celery Posted June 11, 2013 ID:689940 Share Posted June 11, 2013 Computer started acting weird then stopped acting at all. Got a BSOD this week, recovered ok, was still acting strange, was able to download the new version of malwarebytes before I was unable to get my computer to do much of anything. After a bit of cajoling I have it running in safe mode. Malware bytes finds trojan.agent and removes it while in safe mode but if I try to restart in normal mode my computer freezes up before I can even log in to my windows user profile (and I have to power off). Then when I restart in safe mode and scan with malware bytes it finds trojan.agent again. I'm guessing it's reinstalling itself every time I try to start in normal mode (but if I restart in safe mode after scan and removal it appears gone--or malware bytes no longer finds it...)I can't use DSS cause I run XP 64-bit and it's not compatible. Anyone think they can help? Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 13, 2013 ID:690432 Share Posted June 13, 2013 Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
celery Posted June 14, 2013 Author ID:690933 Share Posted June 14, 2013 Awesome! Thanks so much for the reply. I'm a (get this...) student midwife so I sometimes disappear at a birth for days at a time and you caught me right in the middle of one of those. I can't wait to get some sleep and getting working on this...I'll try to run the tool tonight and if I'm sucessful I'll post the logs--if not I'll work more on it tomorrow. THANKS SO MUCH!!!! Link to post Share on other sites More sharing options...
celery Posted June 14, 2013 Author ID:690937 Share Posted June 14, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013Ran by Administrator (administrator) on 14-06-2013 00:08:38Running from C:\Documents and Settings\Administrator\My Documents\DownloadsMicrosoft Windows XP Service Pack 2 (X64) OS Language: English(US)Internet Explorer Version 7Boot Mode: Safe Mode (with Networking)==================== Processes (Whitelisted) =================(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\firefox.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10813440 2008-01-13] (NVIDIA Corporation)HKLM\...\Run: [iAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-03] (Intel Corporation)HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgzNzA2MDE1LUlETUFSSytYQSsxLVQxOS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzMtWDIwMTArMg"&"prod=90"&"ver=10.0.1170 [x]HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)HKLM\...\Winlogon: [uIHost] C:\Windows\system32\logonui.exe [662016 2007-02-18] ( (Microsoft Corporation))Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)Winlogon\Notify\dimsntfy: dimsntfy.dll (Microsoft Corporation)Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)HKCU\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)HKCU\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [x]HKCU\...\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-04] (Google Inc.)HKCU\...\Run: [MusicManager] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-23] (Google Inc.)HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1681920 2007-02-18] (Microsoft Corporation)HKCU\...\Run: [spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-10] (Spotify Ltd)HKCU\...\Run: [spotify] "C:\Program Files (x86)\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-10] (Spotify Ltd)HKCU\...\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin [813448 2013-05-15] (Adobe Systems Incorporated)HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgzNzA2MDE1LUlETUFSSytYQSsxLVQxOS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzMtWDIwMTArMg"&"prod=90"&"ver=10.0.1170 [x]HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)MountPoints2: {75840e65-00b7-11e0-93ce-00221916c8cc} - F:\TL-Bootstrap.exeMountPoints2: {e15148a8-f085-11dd-8c42-00221916c8cc} - E:\LaunchU3.exeHKLM-x32\...\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1015808 2007-09-11] (Analog Devices, Inc.)HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [184320 2007-04-17] (Creative Technology Ltd)HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [19456 2008-03-30] (Creative Technology Ltd)HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [19968 2008-03-30] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [887432 2013-04-04] (Malwarebytes Corporation)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2009-01-05] (Apple Inc.)HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)HKU\Default User\...\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnkShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll No FileSSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll No FileSSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmURLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No FileHKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}HKCU SearchScopes: DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=198BE492-7531-4706-B920-2CE2C1B148E1&apn_sauid=C9AC0E09-62D6-4E34-8A75-0B66764A8500SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=198BE492-7531-4706-B920-2CE2C1B148E1&apn_sauid=C9AC0E09-62D6-4E34-8A75-0B66764A8500BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\SysWOW64\inetcomm.dll No FileHandler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\SysWOW64\mshtml.dll No FileHandler-x32: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\syswow64\SHELL32.dll No FileShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [10510848 2012-06-08] (Microsoft Corporation)ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [8362496 2012-06-08] (Microsoft Corporation)Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76FireFox:========FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.defaultFF SelectedSearchEngine: GoogleFF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\nostmpFF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\toolbar@ask.comFF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}FF Extension: feedly - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\feedly@devhd.xpiFF Extension: testpilot - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\testpilot@labs.mozilla.com.xpi==================== Services (Whitelisted) =================S2 AeLookupSvc; C:\Windows\SysWow64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [74560 2007-06-20] (Broadcom Corporation)S2 AudioSrv; C:\Windows\SysWow64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)S2 Browser; C:\Windows\SysWow64\browser.dll [78336 2012-09-12] (Microsoft Corporation)S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)S2 Creative Service for CDROM Access; C:\Windows\SysWow64\CTsvcCDA.exe [44032 2008-03-30] (Creative Technology Ltd)S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)S2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)S2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [181664 2013-04-04] (Oracle Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)S3 mnmsrvc; C:\Windows\SysWow64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)R3 Netman; C:\Windows\SysWow64\netman.dll [263680 2007-02-18] (Microsoft Corporation)S3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)S3 Nla; C:\Windows\SysWow64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)S2 NVSvc; C:\Windows\system32\nvsvc64.exe [153600 2008-01-13] (NVIDIA Corporation)R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)S2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)S3 RasMan; C:\Windows\SysWow64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)S2 seclogon; C:\Windows\SysWow64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)S2 TrkWks; C:\Windows\SysWow64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)S2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)S3 Wmi; C:\Windows\SysWow64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)R2 WZCSVC; C:\Windows\SysWow64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)S3 xmlprov; C:\Windows\SysWow64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)R2 Eventlog; [x]S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]S3 WinHttpAutoProxySvc; winhttp.dll [x]==================== Drivers (Whitelisted) ====================S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)S4 adpu160m; C:\Windows\system32\DRIVERS\adpu160m.sys [160256 2005-03-25] (Microsoft Corporation)S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)S4 aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [117248 2005-03-25] (Microsoft Corporation)S4 aic78xx; C:\Windows\system32\DRIVERS\aic78xx.sys [120832 2005-03-25] (Microsoft Corporation)S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [59144 2013-05-09] (AVAST Software)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)S3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)R3 b57nd; C:\Windows\System32\DRIVERS\b57amd64.sys [262144 2007-09-11] (Broadcom Corporation)S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [15200 2007-06-20] (Broadcom Corporation)S2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)S2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151488 2008-03-30] (Creative Technology Ltd)S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [246720 2008-03-30] (Creative Technology Ltd.)S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [694208 2008-03-30] (Creative Technology Ltd)S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [213440 2008-03-30] (Creative Technology Ltd)S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [315840 2008-03-30] (Creative Technology Ltd)S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [184256 2008-03-30] (Creative Technology Ltd)S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [357312 2008-03-30] (Creative Technology Ltd)S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [136128 2008-03-30] (Creative Technology Ltd)S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1564608 2008-03-30] (Creative Technology Ltd.)S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [117696 2008-03-30] (Creative Technology Ltd.)S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [675264 2008-03-30] (Creative Technology Ltd)S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)S4 dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [35328 2005-03-25] (Adaptec, Inc.)S1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows ® Server 2003 DDK provider)S1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation)R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [9535232 2008-01-13] (NVIDIA Corporation)R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)S1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)S3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [1821184 2007-09-11] (Creative Technology Ltd.)S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)S4 symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [84992 2005-03-25] (LSI Logic)S3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)S4 TosIde; C:\Windows\system32\DRIVERS\toside.sys [8704 2005-03-25] (Microsoft Corporation)S4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [38912 2005-03-25] (Promise Technology, Inc.)R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-07-23] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2007-07-23] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-07-23] (LG Electronics Inc.)S4 ViaIde; C:\Windows\system32\DRIVERS\viaide.sys [8704 2005-03-25] (Microsoft Corporation)S3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)S4 Abiosdsk; No ImagePathS4 Atdisk; No ImagePathS1 Changer; No ImagePathS1 i2omgmt; No ImagePathS3 IpInIp; system32\DRIVERS\ipinip.sys [x]U4 ParVdm;S3 PDCOMP; No ImagePathS3 PDFRAME; No ImagePathS3 PDRELI; No ImagePathS3 PDRFRAME; No ImagePathS4 Simbad; No ImagePathS3 WDICA; No ImagePathU1 WS2IFSL;==================== NetSvcs (Whitelisted) ===================NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.NETSVCx32: Iprip -> No ServiceDLL Path.NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File.NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)==================== One Month Created Files and Folders ========2013-06-14 00:05 - 2013-06-14 00:05 - 00000000 ____D C:\FRST2013-06-10 18:15 - 2013-06-10 18:15 - 00000828 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-06-10 18:08 - 2013-06-10 18:09 - 00070014 ____A C:\Windows\KB2829530-IE7.log2013-06-10 18:08 - 2013-06-10 18:08 - 00006733 ____A C:\Windows\KB2820197.log2013-06-10 18:08 - 2013-06-10 18:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$2013-06-10 18:07 - 2013-06-10 18:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$2013-06-10 18:06 - 2013-06-10 18:07 - 00005152 ____A C:\Windows\KB2829361.log2013-06-09 19:04 - 2013-06-09 19:04 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log2013-06-09 19:04 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-06-09 18:57 - 2013-06-09 18:57 - 00163840 ____A C:\Windows\Minidump\Mini060913-01.dmp2013-06-07 15:02 - 2013-06-07 15:06 - 01928217 ____A C:\Documents and Settings\Administrator\Desktop\minecraftforge-universal-1.5.2-7.8.0.684.zip2013-05-30 20:36 - 2013-06-07 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 62013-05-28 16:43 - 2013-05-09 04:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys2013-05-28 16:43 - 2013-05-09 04:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys2013-05-22 18:59 - 2013-05-22 18:59 - 00000000 ____D C:\Program Files (x86)\7-Zip2013-05-15 08:08 - 2013-05-12 22:45 - 00001598 ____A C:\Documents and Settings\Administrator\Desktop\bhv.class==================== One Month Modified Files and Folders =======2013-06-14 00:05 - 2013-06-14 00:05 - 00000000 ____D C:\FRST2013-06-11 12:11 - 2007-03-14 10:41 - 00581628 ____A C:\Windows\System32\PerfStringBackup.INI2013-06-11 12:07 - 2007-03-14 22:53 - 00052714 ____A C:\Windows\PFRO.log2013-06-11 12:07 - 2007-03-14 22:53 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini2013-06-11 12:07 - 2007-03-14 22:53 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini2013-06-11 