-04-18 13:05:05 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2013-04-18 13:04:24 105472 -c----w- c:\windows\system32\dllcache\mup.sys2013-04-18 13:00:23 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe2013-04-18 13:00:22 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys2013-04-18 12:56:00 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys2013-04-18 12:55:52 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll2013-04-18 12:55:52 3072 ------w- c:\windows\system32\iacenc.dll2013-04-18 12:48:56 45568 -c----w- c:\windows\system32\dllcache\wab.exe2013-04-18 02:06:20 -------- d-----w- c:\documents and settings\lou.here-9aeda77103\local settings\application data\Sun2013-04-18 00:48:11 275696 ----a-w- c:\windows\system32\mucltui.dll2013-04-18 00:48:11 17136 ----a-w- c:\windows\system32\mucltui.dll.mui.==================== Find3M ====================.2013-04-18 00:51:17 866720 ----a-w- c:\windows\system32\npdeployJava1.dll2013-04-18 00:51:17 788896 ----a-w- c:\windows\system32\deployJava1.dll2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-03-06 10:38:36 770384 ----a-w- c:\windows\system32\msvcr100.dll2013-03-06 10:38:36 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll.============= FINISH: 16:58:58.21 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted May 17, 2013 ID:680936 Share Posted May 17, 2013 Lots of adware showing too!Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
lgalante Posted May 17, 2013 Author ID:680946 Share Posted May 17, 2013 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.992000 GHzMemory total: 3210051584, free: 2033668096------------ Kernel report ------------ 05/17/2013 17:34:37------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSKSecDD.sysNtfs.sysNDIS.sysMup.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\e1e5132.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\System32\Drivers\Modem.SYS\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\N360\1403010.016\ccSetx86.sys\SystemRoot\system32\drivers\N360\1403010.016\Ironx86.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\1403010.016\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\SystemRoot\system32\DRIVERS\arp1394.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\usbprint.sys\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130516.001\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\ws2ifsl.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\drivers\N360\1403010.016\SRTSPX.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx86.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\ATMFD.DLL\??\C:\WINDOWS\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\System32\Drivers\N360\1403010.016\SRTSP.SYS\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130517.002\NAVEX15.SYS\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130517.002\NAVENG.SYS\??\C:\DOCUME~1\LOU~1.HER\LOCALS~1\Temp\mbr.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk4\DR5Upper Device Object: 0xffffffff89f581f8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008e\Lower Device Object: 0xffffffff8a7407f0Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstorInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk3\DR4Upper Device Object: 0xffffffff89f65ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008d\Lower Device Object: 0xffffffff89f35a08Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstor<<<1>>>Upper Device Name: \Device\Harddisk2\DR3Upper Device Object: 0xffffffff89fb3920Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008c\Lower Device Object: 0xffffffff8a6ceea0Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstor<<<1>>>Upper Device Name: \Device\Harddisk1\DR2Upper Device Object: 0xffffffff8abb8ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008b\Lower Device Object: 0xffffffff8abbbd70Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstor<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8af9fab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-7\Lower Device Object: 0xffffffff8afafb00Lower Device Driver Name: UnknownDriver name found: atapiInitialization returned 0x0Load Function returned 0x0Downloaded database version: v2013.05.17.07Downloaded database version: v2013.05.14.03Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8af9fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8afa1930, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8af9fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8afb03b8, DeviceName: \Device\00000075\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8afafb00, DeviceName: \Device\Ide\IdeDeviceP2T0L0-7\, DriverName: Unknown------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0xffffffffebdd6958, 0xffffffff8af9fab8, 0xffffffff8887cab8Lower DeviceData: 0xffffffffebc9f818, 0xffffffff8afafb00, 0xffffffff88c60a78<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...MBR buffers are not equalMBR is forged! [0c09dbfb6e001608950df0db533ee0d1]Inspecting partition table:MBR Signature: 55AADisk Signature: 6CB914EPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 488392002 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Replacement MBR for a drive 0 foundMBR infection found on drive 0Disk Size: 250059350016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff8abb8ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8abbb580, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8abb8ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8abbbd70, DeviceName: \Device\0000008b\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff89fb3920, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8ab693e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89fb3920, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a6ceea0, DeviceName: \Device\0000008c\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff89f65ab8, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8ab6a868, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89f65ab8, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff89f35a08, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff89f581f8, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8ab69e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89f581f8, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a7407f0, DeviceName: \Device\0000008e\, DriverName: \Driver\usbstor\------------ End ----------Done!Performing system, memory and registry scan...Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\Updater26766\Updater26766.exe --> [spyware.Password]Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater26766.exe --> [spyware.Password]Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\Updater26766\Updater26766.exe --> [spyware.Password]Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011341191} --> [PUP.GamePlayLab]Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011461139} --> [PUP.CrossFire.SA]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} --> [PUP.Funmoods]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} --> [PUP.Funmoods]Infected: HKCU\SOFTWARE\CROSSRIDER|215AppVerifier --> [Adware.GamePlayLab]Infected: HKCU\SOFTWARE\CROSSRIDER --> [Adware.GamePlayLab]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TidyNetwork.com --> [PUP.TidyNetwork]Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com --> [PUP.TidyNetwork]Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\sidTRUS02.tidy --> [PUP.TidyNetwork]Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll --> [PUP.TidyNetwork]Infected: HKCU\SOFTWARE\CLASSES\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS02.exe --> [PUP.TidyNetwork]Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe --> [PUP.TidyNetwork]Infected: c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log --> [PUP.TidyNetwork]Done!Scan finishedCreating System Restore point...Could not create restore point...Scheduling clean up...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occurred=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.992000 GHzMemory total: 3210051584, free: 2870415360Removal queue found; removal startedRemoving c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\Updater26766\Updater26766.exe...Removing c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com...Removing c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\sidTRUS02.tidy...Removing c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll...Removing c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS02.exe...Removing c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe...Removing c:\Documents and Settings\Lou.HERE-9AEDA77103\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log...Removal finished=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.992000 GHzMemory total: 3210051584, free: 2546298880------------ Kernel report ------------ 05/17/2013 17:54:28------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllimofugc.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSKSecDD.sysNtfs.sysNDIS.sysMup.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\e1e5132.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\System32\Drivers\Modem.SYS\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\N360\1403010.016\ccSetx86.sys\SystemRoot\system32\drivers\N360\1403010.016\Ironx86.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\1403010.016\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\SystemRoot\system32\DRIVERS\arp1394.sys\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130516.001\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\ws2ifsl.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\drivers\N360\1403010.016\SRTSPX.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx86.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\ATMFD.DLL\??\C:\WINDOWS\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\System32\Drivers\HTTP.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk4\DR5Upper Device Object: 0xffffffff8a05e8a0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008d\Lower Device Object: 0xffffffff8a711c00Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstorInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk3\DR4Upper Device Object: 0xffffffff8a7328a0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008c\Lower Device Object: 0xffffffff8a6fc1f0Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstor<<<1>>>Upper Device Name: \Device\Harddisk2\DR3Upper Device Object: 0xffffffff8a6cc2d0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008b\Lower Device Object: 0xffffffff8a742030Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstor<<<1>>>Upper Device Name: \Device\Harddisk1\DR2Upper Device Object: 0xffffffff8a5caab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008a\Lower Device Object: 0xffffffff8ad2ae10Lower Device Driver Name: \Driver\usbstor\Driver name found: usbstor<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8afdbab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-7\Lower Device Object: 0xffffffff8af90b00Lower Device Driver Name: \Driver\atapi\Driver name found: atapiInitialization returned 0x0Load Function returned 0x0Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8afdbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8af89b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8afdbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8af909e8, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8af90b00, DeviceName: \Device\Ide\IdeDeviceP2T0L0-7\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0xffffffffe42887a0, 0xffffffff8afdbab8, 0xffffffff89e70040Lower DeviceData: 0xffffffffe42bd468, 0xffffffff8af90b00, 0xffffffff89ce7750<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 6CB914EPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 488392002 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 250059350016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff8a5caab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a6cc020, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a5caab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8ad2ae10, DeviceName: \Device\0000008a\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff8a6cc2d0, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a732e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a6cc2d0, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a742030, DeviceName: \Device\0000008b\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff8a7328a0, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a05ee08, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a7328a0, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a6fc1f0, DeviceName: \Device\0000008c\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff8a05e8a0, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a054be0, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a05e8a0, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a711c00, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\------------ End ----------Done!Performing system, memory and registry scan...Done!Scan finished=======================================Malwarebytes Anti-Rootkit BETA 1.05.0.1001www.malwarebytes.orgDatabase version: v2013.05.17.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Lou :: HERE-9AEDA77103 [administrator]5/17/2013 6:09:35 PMmbar-log-2013-05-17 (18-09-35).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 27047Time elapsed: 14 minute(s), 53 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted May 18, 2013 ID:680966 Share Posted May 18, 2013 Next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
LDTate Posted May 21, 2013 ID:682140 Share Posted May 21, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts