Trojan.agent and Trojan.RedirRdll2.Gen on PC

[artnboo]

Please help. I did a Malwarebytes scan in safe mode as the PC would never get to the start screen and it found two Trojan.agent files and a Trojan.RedirRDll2.Gen Registry value.

Thank you so much! See the Hijackthis log below

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 5:25:51 PM, on 5/29/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 3.5.3 (en-US)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

I:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent

O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [wmscec] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\owner\Application Data\wmscec.dll",SimpleParseStringFlags

O4 - HKLM\..\Run: [wbrki] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\owner\Application Data\wbrki.dll",AsDecodedString

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

O4 - Global Startup: Start Pervasive PSQL Workgroup Engine.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261604481906

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

--

End of file - 7520 bytes

[gringo_pr]

Hello artnboo

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

When they are complete let me have the two reports and let me know how things are running.

Gringo

[artnboo]

Hi Gringo,

Thanks so much for your help. I ran the AdwCleaner.exe in safe mode as I've been unable to get the PC to bring up the start menu, icons, etc. (it only shows a photo or a white screen and responds to no Ctrl-Alt-Del or any other keys). I also had to run JRT.exe in safe made after rebooting from the AdwCleaner.exe as it still only brought up a photo and no windows menus, controls, etc. Please also note that I checked the history from the PC's Microsoft Security Essentials and it found 3 different viruses in the last week or so. They were Trojan: Win32/Tobfy.F, Win32/Tracur.AV and Win32/Tracur.BD. Sorry I didn't provide this in my earlier email.

Please find the logs you requested below:

*************AdwCleaner Log*********************

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 19:34:52

# Updated 16/05/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - HONEY

# Boot Mode : Safe mode

# Running from : C:\Documents and Settings\Administrator.HONEY\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1121 octets] - [29/05/2013 19:34:27]

AdwCleaner[s1].txt - [1063 octets] - [29/05/2013 19:34:52]

########## EOF - C:\AdwCleaner[s1].txt - [1123 octets] ##########

*******************And now for the JRT log*******************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by Administrator on Wed 05/29/2013 at 19:39:29.43

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?

Val Name Type Value Data

======== ==== ==========

wmscec REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\owner\Application Data\wmscec.dll",SimpleParseStringFlags

wbrki REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\owner\Application Data\wbrki.dll",AsDecodedString

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\radiorage_4j"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 05/29/2013 at 19:41:03.93

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I rebooted after the JRT and it still brings up windows with a white screen and no menus, etc.

[gringo_pr]

Hello artnboo

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?
  

Gringo

[artnboo]

I ran Combofix and attached the PC back to my router but I forgot that I'd booted into Safe mode without networking. Not sure if that means without internet too but it said it couldn't find the internet so didn't install the Recovery Console (it's running XP). Dang... It finished all of the other steps of combofix. Please find the log attached. I'm sorry, I hate that I didn't realize it would do that...

***********Combofix Log below*************************

ComboFix 13-05-30.01 - Administrator 05/29/2013 22:25:30.1.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1637 [GMT -5:00]

Running from: c:\documents and settings\Administrator.HONEY\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\owner\acrobatreader.exe

c:\documents and settings\owner\alg.exe

c:\documents and settings\owner\chrome.exe

c:\documents and settings\owner\flashplayer.exe

c:\documents and settings\owner\notepad.exe

c:\documents and settings\owner\opera.exe

c:\documents and settings\owner\skype.exe

c:\documents and settings\owner\spoolsv.exe

c:\documents and settings\owner\WINDOWS

c:\documents and settings\owner\windowsupdate.exe

c:\windows\system32\SET162.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 )))))))))))))))))))))))))))))))

.

.

2013-05-30 00:39 . 2013-05-30 00:39 -------- d-----w- c:\windows\ERUNT

2013-05-30 00:39 . 2013-05-30 00:39 -------- d-----w- C:\JRT

2013-05-29 20:43 . 2013-05-29 20:43 -------- d-----w- c:\documents and settings\Administrator.HONEY

2013-05-29 20:32 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2013-05-29 20:32 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2013-05-29 14:09 . 2013-05-29 14:12 22471 ----a-w- c:\documents and settings\chrome.exe

2013-05-29 14:09 . 2013-05-29 14:09 0 ----a-w- c:\documents and settings\notepad.exe

2013-05-29 14:09 . 2013-05-29 14:09 0 ----a-w- c:\documents and settings\iexplore.exe

2013-05-29 14:06 . 2013-05-29 14:07 12399 ----a-w- c:\documents and settings\alg.exe

2013-05-29 14:06 . 2013-05-29 14:08 32543 ----a-w- c:\documents and settings\mstsc.exe

2013-05-29 14:06 . 2013-05-29 14:06 0 ----a-w- c:\documents and settings\firefox.exe

2013-05-29 14:06 . 2013-05-29 14:06 0 ----a-w- c:\documents and settings\vlcplayer.exe

2013-05-29 14:06 . 2013-05-29 14:06 0 ----a-w- c:\documents and settings\jqs.exe

2013-05-29 14:05 . 2013-05-29 14:06 104960 ----a-w- c:\documents and settings\jucheck.exe

2013-05-29 13:27 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3E273DE-A786-4912-B79B-0A053B9606E6}\mpengine.dll

2013-05-29 05:02 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-28 13:41 . 2013-05-28 13:41 0 ----a-w- c:\documents and settings\winlogon.exe

2013-05-28 13:39 . 2013-05-28 13:39 0 ----a-w- c:\documents and settings\acrobatreader.exe

2013-05-28 13:36 . 2013-05-28 13:36 0 ----a-w- c:\documents and settings\conhost.exe

2013-05-28 13:34 . 2013-05-28 13:36 69632 ----a-w- c:\documents and settings\flashplayer.exe

2013-05-22 15:08 . 2013-05-22 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Memeo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 07:01 . 2012-08-24 15:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-15 07:01 . 2011-08-30 18:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-02 15:28 . 2009-12-24 18:31 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 22:17 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 19:50 . 2012-08-24 12:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]

"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]

"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"wmscec"="c:\documents and settings\owner\Application Data\wmscec.dll" [2013-05-28 618496]

"wbrki"="c:\documents and settings\owner\Application Data\wbrki.dll" [2013-05-28 368640]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}\WGE1.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2009-12-29 92854]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-10-31 16:05 92072 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\mpw\\mpwupdate.exe"=

"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=

.

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/1/2012 12:30 AM 374704]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 5:10 PM 12856]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/29/2013 3:02 PM 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/24/2012 7:11 AM 701512]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:10 PM 25824]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\docume~1\owner\LOCALS~1\Temp\EverestDriver.sys [12/24/2009 2:06 PM 11776]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/24/2012 7:11 AM 22856]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 10:48 AM 235216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]

2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 07:01]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 14:36]

.

2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 14:36]

.

2013-05-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-Management PLUS v6.1 - Z:\Uninst.isu

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-29 22:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]

@Denied: ) (Everyone)

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(224)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2013-05-29 22:30:07

ComboFix-quarantined-files.txt 2013-05-30 03:30

.

Pre-Run: 461,670,965,248 bytes free

Post-Run: 462,174,593,024 bytes free

.

- - End Of File - - 66FA937EFE09A26DDB7B4A7571EF950E

[artnboo]

To follow up on the PC status - a reboot still produces the white screen with no menus, icons, etc. when not in safe mode. Sorry again for not realizing I wouldn't be able to get to the internet. I booted into safe mode with networking this time and I can get to the internet so if I need to re-run Combo Fix, let me know...

Thanks!

[gringo_pr]

Hello artnboo

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\documents and settings\chrome.exe
c:\documents and settings\notepad.exe
c:\documents and settings\iexplore.exe
c:\documents and settings\alg.exe
c:\documents and settings\mstsc.exe
c:\documents and settings\firefox.exe
c:\documents and settings\vlcplayer.exe
c:\documents and settings\jqs.exe
c:\documents and settings\jucheck.exe
c:\documents and settings\winlogon.exe
c:\documents and settings\acrobatreader.exe
c:\documents and settings\conhost.exe
c:\documents and settings\flashplayer.exe
c:\documents and settings\owner\Application Data\wmscec.dll
c:\documents and settings\owner\Application Data\wbrki.dll

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  

1. report from Combofix
   
2. let me know of any problems you may have had
   
3. How is the computer doing now after running the script?

Gringo

[artnboo]

1) Combofix Log below

ComboFix 13-05-30.01 - Administrator 05/29/2013 23:09:43.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1620 [GMT -5:00]

Running from: c:\documents and settings\Administrator.HONEY\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator.HONEY\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 )))))))))))))))))))))))))))))))

.

.

2013-05-30 00:39 . 2013-05-30 00:39 -------- d-----w- c:\windows\ERUNT

2013-05-30 00:39 . 2013-05-30 00:39 -------- d-----w- C:\JRT

2013-05-29 20:43 . 2013-05-30 03:33 -------- d-----w- c:\documents and settings\Administrator.HONEY

2013-05-29 20:32 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2013-05-29 20:32 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2013-05-29 14:09 . 2013-05-29 14:12 22471 ----a-w- c:\documents and settings\chrome.exe

2013-05-29 14:09 . 2013-05-29 14:09 0 ----a-w- c:\documents and settings\notepad.exe

2013-05-29 14:09 . 2013-05-29 14:09 0 ----a-w- c:\documents and settings\iexplore.exe

2013-05-29 14:06 . 2013-05-29 14:07 12399 ----a-w- c:\documents and settings\alg.exe

2013-05-29 14:06 . 2013-05-29 14:08 32543 ----a-w- c:\documents and settings\mstsc.exe

2013-05-29 14:06 . 2013-05-29 14:06 0 ----a-w- c:\documents and settings\firefox.exe

2013-05-29 14:06 . 2013-05-29 14:06 0 ----a-w- c:\documents and settings\vlcplayer.exe

2013-05-29 14:06 . 2013-05-29 14:06 0 ----a-w- c:\documents and settings\jqs.exe

2013-05-29 14:05 . 2013-05-29 14:06 104960 ----a-w- c:\documents and settings\jucheck.exe

2013-05-29 13:27 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3E273DE-A786-4912-B79B-0A053B9606E6}\mpengine.dll

2013-05-29 05:02 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-28 13:41 . 2013-05-28 13:41 0 ----a-w- c:\documents and settings\winlogon.exe

2013-05-28 13:39 . 2013-05-28 13:39 0 ----a-w- c:\documents and settings\acrobatreader.exe

2013-05-28 13:36 . 2013-05-28 13:36 0 ----a-w- c:\documents and settings\conhost.exe

2013-05-28 13:34 . 2013-05-28 13:36 69632 ----a-w- c:\documents and settings\flashplayer.exe

2013-05-22 15:08 . 2013-05-22 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Memeo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 07:01 . 2012-08-24 15:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-15 07:01 . 2011-08-30 18:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-02 15:28 . 2009-12-24 18:31 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 22:17 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 19:50 . 2012-08-24 12:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]

"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]

"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"wmscec"="c:\documents and settings\owner\Application Data\wmscec.dll" [2013-05-28 618496]

"wbrki"="c:\documents and settings\owner\Application Data\wbrki.dll" [2013-05-28 368640]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}\WGE1.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2009-12-29 92854]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-10-31 16:05 92072 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\mpw\\mpwupdate.exe"=

"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=

.

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/1/2012 12:30 AM 374704]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 5:10 PM 12856]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/29/2013 3:02 PM 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/24/2012 7:11 AM 701512]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:10 PM 25824]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\docume~1\owner\LOCALS~1\Temp\EverestDriver.sys [12/24/2009 2:06 PM 11776]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/24/2012 7:11 AM 22856]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 10:48 AM 235216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]

2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 07:01]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 14:36]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 14:36]

.

2013-05-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-29 23:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-776561741-1788223648-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,1a,72,e9,5d,7f,41,45,86,07,29,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,1a,72,e9,5d,7f,41,45,86,07,29,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]

@Denied: ) (Everyone)

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(580)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(1868)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\WinRAR\rarext.dll

c:\progra~1\MI239C~1\shellext.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

Completion time: 2013-05-29 23:13:19

ComboFix-quarantined-files.txt 2013-05-30 04:13

ComboFix2.txt 2013-05-30 03:30

.

Pre-Run: 462,157,414,400 bytes free

Post-Run: 462,149,025,792 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - A66DD5BF09D87FA109BFB90AE98B9AF7

2) I was able to successfully run Combofix with the script and it did install the Recovery Console this time.

3) It still comes up with a white screen with no menus, icons, etc. upon reboot.

Thanks!

[gringo_pr]

Hello artnboo

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
    
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
    

  [*]Please post the contents of OTL.txt in your next reply.

Gringo

[artnboo]

Good morning Gringo,

Please find the contents of the OTL.txt below:

OTL logfile created on: 5/30/2013 8:18:29 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.HONEY\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 78.28% Memory free

3.73 Gb Paging File | 3.52 Gb Available in Paging File | 94.36% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 430.44 Gb Free Space | 92.42% Space Free | Partition Type: NTFS

Drive I: | 3.72 Gb Total Space | 3.57 Gb Free Space | 95.93% Space Free | Partition Type: FAT32

Computer Name: HONEY | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.HONEY\Desktop\OTL.exe (OldTimer Tools)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\nvshell.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.HON\LOCALS~1\Temp\catchme.sys File not found

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (AX88772) -- C:\WINDOWS\system32\drivers\ax88772.sys (ASIX Electronics Corp.)

DRV - (EverestDriver) -- C:\Documents and Settings\owner\Local Settings\Temp\EverestDriver.sys ()

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1788223648-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-776561741-1788223648-1801674531-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-776561741-1788223648-1801674531-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-776561741-1788223648-1801674531-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-776561741-1788223648-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\2vffxtbr@DailyBibleGuide.com: C:\Program Files\DailyBibleGuide\bar\1.bin [2012/09/02 15:16:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/24 14:15:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/02 14:27:17 | 000,000,000 | ---D | M]

[2012/09/02 14:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/09/02 14:27:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2007/06/11 15:34:34 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2013/05/29 22:29:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Lexmark 4200 Series] C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()

O4 - HKLM..\Run: [wbrki] C:\Documents and Settings\owner\Application Data\wbrki.dll (Tech Ltd.)

O4 - HKLM..\Run: [wmscec] C:\Documents and Settings\owner\Application Data\wmscec.dll (Interactive, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk = C:\WINDOWS\Installer\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}\WGE1.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-1788223648-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-776561741-1788223648-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-776561741-1788223648-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-776561741-1788223648-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261604481906 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6FAA604-192F-41F7-A2E6-77FDF0A06B8B}: DhcpNameServer = 192.168.2.1 192.168.2.2

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/23 15:37:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/01/14 14:07:22 | 000,000,110 | ---- | M] () - I:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/30 08:16:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HONEY\Desktop\OTL.exe

[2013/05/29 23:13:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2013/05/29 23:06:48 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/05/29 23:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/05/29 22:47:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2013/05/29 22:33:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.HONEY\PrivacIE

[2013/05/29 22:22:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/05/29 22:22:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/05/29 22:22:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/05/29 22:22:17 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/29 22:22:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HONEY\My Documents\My Videos

[2013/05/29 22:22:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HONEY\My Documents\My Pictures

[2013/05/29 22:22:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HONEY\My Documents\My Music

[2013/05/29 22:22:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HONEY\Start Menu\Programs\Administrative Tools

[2013/05/29 22:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/05/29 22:21:44 | 005,075,099 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.HONEY\Desktop\ComboFix.exe

[2013/05/29 19:39:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/05/29 19:39:13 | 000,000,000 | ---D | C] -- C:\JRT

[2013/05/29 19:33:23 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator.HONEY\Desktop\JRT.exe

[2013/05/29 15:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HONEY\Application Data\Malwarebytes

[2013/05/29 15:43:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.HONEY\Application Data\Microsoft

[2013/05/29 15:43:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HONEY\SendTo

[2013/05/29 15:43:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HONEY\Application Data

[2013/05/29 15:43:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HONEY\Start Menu\Programs\Startup

[2013/05/29 15:43:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HONEY\Start Menu

[2013/05/29 15:43:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HONEY\Start Menu\Programs\Accessories

[2013/05/29 15:43:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.HONEY\IETldCache

[2013/05/29 15:43:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.HONEY\Cookies

[2013/05/29 15:43:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HONEY\Templates

[2013/05/29 15:43:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HONEY\Recent

[2013/05/29 15:43:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HONEY\PrintHood

[2013/05/29 15:43:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HONEY\NetHood

[2013/05/29 15:43:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HONEY\Local Settings

[2013/05/29 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HONEY\My Documents

[2013/05/29 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HONEY\Local Settings\Application Data\Microsoft Help

[2013/05/29 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HONEY\Local Settings\Application Data\Microsoft

[2013/05/29 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HONEY\Application Data\Macromedia

[2013/05/29 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HONEY\Favorites

[2013/05/29 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HONEY\Desktop

[2013/05/29 15:32:47 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys

[2013/05/22 10:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Memeo

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/30 08:14:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HONEY\Desktop\OTL.exe

[2013/05/30 02:30:44 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/05/29 23:20:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/29 23:19:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/05/29 23:18:21 | 000,002,631 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk

[2013/05/29 23:17:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/29 23:06:51 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2013/05/29 22:47:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/29 22:29:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/05/29 22:19:12 | 005,075,099 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.HONEY\Desktop\ComboFix.exe

[2013/05/29 19:31:54 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator.HONEY\Desktop\JRT.exe

[2013/05/29 19:30:42 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Administrator.HONEY\Desktop\AdwCleaner.exe

[2013/05/29 18:41:55 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Administrator.HONEY\Application Data\mbam.context.scan

[2013/05/29 10:06:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/05/29 10:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/05/16 14:33:27 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/05/16 04:06:19 | 000,444,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/05/16 04:06:19 | 000,072,540 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/05/16 04:04:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/05/15 02:01:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/05/15 02:01:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/05/06 23:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/05/02 10:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/29 23:06:51 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2013/05/29 23:06:49 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/05/29 22:22:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/05/29 22:22:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/05/29 22:22:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/05/29 22:22:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/05/29 22:22:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/05/29 19:33:23 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Administrator.HONEY\Desktop\AdwCleaner.exe

[2013/05/29 18:41:55 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Administrator.HONEY\Application Data\mbam.context.scan

[2013/05/29 15:43:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.HONEY\Start Menu\Programs\Remote Assistance.lnk

[2013/05/29 15:43:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.HONEY\Start Menu\Programs\Windows Media Player.lnk

[2013/04/13 04:01:08 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2013/04/13 04:01:08 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2013/04/13 04:01:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2012/02/16 14:47:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2009/12/23 15:51:08 | 000,000,422 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2009/12/23 15:53:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

[gringo_pr]

Hello artnboo

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

• Double-click OTL.exe to start the program.
  
• Copy and Paste the following code into the text box.
  

  
  :OTL
  FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll File not found
  FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  [reboot]
  

  
  

• Then click the Run Fix button at the top.
  
• Click .
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
  Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
  It will be named - mmddyyyy_hhmmss.log
  Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.
  

Let me know How things are doing

Gringo

[artnboo]

Please find the OTL log below:

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@RadioRage_4j.com/Plugin\ deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\WINDOWS\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Error: Unable to interpret <:Filesipconfig /flushdns /c> in the current context!

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.HONEY

User: All Users

User: Default User

User: Desktop

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: owner

->Java cache emptied: 45922298 bytes

User: temp

Total Java Files Cleaned = 44.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.HONEY

->Flash cache emptied: 56504 bytes

User: All Users

User: Default User

->Flash cache emptied: 56504 bytes

User: Desktop

User: LocalService

User: LogMeInRemoteUser

->Flash cache emptied: 56504 bytes

User: NetworkService

User: owner

->Flash cache emptied: 16669 bytes

User: temp

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05302013_120135

I allowed it to reboot in regular mode (not safe mode) and still got to the white screen with no menus.

Thanks!

[artnboo]

I just saw the failure of the dns flush. When I paste your code into notepad, it puts it all one one line and that failed to execute so I parsed it all out to match, or so I though, but I didn't add a return after your following command::

Files:

ipconfig /flushdns /c

Want me to run again? Sorry...

[gringo_pr]

Hello artnboo

I want you to run this instead

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

• Double-click OTL.exe to start the program.
  
• Copy and Paste the following code into the text box.
  

  
  :OTL
  O4 - HKLM..\Run: [wbrki] C:\Documents and Settings\owner\Application Data\wbrki.dll (Tech Ltd.)
  O4 - HKLM..\Run: [wmscec] C:\Documents and Settings\owner\Application Data\wmscec.dll (Interactive, Inc.)
  :Files
  ipconfig /flushdns /c
  C:\Documents and Settings\owner\Application Data\wmscec.dll
  C:\Documents and Settings\owner\Application Data\wbrki.dll
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  [reboot]
  

  
  

• Then click the Run Fix button at the top.
  
• Click .
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
  Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
  It will be named - mmddyyyy_hhmmss.log
  Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.
  

Let me know How things are doing

Gringo

[artnboo]

Please find the log file from the latest OTL script below:

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wbrki deleted successfully.

C:\Documents and Settings\owner\Application Data\wbrki.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wmscec deleted successfully.

C:\Documents and Settings\owner\Application Data\wmscec.dll moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Administrator.HONEY\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Administrator.HONEY\Desktop\cmd.txt deleted successfully.

File\Folder C:\Documents and Settings\owner\Application Data\wmscec.dll not found.

File\Folder C:\Documents and Settings\owner\Application Data\wbrki.dll not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.HONEY

User: All Users

User: Default User

User: Desktop

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: owner

->Java cache emptied: 0 bytes

User: temp

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.HONEY

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: Desktop

User: LocalService

User: LogMeInRemoteUser

->Flash cache emptied: 0 bytes

User: NetworkService

User: owner

->Flash cache emptied: 0 bytes

User: temp

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05302013_224532

**************************************************

I tried rebooting directly into Safe Mode this time and it appeared that it hung up twice after loading the MUP.sys driver. I then let it boot into normal mode and it wanted to run Chkdsk which I let it do. I completed everything successfully then got back to the point where after flashing the Windows XP screen, it never gets to the login but brings up a photo for a few seconds then ends with a white screen and no menus, icons, etc. After seeing that it did appear back to that same point, I rebooted back in to safe mode and it paused after the mup.sys driver again but then finished booting and I'm back in safe mode again.

Thx!

[gringo_pr]

Hello artnboo

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.
  Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
  If the forum still complains about it being to long send me everything that is at the end of the report after where it says
  ==================
  Scan finished
  ==================
  

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

• Quit all programs that you may have started.
  
• Please disconnect any external drives from the computer before you run this scan!
  
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
  
• For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on "Scan" button
  
• Wait until the Status box shows "Scan Finished"
  
• click on "delete"
  
• Wait until the Status box shows "Deleting Finished"
  
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
  
• the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  
• Exit/Close RogueKiller+
  

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

[artnboo]

Note that TDSKiller did not have a CURE option so I elected to skip the 3 suspicious items it found. Also, it did not reboot after skipping those items. I got an error that the log was too long so am attaching the TDSSKiller log for your review.

***************Results of RogueKiller log ****************************

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Administrator [Admin rights]

Mode : Remove -- Date : 05/30/2013 23:58:50

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725050VLA360 +++++

--- User ---

[MBR] d2e7e4581451b49451898db7b73bb2af

[bSP] 10ec094ae302d6cc53f60a3d16c09a74 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_D_05302013_02d2358.txt >>

RKreport[1]_S_05302013_02d2357.txt ; RKreport[2]_D_05302013_02d2358.txt

********************************************************************

A reboot of the PC (not in safe mode) after running both of these programs resulted in a brief flash of the desktop, then back to the white screen with no menus and icons. I'm back in safe mode.

Thanks!

TDSSKiller.2.8.16.0_30.05.2013_23.48.11_log.txt

[gringo_pr]

How are things running now?

gringo

[artnboo]

A reboot in normal mode (not safe mode) gets me to the same spot - a welcome screen then straight to the desktop background photo for an intant, then a whilte screen with no menus or icons. After the welcom screen it never gives me a user name to click on to log in, it might not usually but it shows both Administrator and Owner as possible logins from safe mode.

[gringo_pr]

Hello artnboo

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

• •Internet access
  •Windows Update
  •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
  
• it will ask to download extra definitions - ALLOW IT
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  

When you are complete please send me both reports

Gringo

[artnboo]

Hey Gringo,

I ran the Malwarebytes Anti-Rootkit in safe mode and it found viruses and cleaned them. In safe mode, the next scan showed clean. When I rebooted into normal mode, the menu and icons came up but when I went to Windows update and clicked on it, the white screen came back up so I had to boot to safe mode again. I reran Malwarebytes Anti-Rootkit and it found 3 more viruses, then I booted into normal mode and it found more viruses, then it came up clean the next 2 times. I've attached all six logs for your review. It seems to be better now but I don't have much confidence that it's not making little baby viruses somewhere.

MBAR Scan #1

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.01.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Administrator :: HONEY [administrator]

6/1/2013 12:42:37 PM

mbar-log-2013-06-01 (12-42-37).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 266944

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

c:\Documents and Settings\owner\Application Data\skype.dat (Trojan.Winlock.EP) -> Delete on reboot.

c:\Documents and Settings\flashplayer.exe (Trojan.Ransom.FV) -> Delete on reboot.

c:\Documents and Settings\jucheck.exe (Trojan.Winlock.EP) -> Delete on reboot.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

MBAR Scan # 2

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.01.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Administrator :: HONEY [administrator]

6/1/2013 12:56:03 PM

mbar-log-2013-06-01 (12-56-03).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 266987

Time elapsed: 11 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

MBAR Scan #3

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.01.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Administrator :: HONEY [administrator]

6/1/2013 2:54:19 PM

mbar-log-2013-06-01 (14-54-19).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 267089

Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

c:\Documents and Settings\rundll32.exe (Trojan.FakeMS) -> Delete on reboot.

c:\Documents and Settings\owner\mstsc.exe (Trojan.FakeMS) -> Delete on reboot.

c:\Documents and Settings\csrss.exe (Trojan.Agent) -> Delete on reboot.

c:\Documents and Settings\owner\Application Data\skype.dat (Trojan.Agent) -> Delete on reboot.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

MBAR Scan #4

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.01.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

owner :: HONEY [administrator]

6/1/2013 3:48:12 PM

mbar-log-2013-06-01 (15-48-12).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 285828

Time elapsed: 13 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Documents and Settings\owner\Application Data\skype.dat -> Delete on reboot.

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wabEventSupport16 (Trojan.Agent) -> Data: rundll32.exe "C:\Documents and Settings\owner\Application Data\wabEventSupport16\wabEventSupport16.dll",AwPath KernelUtilLibs -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

c:\Documents and Settings\owner\Application Data\wabEventSupport16\wabEventSupport16.dll (Trojan.Agent) -> Delete on reboot.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

MBAR Scan #5

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.01.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

owner :: HONEY [administrator]

6/1/2013 5:42:45 PM

mbar-log-2013-06-01 (17-42-45).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 285850

Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

MBAR Scan #6

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.01.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

owner :: HONEY [administrator]

6/1/2013 8:15:29 PM

mbar-log-2013-06-01 (20-15-29).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 287467

Time elapsed: 18 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

MBAR System Log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 2012524544, free: 1694228480

Downloaded database version: v2013.06.01.04

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/01/2013 15:48:02

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

imofugc.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

nvata.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltMgr.sys

sr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\ULCDRHlp.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\nvnetbus.sys

\SystemRoot\system32\DRIVERS\NVNRM.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\NVENETFD.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\dump_nvata.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR10

Upper Device Object: 0xffffffff88af0ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006d\

Lower Device Object: 0xffffffff88b49548

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR5

Upper Device Object: 0xffffffff88c97580

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006a\

Lower Device Object: 0xffffffff88c97030

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR4

Upper Device Object: 0xffffffff88ca7ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000069\

Lower Device Object: 0xffffffff88cac938

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR3

Upper Device Object: 0xffffffff88c96030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000068\

Lower Device Object: 0xffffffff88c97ea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xffffffff88c98338

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000067\

Lower Device Object: 0xffffffff89990030

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff89aadab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000060\

Lower Device Object: 0xffffffff89a2b650

Lower Device Driver Name: \Driver\nvata\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff89aadab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89aad830, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89aadab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89a2b4d0, DeviceName: \Device\00000061\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff89a2b650, DeviceName: \Device\00000060\, DriverName: \Driver\nvata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: BBC58B91

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 976751937

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff88c98338, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88ca6bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88c98338, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89990030, DeviceName: \Device\00000067\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff88c96030, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88c96e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88c96030, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88c97ea0, DeviceName: \Device\00000068\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff88ca7ab8, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88c96bf0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88ca7ab8, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88cac938, DeviceName: \Device\00000069\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff88c97580, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88c97358, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88c97580, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88c97030, DeviceName: \Device\0000006a\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 512

Drive: 5, DevicePointer: 0xffffffff88af0ab8, DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88b14480, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88af0ab8, DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88b49548, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 5

Scanning MBR on drive 5...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 625C6F81

Partition information:

Partition 0 type is Other (0xb)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 7822017

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 4005527552 bytes

Sector size: 512 bytes

Done!

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell --> [Trojan.Agent.RNS]

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wabEventSupport16 --> [Trojan.Agent]

Infected: c:\Documents and Settings\owner\Application Data\wabEventSupport16\wabEventSupport16.dll --> [Trojan.Agent]

Scan finished

Creating System Restore point...

Could not create restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Removal queue found; removal started

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_5_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_5_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 2012524544, free: 1696980992

Initializing...

------------ Kernel report ------------

06/01/2013 17:42:34

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

imofugc.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

nvata.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltMgr.sys

sr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\ULCDRHlp.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\nvnetbus.sys

\SystemRoot\system32\DRIVERS\NVNRM.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\NVENETFD.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\dump_nvata.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR6

Upper Device Object: 0xffffffff88cb8540

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006c\

Lower Device Object: 0xffffffff88cad510

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR5

Upper Device Object: 0xffffffff88cb8ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006b\

Lower Device Object: 0xffffffff88ca2ab0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR4

Upper Device Object: 0xffffffff88ca2030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006a\

Lower Device Object: 0xffffffff88cb3ea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR3

Upper Device Object: 0xffffffff88cbb928

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000069\

Lower Device Object: 0xffffffff88cadd50

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xffffffff88cad7d8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000068\

Lower Device Object: 0xffffffff88cbbea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff89aa6ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000060\

Lower Device Object: 0xffffffff89aa4030

Lower Device Driver Name: \Driver\nvata\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff89aa6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89a69e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89aa6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89a62f18, DeviceName: \Device\00000061\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff89aa4030, DeviceName: \Device\00000060\, DriverName: \Driver\nvata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: BBC58B91

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 976751937

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff88cad7d8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88caab88, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88cad7d8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88cbbea0, DeviceName: \Device\00000068\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff88cbb928, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88cb5e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88cbb928, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88cadd50, DeviceName: \Device\00000069\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff88ca2030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88dfc748, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88ca2030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88cb3ea0, DeviceName: \Device\0000006a\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff88cb8ab8, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89a75400, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88cb8ab8, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88ca2ab0, DeviceName: \Device\0000006b\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 512

Drive: 5, DevicePointer: 0xffffffff88cb8540, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88cb2e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff88cb8540, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88cad510, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 5

Scanning MBR on drive 5...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 625C6F81

Partition information:

Partition 0 type is Other (0xb)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 7822017

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 4005527552 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_5_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_5_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 2012524544, free: 1692794880

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 2012524544, free: 1448816640

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 2012524544, free: 1349169152

Initializing...

------------ Kernel report ------------

06/01/2013 20:15:17

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

nvata.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltMgr.sys

sr.sys

MpFilter.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\AmdK8.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\AGRSM.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\ULCDRHlp.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\nvnetbus.sys

\SystemRoot\system32\DRIVERS\NVNRM.SYS

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\lmimirr.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\NVENETFD.sys

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\System32\Drivers\dump_nvata.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\Program Files\LogMeIn\x86\RaInfo.sys

\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR6

Upper Device Object: 0xffffffff89715ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006f\

Lower Device Object: 0xffffffff8985e030

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR5

Upper Device Object: 0xffffffff8982d400

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006e\

Lower Device Object: 0xffffffff88b257e0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR4

Upper Device Object: 0xffffffff89a232d0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006d\

Lower Device Object: 0xffffffff8985e878

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR3

Upper Device Object: 0xffffffff89713ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006c\

Lower Device Object: 0xffffffff8971a030

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xffffffff897b4ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006b\

Lower Device Object: 0xffffffff89a60ea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff89c14ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000060\

Lower Device Object: 0xffffffff89c3f030

Lower Device Driver Name: \Driver\nvata\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff89c14ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89c93e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89c14ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89c44f18, DeviceName: \Device\00000061\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff89c3f030, DeviceName: \Device\00000060\, DriverName: \Driver\nvata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: BBC58B91

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 976751937

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff897b4ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89768178, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff897b4ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89a60ea0, DeviceName: \Device\0000006b\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff89713ab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8975c020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89713ab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8971a030, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff89a232d0, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89a04020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89a232d0, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8985e878, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff8982d400, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff897bf640, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8982d400, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88b257e0, DeviceName: \Device\0000006e\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 512

Drive: 5, DevicePointer: 0xffffffff89715ab8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff88783020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89715ab8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8985e030, DeviceName: \Device\0000006f\, DriverName: \Driver\usbstor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 5

Scanning MBR on drive 5...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 625C6F81

Partition information:

Partition 0 type is Other (0xb)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 7822017

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 4005527552 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_5_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_5_r.mbam...

Removal finished

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-06-01 21:33:40

-----------------------------

21:33:40.843 OS Version: Windows 5.1.2600 Service Pack 3

21:33:40.843 Number of processors: 2 586 0x6B01

21:33:40.843 ComputerName: HONEY UserName: owner

21:33:41.750 Initialize success

21:37:53.935 AVAST engine defs: 13060101

21:43:56.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060

21:43:56.495 Disk 0 Vendor: Hitachi_HDT725050VLA360 V56OA7EA Size: 476940MB BusType: 3

21:43:56.605 Disk 0 MBR read successfully

21:43:56.605 Disk 0 MBR scan

21:43:56.667 Disk 0 Windows XP default MBR code

21:43:56.667 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63

21:43:56.667 Disk 0 scanning sectors +976752000

21:43:56.698 Disk 0 scanning C:\WINDOWS\system32\drivers

21:44:09.044 Service scanning

21:44:20.482 Service MpKsl7fbdeef6 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DD99C35-870F-4739-B628-EFE8B552CE40}\MpKsl7fbdeef6.sys **LOCKED** 32

21:44:36.078 Modules scanning

21:44:54.502 Disk 0 trace - called modules:

21:44:54.533 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys

21:44:54.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89c14ab8]

21:44:54.533 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x89c44f18]

21:44:54.533 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\00000060[0x89c3f030]

21:44:55.065 AVAST engine scan C:\WINDOWS

21:45:14.020 AVAST engine scan C:\WINDOWS\system32

21:49:22.824 AVAST engine scan C:\WINDOWS\system32\drivers

21:49:50.308 AVAST engine scan C:\Documents and Settings\owner

22:01:46.918 AVAST engine scan C:\Documents and Settings\All Users

22:02:54.340 Scan finished successfully

22:14:46.668 Disk 0 MBR has been saved successfully to "I:\MBR.dat"

22:14:46.683 The log file has been saved successfully to "I:\aswMBR.txt"

It appears to be running better. I was able to boot into normal mode and the menu and icons came up. When I clicked on Windows Update , however, it went to the white screen. I booted to safe mode again and ran the malwarebytes antirootkit again and it found

[gringo_pr]

Hello artnboo

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

Gringo

[artnboo]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-06-2013 02

Ran by owner (administrator) on 01-06-2013 23:03:02

Running from C:\Documents and Settings\Desktop

Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE

(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Lexmark International, Inc.) C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Lexmark International, Inc.) C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe

() C:\Program Files\Business-in-a-Box\BIBLauncher.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

() C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe

(Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

(Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

(Microsoft Corporation) C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe

(Microsoft Corporation) C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

(Microsoft Corporation) C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [286720 2007-10-19] (Apple Inc.)

HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)

HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-06] ()

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]

HKLM\...\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [57344 2004-01-16] (Lexmark International, Inc.)

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2011-09-16] (LogMeIn, Inc.)

HKLM\...\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui [136416 2011-05-04] (Memeo Inc.)

HKLM\...\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent [144608 2011-05-04] (Memeo Inc.)

HKLM\...\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\RunOnce: [A0] cmd /c "C:\Documents and Settings\Desktop\mbar\mbar.exe" /r /s [768584 2013-05-08] (Malwarebytes Corporation)

Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)

Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-26] (Google Inc.)

HKCU\...\Run: [bIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe [901600 2011-03-15] ()

HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)

MountPoints2: {6eee63fe-4323-11df-a169-001bfcfcce3a} - I:\setupSNK.exe

MountPoints2: {cb267a4c-f4c3-11de-a15d-001bfcfcce3a} - I:\LaunchU3.exe -a

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk

ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\WINDOWS\Installer\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}\WGE1.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

URLSearchHook: (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vSrcAs.dll No File

HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

SearchScopes: HKCU - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL =

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -No Name - {78BA36C9-6036-482B-B48D-ECCA6F964B84} - No File

PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

PDF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\hfsk34is.default

FF SearchEngine: My Web Search

FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=94CA5A70-BA2D-499E-BAD4-F51F84E24A53&n=77fcdc15&ind=2013060117&id=ZXxdm003YYus&ptnrS=ZXxdm003YYus&si=CPe-w57SsrECFQ5j7AodqycA_g&searchfor=

FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: DailyBibleGuide - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\hfsk34is.default\Extensions\2vffxtbr@DailyBibleGuide.com

FF Extension: RadioRage - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\hfsk34is.default\Extensions\4jffxtbr@RadioRage_4j.com

FF Extension: No Name - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\hfsk34is.default\Extensions\staged-xpis

FF Extension: No Name - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\hfsk34is.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: Screen Capture Filter Task Page - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\hfsk34is.default\Extensions\{D5E4EC60-FFFF-627B-F46E-3DA49AE69702}

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-01-13] (Lexmark International, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2009-08-31] ()

R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)

S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)

S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-17] (Advanced Micro Devices)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [17920 2009-08-20] (ASIX Electronics Corp.)

S3 EverestDriver; C:\DOCUME~1\owner\LOCALS~1\Temp\EverestDriver.sys [11776 2009-08-20] ()

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)

R2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2011-09-16] (LogMeIn, Inc.)

R2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2011-09-16] (LogMeIn, Inc.)

R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-06-01] ()

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

R1 MpKsl7fbdeef6; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DD99C35-870F-4739-B628-EFE8B552CE40}\MpKsl7fbdeef6.sys [29904 2013-06-01] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()

R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)

R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [46080 2007-05-20] (NVIDIA Corporation)

R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [19968 2007-05-20] (NVIDIA Corporation)

R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.)

S4 Abiosdsk; No ImagePath

S4 abp480n5; No ImagePath

S4 adpu160m; No ImagePath

S4 Aha154x; No ImagePath

S4 aic78u2; No ImagePath

S4 aic78xx; No ImagePath

S4 AliIde; No ImagePath

S4 amsint; No ImagePath

S4 asc; No ImagePath

S4 asc3350p; No ImagePath

S4 asc3550; No ImagePath

S4 Atdisk; No ImagePath

S3 catchme; \??\C:\DOCUME~1\ADMINI~1.HON\LOCALS~1\Temp\catchme.sys [x]

S4 cd20xrnt; No ImagePath

S1 Changer; No ImagePath

S4 CmdIde; No ImagePath

S4 Cpqarray; No ImagePath

U4 dac2w2k; No ImagePath

S4 dac960nt; No ImagePath

S4 dpti2o; No ImagePath

S4 hpn; No ImagePath

S1 i2omgmt; No ImagePath

S4 i2omp; No ImagePath

S4 ini910u; No ImagePath

S4 IntelIde; No ImagePath

S1 lbrtfdc; No ImagePath

S4 LMIRfsClientNP; No ImagePath

S4 mraid35x; No ImagePath

S1 PCIDump; No ImagePath

S3 PDCOMP; No ImagePath

S3 PDFRAME; No ImagePath

S3 PDRELI; No ImagePath

S3 PDRFRAME; No ImagePath

S4 perc2; No ImagePath

S4 perc2hib; No ImagePath

S4 ql1080; No ImagePath

S4 Ql10wnt; No ImagePath

S4 ql12160; No ImagePath

S4 ql1240; No ImagePath

S4 ql1280; No ImagePath

S4 Simbad; No ImagePath

S4 Sparrow; No ImagePath

S4 symc810; No ImagePath

S4 symc8xx; No ImagePath

S4 sym_hi; No ImagePath

S4 sym_u3; No ImagePath

S4 TosIde; No ImagePath

S4 ultra; No ImagePath

S4 ViaIde; No ImagePath

S3 WDICA; No ImagePath

U3 aswMBR; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-01 23:02 - 2013-06-01 23:02 - 00000000 ____D C:\FRST

2013-06-01 23:02 - 2013-06-01 23:00 - 01355657 ____A (Farbar) C:\Documents and Settings\Desktop\FRST.exe

2013-06-01 21:32 - 2013-06-01 14:16 - 04745728 ____A (AVAST Software) C:\Documents and Settings\Desktop\aswMBR.exe

2013-06-01 20:13 - 2013-06-01 20:13 - 00035144 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-06-01 17:25 - 2013-06-01 17:25 - 00000000 ____D C:\Documents and Settings\owner\Application Data\RadioRage_4j

2013-06-01 17:25 - 2013-06-01 17:25 - 00000000 ____D C:\Documents and Settings\owner\Application Data\DailyBibleGuide

2013-06-01 15:46 - 2013-06-01 21:26 - 00000000 ____D C:\Documents and Settings\Desktop\mbar

2013-06-01 14:54 - 2013-06-01 21:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-06-01 14:47 - 2013-06-01 14:49 - 00000004 ____A C:\Documents and Settings\owner\Application Data\skype.ini

2013-06-01 14:42 - 2013-06-01 17:40 - 00000000 ____D C:\Documents and Settings\owner\Application Data\wabEventSupport16

2013-06-01 12:37 - 2013-06-01 15:44 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Desktop\mbar

2013-05-31 00:05 - 2013-05-31 00:05 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\03026604.sys

2013-05-30 23:58 - 2013-05-30 23:58 - 00001358 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\RKreport[2]_D_05302013_02d2358.txt

2013-05-30 23:57 - 2013-05-30 23:57 - 00001310 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\RKreport[1]_S_05302013_02d2357.txt

2013-05-30 23:56 - 2013-05-30 23:58 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Desktop\RK_Quarantine

2013-05-30 23:56 - 2013-05-30 23:55 - 00816128 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\RogueKiller.exe

2013-05-30 23:45 - 2013-05-30 23:44 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator.HONEY\Desktop\tdsskiller.exe

2013-05-30 11:59 - 2013-05-30 11:59 - 00000000 ____D C:\_OTL

2013-05-30 08:20 - 2013-05-30 08:20 - 00049192 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\OTL.Txt

2013-05-30 08:20 - 2013-05-30 08:20 - 00035552 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\Extras.Txt

2013-05-30 08:16 - 2013-05-30 08:14 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Administrator.HONEY\Desktop\OTL.exe

2013-05-29 23:13 - 2013-05-29 23:13 - 00012291 ____A C:\ComboFix.txt

2013-05-29 23:06 - 2013-05-29 23:06 - 00000000 RASHD C:\cmdcons

2013-05-29 23:06 - 2009-12-23 20:26 - 00000223 ____A C:\Boot.bak

2013-05-29 23:06 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr

2013-05-29 23:05 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-05-29 22:47 - 2013-05-29 22:47 - 00000000 __SHD C:\Windows\CSC

2013-05-29 22:33 - 2013-05-29 22:33 - 00000000 __SHD C:\Documents and Settings\Administrator.HONEY\PrivacIE

2013-05-29 22:22 - 2013-06-01 15:45 - 00000000 ____D C:\Windows\erdnt

2013-05-29 22:22 - 2013-05-29 23:13 - 00000000 ____D C:\Qoobox

2013-05-29 22:22 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe

2013-05-29 22:22 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe

2013-05-29 22:22 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-05-29 22:22 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-05-29 22:22 - 2000-08-30 19:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe

2013-05-29 22:22 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe

2013-05-29 22:22 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe

2013-05-29 22:22 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe

2013-05-29 22:21 - 2013-05-29 22:19 - 05075099 ____R (Swearware) C:\Documents and Settings\Administrator.HONEY\Desktop\ComboFix.exe

2013-05-29 19:41 - 2013-05-29 19:41 - 00002213 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\JRT.txt

2013-05-29 19:39 - 2013-05-29 19:39 - 00000000 ____D C:\Windows\ERUNT

2013-05-29 19:39 - 2013-05-29 19:39 - 00000000 ____D C:\JRT

2013-05-29 19:34 - 2013-05-29 19:35 - 00001192 ____A C:\AdwCleaner[s1].txt

2013-05-29 19:34 - 2013-05-29 19:34 - 00001121 ____A C:\AdwCleaner[R1].txt

2013-05-29 19:33 - 2013-05-29 19:31 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Administrator.HONEY\Desktop\JRT.exe

2013-05-29 19:33 - 2013-05-29 19:30 - 00632031 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\AdwCleaner.exe

2013-05-29 18:41 - 2013-05-29 18:41 - 00000045 ____A C:\Documents and Settings\Administrator.HONEY\Application Data\mbam.context.scan

2013-05-29 18:31 - 2013-05-29 18:31 - 00075016 ____A C:\Documents and Settings\Administrator.HONEY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-05-29 15:44 - 2013-05-29 15:44 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Application Data\Malwarebytes

2013-05-29 15:43 - 2013-06-01 15:44 - 00000178 __ASH C:\Documents and Settings\Administrator.HONEY\ntuser.ini

2013-05-29 15:43 - 2013-06-01 14:53 - 00000062 __ASH C:\Documents and Settings\Administrator.HONEY\Local Settings\desktop.ini

2013-05-29 15:43 - 2011-05-12 05:00 - 00000000 __SHD C:\Documents and Settings\Administrator.HONEY\IETldCache

2013-05-29 15:43 - 2010-08-26 09:36 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Application Data\Macromedia

2013-05-29 15:43 - 2009-12-30 06:00 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Local Settings\Application Data\Microsoft Help

2013-05-29 15:43 - 2009-12-23 07:26 - 00000062 __ASH C:\Documents and Settings\Administrator.HONEY\Application Data\desktop.ini

2013-05-29 15:32 - 2001-08-17 13:48 - 00012160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mouhid.sys

2013-05-29 15:32 - 2001-08-17 13:48 - 00012160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys

2013-05-29 09:06 - 2013-05-29 09:06 - 00011661 ____A C:\Documents and Settings\Desktop\hs_err_pid7076.log

2013-05-28 08:32 - 2013-05-28 08:32 - 00011885 ____A C:\Documents and Settings\Desktop\hs_err_pid1648.log

2013-05-22 10:08 - 2013-05-22 10:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Memeo

2013-05-17 09:52 - 2013-06-01 14:52 - 00000000 ____D C:\Documents and Settings\owner\Local Settings\Application Data\Memeo

2013-05-16 04:06 - 2013-05-16 04:06 - 00011950 ____A C:\Windows\KB2829530-IE8.log

2013-05-16 04:04 - 2013-05-16 04:04 - 00006121 ____A C:\Windows\KB2847204-IE8.log

2013-05-16 04:03 - 2013-05-16 04:03 - 00007184 ____A C:\Windows\KB2820197.log

2013-05-16 04:03 - 2013-05-16 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-16 04:00 - 2013-05-16 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-15 12:35 - 2013-05-16 04:00 - 00011404 ____A C:\Windows\KB2829361.log

==================== One Month Modified Files and Folders ========

2013-06-01 23:02 - 2013-06-01 23:02 - 00000000 ____D C:\FRST

2013-06-01 23:01 - 2012-08-24 10:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-01 23:00 - 2013-06-01 23:02 - 01355657 ____A (Farbar) C:\Documents and Settings\Desktop\FRST.exe

2013-06-01 22:47 - 2010-08-26 09:36 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-01 22:32 - 2009-12-23 15:48 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-06-01 21:40 - 2009-12-23 15:36 - 01550913 ____A C:\Windows\WindowsUpdate.log

2013-06-01 21:26 - 2013-06-01 15:46 - 00000000 ____D C:\Documents and Settings\Desktop\mbar

2013-06-01 21:26 - 2013-06-01 14:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-06-01 20:22 - 2013-02-14 05:15 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-06-01 20:13 - 2013-06-01 20:13 - 00035144 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-06-01 20:12 - 2010-08-26 09:36 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-01 20:12 - 2009-12-23 15:40 - 00000062 __ASH C:\Documents and Settings\owner\Local Settings\desktop.ini

2013-06-01 20:12 - 2009-12-23 15:39 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

2013-06-01 20:12 - 2009-12-23 15:39 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini

2013-06-01 20:12 - 2009-12-23 15:39 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-01 20:12 - 2009-12-23 07:28 - 00000159 ____A C:\Windows\wiadebug.log

2013-06-01 20:12 - 2009-12-23 07:28 - 00000048 ____A C:\Windows\wiaservc.log

2013-06-01 20:12 - 2008-04-14 07:00 - 00013646 ____A C:\Windows\System32\wpa.dbl

2013-06-01 20:11 - 2009-12-23 15:40 - 00000178 ___SH C:\Documents and Settings\owner\ntuser.ini

2013-06-01 17:41 - 2013-05-29 22:22 - 00000000 ____D C:\Windows\erdnt

2013-06-01 17:40 - 2013-06-01 14:42 - 00000000 ____D C:\Documents and Settings\owner\Application Data\wabEventSupport16

2013-06-01 17:25 - 2013-06-01 17:25 - 00000000 ____D C:\Documents and Settings\owner\Application Data\RadioRage_4j

2013-06-01 17:25 - 2013-06-01 17:25 - 00000000 ____D C:\Documents and Settings\owner\Application Data\DailyBibleGuide

2013-06-01 15:44 - 2013-06-01 12:37 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Desktop\mbar

2013-06-01 15:44 - 2013-05-29 15:43 - 00000178 __ASH C:\Documents and Settings\Administrator.HONEY\ntuser.ini

2013-06-01 14:53 - 2013-05-29 15:43 - 00000062 __ASH C:\Documents and Settings\Administrator.HONEY\Local Settings\desktop.ini

2013-06-01 14:52 - 2013-05-17 09:52 - 00000000 ____D C:\Documents and Settings\owner\Local Settings\Application Data\Memeo

2013-06-01 14:49 - 2013-06-01 14:47 - 00000004 ____A C:\Documents and Settings\owner\Application Data\skype.ini

2013-06-01 14:35 - 2012-02-08 13:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn

2013-06-01 14:18 - 2009-12-23 07:26 - 00599390 ____A C:\Windows\setupapi.log

2013-06-01 14:16 - 2013-06-01 21:32 - 04745728 ____A (AVAST Software) C:\Documents and Settings\Desktop\aswMBR.exe

2013-05-31 00:05 - 2013-05-31 00:05 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\03026604.sys

2013-05-30 23:58 - 2013-05-30 23:58 - 00001358 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\RKreport[2]_D_05302013_02d2358.txt

2013-05-30 23:58 - 2013-05-30 23:56 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Desktop\RK_Quarantine

2013-05-30 23:57 - 2013-05-30 23:57 - 00001310 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\RKreport[1]_S_05302013_02d2357.txt

2013-05-30 23:55 - 2013-05-30 23:56 - 00816128 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\RogueKiller.exe

2013-05-30 23:44 - 2013-05-30 23:45 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator.HONEY\Desktop\tdsskiller.exe

2013-05-30 11:59 - 2013-05-30 11:59 - 00000000 ____D C:\_OTL

2013-05-30 08:20 - 2013-05-30 08:20 - 00049192 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\OTL.Txt

2013-05-30 08:20 - 2013-05-30 08:20 - 00035552 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\Extras.Txt

2013-05-30 08:14 - 2013-05-30 08:16 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Administrator.HONEY\Desktop\OTL.exe

2013-05-29 23:13 - 2013-05-29 23:13 - 00012291 ____A C:\ComboFix.txt

2013-05-29 23:13 - 2013-05-29 22:22 - 00000000 ____D C:\Qoobox

2013-05-29 23:12 - 2008-04-14 07:00 - 00000227 ____A C:\Windows\system.ini

2013-05-29 23:06 - 2013-05-29 23:06 - 00000000 RASHD C:\cmdcons

2013-05-29 23:06 - 2009-12-23 07:24 - 00000339 _RASH C:\boot.ini

2013-05-29 22:47 - 2013-05-29 22:47 - 00000000 __SHD C:\Windows\CSC

2013-05-29 22:33 - 2013-05-29 22:33 - 00000000 __SHD C:\Documents and Settings\Administrator.HONEY\PrivacIE

2013-05-29 22:19 - 2013-05-29 22:21 - 05075099 ____R (Swearware) C:\Documents and Settings\Administrator.HONEY\Desktop\ComboFix.exe

2013-05-29 19:41 - 2013-05-29 19:41 - 00002213 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\JRT.txt

2013-05-29 19:39 - 2013-05-29 19:39 - 00000000 ____D C:\Windows\ERUNT

2013-05-29 19:39 - 2013-05-29 19:39 - 00000000 ____D C:\JRT

2013-05-29 19:35 - 2013-05-29 19:34 - 00001192 ____A C:\AdwCleaner[s1].txt

2013-05-29 19:34 - 2013-05-29 19:34 - 00001121 ____A C:\AdwCleaner[R1].txt

2013-05-29 19:31 - 2013-05-29 19:33 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Administrator.HONEY\Desktop\JRT.exe

2013-05-29 19:30 - 2013-05-29 19:33 - 00632031 ____A C:\Documents and Settings\Administrator.HONEY\Desktop\AdwCleaner.exe

2013-05-29 18:41 - 2013-05-29 18:41 - 00000045 ____A C:\Documents and Settings\Administrator.HONEY\Application Data\mbam.context.scan

2013-05-29 18:31 - 2013-05-29 18:31 - 00075016 ____A C:\Documents and Settings\Administrator.HONEY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-05-29 15:44 - 2013-05-29 15:44 - 00000000 ____D C:\Documents and Settings\Administrator.HONEY\Application Data\Malwarebytes

2013-05-29 15:32 - 2009-12-23 07:25 - 00178273 ____A C:\Windows\setupact.log

2013-05-29 10:06 - 2009-12-23 16:40 - 00001324 ____A C:\Windows\System32\d3d9caps.dat

2013-05-29 09:06 - 2013-05-29 09:06 - 00011661 ____A C:\Documents and Settings\Desktop\hs_err_pid7076.log

2013-05-28 18:47 - 2009-12-23 15:39 - 00032594 ____A C:\Windows\SchedLgU.Txt

2013-05-28 08:32 - 2013-05-28 08:32 - 00011885 ____A C:\Documents and Settings\Desktop\hs_err_pid1648.log

2013-05-24 11:29 - 2009-12-30 19:32 - 00002509 ____A C:\Documents and Settings\Desktop\Microsoft Office Word 2007 (2).lnk

2013-05-22 10:08 - 2013-05-22 10:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Memeo

2013-05-16 14:33 - 2009-12-23 07:25 - 00318744 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 04:09 - 2009-12-23 15:52 - 00000000 ____D C:\Windows\Microsoft.NET

2013-05-16 04:07 - 2009-12-29 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

2013-05-16 04:06 - 2013-05-16 04:06 - 00011950 ____A C:\Windows\KB2829530-IE8.log

2013-05-16 04:06 - 2009-12-23 15:51 - 00126225 ____A C:\Windows\updspapi.log

2013-05-16 04:06 - 2009-12-23 07:26 - 01854866 ____A C:\Windows\iis6.log

2013-05-16 04:06 - 2009-12-23 07:26 - 01667174 ____A C:\Windows\FaxSetup.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00815446 ____A C:\Windows\ocgen.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00769379 ____A C:\Windows\tsoc.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00560297 ____A C:\Windows\comsetup.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00516186 ____A C:\Windows\msmqinst.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00505906 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-16 04:06 - 2009-12-23 07:26 - 00339281 ____A C:\Windows\ntdtcsetup.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00293029 ____A C:\Windows\netfxocm.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00115755 ____A C:\Windows\MedCtrOC.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00092742 ____A C:\Windows\ocmsn.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00084331 ____A C:\Windows\tabletoc.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00083942 ____A C:\Windows\msgsocm.log

2013-05-16 04:06 - 2009-12-23 07:26 - 00001374 ____A C:\Windows\imsins.log

2013-05-16 04:04 - 2013-05-16 04:04 - 00006121 ____A C:\Windows\KB2847204-IE8.log

2013-05-16 04:04 - 2009-12-23 07:26 - 00001374 ____A C:\Windows\imsins.BAK

2013-05-16 04:03 - 2013-05-16 04:03 - 00007184 ____A C:\Windows\KB2820197.log

2013-05-16 04:03 - 2013-05-16 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-16 04:03 - 2009-12-23 16:44 - 00000000 ___HD C:\Windows\$hf_mig$

2013-05-16 04:00 - 2013-05-16 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-16 04:00 - 2013-05-15 12:35 - 00011404 ____A C:\Windows\KB2829361.log

2013-05-16 04:00 - 2009-12-24 13:30 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 02:01 - 2012-08-24 10:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-05-15 02:01 - 2011-08-30 13:21 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-05-14 15:36 - 2009-12-29 18:13 - 00000000 ____D C:\mpw

2013-05-06 23:27 - 2008-04-14 07:00 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll

2013-05-06 23:27 - 2008-04-14 07:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-02 10:28 - 2009-12-24 13:31 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Files to move or delete:

====================

C:\Documents and Settings\Desktop\aswMBR.exe

C:\Documents and Settings\Desktop\FRST.exe

C:\Documents and Settings\Desktop\util10.exe

C:\Documents and Settings\owner\Application Data\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-06-2013 02

Ran by owner at 2013-06-01 23:03:27 Run:

Running from C:\Documents and Settings\Desktop

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 2.0.3.13070)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)

Adobe Reader 9.5.2 (Version: 9.5.2)

AMD Processor Driver (Version: 1.3.2.0053)

Applet

Business-in-a-Box (Version: 5.0.3)

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

e-Sword (Version: 7.07.0007)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)

Google Update Helper (Version: 1.3.21.145)

Java Auto Updater (Version: 2.0.7.1)

Java 6 Update 35 (Version: 6.0.350)

Lexmark 4200 Series

LogMeIn (Version: 4.1.2138)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Management PLUS v5.7

Management PLUS v6.2 Client

McAfee Security Scan Plus (Version: 3.0.318.3)

Memeo AutoSync

Memeo Instant Backup (Version: 4.60.0.7923)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix (Version: 1.1.4322)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Works (Version: 9.7.0621)

Mozilla Firefox (3.5.3) (Version: 3.5.3 (en-US))

MSXML 6.0 Parser (Version: 6.10.1129.0)

NVIDIA Drivers

OpenOffice.org 3.1 (Version: 3.1.9420)

Pervasive PSQL v10 Workgroup (32-bit) (Version: 10.0.204.000)

PowerDVD (Version: 7.0.2414.0)

QBXMLRP2 (Version: 5.0.00203.0)

QuickTime (Version: 7.3.0.70)

Realtek High Definition Audio Driver (Version: 5.10.0.5574)

Seagate Dashboard (Version: 1.1.0.1421)

Shockwave Player (Version: 10.2.0.023)

TOSHIBA e-STUDIO205 Series Client (Version: 3.1.968.11 )

Tweak UI (Version: 2.10.0000)

Ulead Burn.Now 4.5 (Version: 4.5.0)

Ulead Burn.Now 4.5 SE (Version: 4.5.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB975364) (Version: 1)

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB980182) (Version: 1)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB898461) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB967715) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

WebFldrs XP (Version: 9.50.7523)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11 (Version: 11.0.5721.5146)

Windows Presentation Foundation (Version: 3.0.6920.0)

WinRAR archiver

XML Paper Specification Shared Components Pack 1.0

==================== Restore Points =========================

04-03-2013 06:15:42 Software Distribution Service 3.0

04-03-2013 20:07:52 Software Distribution Service 3.0

05-03-2013 06:15:47 Software Distribution Service 3.0

05-03-2013 20:08:01 Software Distribution Service 3.0

06-03-2013 06:16:35 Software Distribution Service 3.0

06-03-2013 20:07:25 Software Distribution Service 3.0

07-03-2013 06:16:36 Software Distribution Service 3.0

07-03-2013 20:07:24 Software Distribution Service 3.0

08-03-2013 06:16:35 Software Distribution Service 3.0

08-03-2013 20:07:07 Software Distribution Service 3.0

09-03-2013 06:16:26 Software Distribution Service 3.0

09-03-2013 20:07:46 Software Distribution Service 3.0

10-03-2013 06:15:51 Software Distribution Service 3.0

10-03-2013 20:07:43 Software Distribution Service 3.0

11-03-2013 05:15:52 Software Distribution Service 3.0

11-03-2013 20:07:39 Software Distribution Service 3.0

12-03-2013 05:17:02 Software Distribution Service 3.0

12-03-2013 20:12:09 Software Distribution Service 3.0

13-03-2013 05:15:54 Software Distribution Service 3.0

13-03-2013 20:07:42 Software Distribution Service 3.0

14-03-2013 05:16:55 Software Distribution Service 3.0

14-03-2013 09:00:37 Software Distribution Service 3.0

14-03-2013 20:07:54 Software Distribution Service 3.0

15-03-2013 05:16:20 Software Distribution Service 3.0

15-03-2013 20:07:38 Software Distribution Service 3.0

16-03-2013 05:16:03 Software Distribution Service 3.0

16-03-2013 20:07:42 Software Distribution Service 3.0

17-03-2013 05:15:47 Software Distribution Service 3.0

17-03-2013 20:07:38 Software Distribution Service 3.0

18-03-2013 05:15:47 Software Distribution Service 3.0

19-03-2013 05:20:53 Software Distribution Service 3.0

19-03-2013 19:03:04 Software Distribution Service 3.0

20-03-2013 05:19:53 Software Distribution Service 3.0

20-03-2013 19:02:36 Software Distribution Service 3.0

21-03-2013 05:18:44 Software Distribution Service 3.0

21-03-2013 19:03:03 Software Distribution Service 3.0

22-03-2013 05:19:24 Software Distribution Service 3.0

22-03-2013 09:00:14 Software Distribution Service 3.0

22-03-2013 19:03:46 Software Distribution Service 3.0

23-03-2013 05:19:14 Software Distribution Service 3.0

23-03-2013 19:03:01 Software Distribution Service 3.0

24-03-2013 05:18:44 Software Distribution Service 3.0

24-03-2013 19:02:52 Software Distribution Service 3.0

25-03-2013 05:19:20 Software Distribution Service 3.0

25-03-2013 19:03:04 Software Distribution Service 3.0

26-03-2013 05:19:23 Software Distribution Service 3.0

26-03-2013 19:03:07 Software Distribution Service 3.0

27-03-2013 05:18:58 Software Distribution Service 3.0

27-03-2013 19:03:22 Software Distribution Service 3.0

28-03-2013 05:19:34 Software Distribution Service 3.0

28-03-2013 19:03:10 Software Distribution Service 3.0

29-03-2013 05:19:39 Software Distribution Service 3.0

29-03-2013 19:02:32 Software Distribution Service 3.0

30-03-2013 05:18:43 Software Distribution Service 3.0

30-03-2013 19:02:31 Software Distribution Service 3.0

31-03-2013 05:18:43 Software Distribution Service 3.0

31-03-2013 19:02:31 Software Distribution Service 3.0

01-04-2013 05:18:44 Software Distribution Service 3.0

01-04-2013 19:02:31 Software Distribution Service 3.0

02-04-2013 05:19:08 Software Distribution Service 3.0

02-04-2013 19:02:41 Software Distribution Service 3.0

03-04-2013 05:19:32 Software Distribution Service 3.0

03-04-2013 19:02:32 Software Distribution Service 3.0

04-04-2013 05:19:36 Software Distribution Service 3.0

04-04-2013 19:02:36 Software Distribution Service 3.0

05-04-2013 19:17:35 System Checkpoint

06-04-2013 04:34:02 Software Distribution Service 3.0

06-04-2013 13:22:54 Software Distribution Service 3.0

07-04-2013 04:33:43 Software Distribution Service 3.0

07-04-2013 13:22:58 Software Distribution Service 3.0

08-04-2013 04:33:43 Software Distribution Service 3.0

08-04-2013 13:22:57 Software Distribution Service 3.0

09-04-2013 04:34:30 Software Distribution Service 3.0

09-04-2013 13:23:12 Software Distribution Service 3.0

10-04-2013 05:04:26 Software Distribution Service 3.0

10-04-2013 09:00:24 Software Distribution Service 3.0

10-04-2013 17:47:35 Software Distribution Service 3.0

11-04-2013 05:04:34 Software Distribution Service 3.0

11-04-2013 17:46:53 Software Distribution Service 3.0

12-04-2013 05:04:20 Software Distribution Service 3.0

12-04-2013 17:46:59 Software Distribution Service 3.0

13-04-2013 05:04:35 Software Distribution Service 3.0

13-04-2013 09:00:15 Software Distribution Service 3.0

13-04-2013 17:46:54 Software Distribution Service 3.0

14-04-2013 05:03:39 Software Distribution Service 3.0

14-04-2013 17:46:25 Software Distribution Service 3.0

15-04-2013 17:47:01 Software Distribution Service 3.0

16-04-2013 05:04:28 Software Distribution Service 3.0

16-04-2013 17:46:15 Software Distribution Service 3.0

17-04-2013 05:04:44 Software Distribution Service 3.0

17-04-2013 17:46:54 Software Distribution Service 3.0

18-04-2013 05:04:04 Software Distribution Service 3.0

18-04-2013 17:47:23 Software Distribution Service 3.0

19-04-2013 05:04:14 Software Distribution Service 3.0

20-04-2013 04:44:12 Software Distribution Service 3.0

20-04-2013 16:13:07 Software Distribution Service 3.0

21-04-2013 04:43:38 Software Distribution Service 3.0

21-04-2013 16:13:07 Software Distribution Service 3.0

22-04-2013 04:43:39 Software Distribution Service 3.0

22-04-2013 16:12:49 Software Distribution Service 3.0

23-04-2013 04:44:36 Software Distribution Service 3.0

23-04-2013 16:13:12 Software Distribution Service 3.0

24-04-2013 04:43:46 Software Distribution Service 3.0

24-04-2013 16:13:13 Software Distribution Service 3.0

25-04-2013 04:43:41 Software Distribution Service 3.0

25-04-2013 16:13:17 Software Distribution Service 3.0

26-04-2013 04:44:25 Software Distribution Service 3.0

26-04-2013 16:13:12 Software Distribution Service 3.0

27-04-2013 04:43:43 Software Distribution Service 3.0

27-04-2013 16:13:17 Software Distribution Service 3.0

28-04-2013 04:43:39 Software Distribution Service 3.0

28-04-2013 16:13:13 Software Distribution Service 3.0

29-04-2013 04:43:39 Software Distribution Service 3.0

30-04-2013 05:14:17 System Checkpoint

30-04-2013 05:17:17 Software Distribution Service 3.0

30-04-2013 15:21:02 Software Distribution Service 3.0

01-05-2013 05:17:30 Software Distribution Service 3.0

01-05-2013 15:21:16 Software Distribution Service 3.0

02-05-2013 05:30:03 Software Distribution Service 3.0

02-05-2013 16:38:21 Software Distribution Service 3.0

03-05-2013 05:27:17 Software Distribution Service 3.0

03-05-2013 16:37:53 Software Distribution Service 3.0

04-05-2013 05:27:44 Software Distribution Service 3.0

04-05-2013 16:38:15 Software Distribution Service 3.0

05-05-2013 05:26:44 Software Distribution Service 3.0

05-05-2013 16:38:19 Software Distribution Service 3.0

06-05-2013 05:26:45 Software Distribution Service 3.0

06-05-2013 16:38:22 Software Distribution Service 3.0

07-05-2013 05:27:32 Software Distribution Service 3.0

07-05-2013 16:38:18 Software Distribution Service 3.0

08-05-2013 05:27:28 Software Distribution Service 3.0

08-05-2013 16:38:18 Software Distribution Service 3.0

09-05-2013 05:26:59 Software Distribution Service 3.0

09-05-2013 16:38:13 Software Distribution Service 3.0

10-05-2013 05:27:29 Software Distribution Service 3.0

10-05-2013 16:38:14 Software Distribution Service 3.0

11-05-2013 05:27:14 Software Distribution Service 3.0

11-05-2013 16:38:24 Software Distribution Service 3.0

12-05-2013 05:26:40 Software Distribution Service 3.0

12-05-2013 16:38:42 Software Distribution Service 3.0

13-05-2013 05:26:41 Software Distribution Service 3.0

13-05-2013 16:38:20 Software Distribution Service 3.0

14-05-2013 05:26:44 Software Distribution Service 3.0

14-05-2013 16:38:08 Software Distribution Service 3.0

15-05-2013 05:27:13 Software Distribution Service 3.0

15-05-2013 16:38:22 Software Distribution Service 3.0

16-05-2013 05:27:52 Software Distribution Service 3.0

16-05-2013 09:00:25 Software Distribution Service 3.0

16-05-2013 16:38:30 Software Distribution Service 3.0

17-05-2013 05:09:21 Software Distribution Service 3.0

17-05-2013 19:44:57 Software Distribution Service 3.0

18-05-2013 05:09:40 Software Distribution Service 3.0

18-05-2013 19:44:37 Software Distribution Service 3.0

19-05-2013 05:08:49 Software Distribution Service 3.0

19-05-2013 19:44:37 Software Distribution Service 3.0

20-05-2013 05:08:45 Software Distribution Service 3.0

20-05-2013 19:44:14 Software Distribution Service 3.0

21-05-2013 05:09:41 Software Distribution Service 3.0

21-05-2013 19:44:46 Software Distribution Service 3.0

22-05-2013 05:08:51 Software Distribution Service 3.0

22-05-2013 19:44:52 Software Distribution Service 3.0

23-05-2013 05:08:55 Software Distribution Service 3.0

23-05-2013 19:44:44 Software Distribution Service 3.0

24-05-2013 05:09:28 Software Distribution Service 3.0

24-05-2013 19:44:57 Software Distribution Service 3.0

25-05-2013 05:09:24 Software Distribution Service 3.0

25-05-2013 19:44:51 Software Distribution Service 3.0

26-05-2013 05:08:46 Software Distribution Service 3.0

28-05-2013 13:27:57 Software Distribution Service 3.0

29-05-2013 05:02:57 Software Distribution Service 3.0

29-05-2013 13:27:02 Software Distribution Service 3.0

31-05-2013 16:13:22 System Checkpoint

01-06-2013 19:45:30 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (05/29/2013 10:27:41 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

System errors:

=============

Error: (06/01/2013 08:11:40 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/01/2013 06:38:03 PM) (Source: DCOM) (User: HONEY)

Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""

in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/01/2013 06:38:02 PM) (Source: DCOM) (User: HONEY)

Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""

in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/01/2013 05:43:30 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

AmdK8

Fips

MpFilter

Error: (06/01/2013 05:42:30 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/01/2013 05:42:01 PM) (Source: 0) (User: )

Description: 0xC0000001HarddiskVolume1

Error: (06/01/2013 05:41:01 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/01/2013 05:40:58 PM) (Source: DCOM) (User: HONEY)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/01/2013 04:01:50 PM) (Source: DCOM) (User: HONEY)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/01/2013 04:00:31 PM) (Source: DCOM) (User: HONEY)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Percentage of memory in use: 45%

Total physical RAM: 1919.29 MB

Available physical RAM: 1037.69 MB

Total Pagefile: 3813.03 MB

Available Pagefile: 3075.48 MB

Total Virtual: 2047.88 MB

Available Virtual: 1935.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:430.38 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive i: (PCSECURITY) (Removable) (Total:3.72 GB) (Free:3.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: BBC58B91)

Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================

Disk: 5 (Size: 4 GB) (Disk ID: 625C6F81)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

[gringo_pr]

Hello artnboo

I need you to download this script I have made for you --> fixlist.txt

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Gringo

[artnboo]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-06-2013 02

Ran by owner at 2013-06-02 09:30:51 Run:1

Running from C:\Documents and Settings\Desktop

Boot Mode: Normal

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\A0 => Value deleted successfully.

C:\Documents and Settings\owner\Application Data\skype.ini => Moved successfully.

==== End of Fixlog ====