12:07 - 2007-03-14 22:53 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini2013-06-11 12:07 - 2007-03-14 22:53 - 00000000 ____A C:\Windows\0.log2013-06-11 12:05 - 2007-03-14 22:53 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini2013-06-11 12:05 - 2007-03-14 22:46 - 01693152 ____A C:\Windows\WindowsUpdate.log2013-06-11 11:04 - 2007-03-14 22:53 - 00000159 ____A C:\Documents and Settings\LocalService\wiadebug.log2013-06-11 11:04 - 2007-03-14 22:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-10 21:23 - 2012-07-14 12:33 - 00000262 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job2013-06-10 21:23 - 2009-10-13 22:33 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Dropbox2013-06-10 21:23 - 2009-10-13 22:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox2013-06-10 21:22 - 2012-12-26 17:31 - 00000318 ___AH C:\Windows\Tasks\avast! Emergency Update.job2013-06-10 21:22 - 2012-01-02 00:21 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-06-10 18:18 - 2011-07-29 19:46 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Spotify2013-06-10 18:15 - 2013-06-10 18:15 - 00000828 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-06-10 18:15 - 2010-06-28 10:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-06-10 18:13 - 2011-07-29 19:46 - 00000000 ____D C:\Program Files (x86)\Spotify2013-06-10 18:12 - 2007-03-14 22:53 - 00032420 ____A C:\Windows\Tasks\SchedLgU.Txt2013-06-10 18:12 - 2007-03-14 10:40 - 00105416 ____A C:\Windows\System32\FNTCACHE.DAT2013-06-10 18:11 - 2007-03-14 22:56 - 00560516 ____A C:\Windows\SysWOW64\PerfStringBackup.INI2013-06-10 18:09 - 2013-06-10 18:08 - 00070014 ____A C:\Windows\KB2829530-IE7.log2013-06-10 18:09 - 2008-12-14 13:50 - 00000000 ____D C:\Windows\ie7updates2013-06-10 18:09 - 2008-12-02 16:55 - 00235590 ____A C:\Windows\updspapi.log2013-06-10 18:09 - 2007-03-14 10:41 - 01024260 ____A C:\Windows\FaxSetup.log2013-06-10 18:09 - 2007-03-14 10:41 - 00646880 ____A C:\Windows\msmqinst.log2013-06-10 18:09 - 2007-03-14 10:41 - 00469736 ____A C:\Windows\tsoc.log2013-06-10 18:09 - 2007-03-14 10:41 - 00418621 ____A C:\Windows\comsetup.log2013-06-10 18:09 - 2007-03-14 10:41 - 00416437 ____A C:\Windows\iis6.log2013-06-10 18:09 - 2007-03-14 10:41 - 00366792 ____A C:\Windows\ocgen.log2013-06-10 18:09 - 2007-03-14 10:41 - 00269581 ____A C:\Windows\ntdtcsetup.log2013-06-10 18:09 - 2007-03-14 10:41 - 00072995 ____A C:\Windows\ocmsn.log2013-06-10 18:09 - 2007-03-14 10:41 - 00065269 ____A C:\Windows\msgsocm.log2013-06-10 18:09 - 2007-03-14 10:41 - 00000970 ____A C:\Windows\imsins.log2013-06-10 18:08 - 2013-06-10 18:08 - 00006733 ____A C:\Windows\KB2820197.log2013-06-10 18:08 - 2013-06-10 18:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$2013-06-10 18:08 - 2008-12-02 16:55 - 00000000 ___HD C:\Windows\$hf_mig$2013-06-10 18:08 - 2008-12-02 16:49 - 01021929 ____A C:\Windows\setupapi.log2013-06-10 18:08 - 2007-03-14 10:41 - 00000970 ____A C:\Windows\imsins.BAK2013-06-10 18:07 - 2013-06-10 18:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$2013-06-10 18:07 - 2013-06-10 18:06 - 00005152 ____A C:\Windows\KB2829361.log2013-06-10 18:07 - 2012-10-31 15:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-10 18:07 - 2008-12-07 15:59 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-06-10 17:51 - 2012-01-02 00:21 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-06-10 17:34 - 2011-06-04 14:39 - 00001010 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2395821413-623369263-3516568228-500UA.job2013-06-10 08:03 - 2012-10-04 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\.minecraft2013-06-10 00:34 - 2011-06-04 14:39 - 00000958 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2395821413-623369263-3516568228-500Core.job2013-06-09 19:04 - 2013-06-09 19:04 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log2013-06-09 19:04 - 2008-12-02 16:57 - 00000000 ____D C:\Program Files (x86)\Java2013-06-09 18:58 - 2011-07-29 19:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Spotify2013-06-09 18:57 - 2013-06-09 18:57 - 00163840 ____A C:\Windows\Minidump\Mini060913-01.dmp2013-06-09 18:57 - 2011-04-02 10:27 - 00000000 ____D C:\Windows\Minidump2013-06-07 15:06 - 2013-06-07 15:02 - 01928217 ____A C:\Documents and Settings\Administrator\Desktop\minecraftforge-universal-1.5.2-7.8.0.684.zip2013-06-07 13:21 - 2013-05-30 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 62013-06-04 23:31 - 2007-03-14 22:45 - 00103005 ____A C:\Windows\wmsetup.log2013-06-02 03:49 - 2012-04-02 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-05-28 19:20 - 2010-12-05 15:40 - 00000000 ____A C:\Windows\SysWOW64\config.nt2013-05-22 18:59 - 2013-05-22 18:59 - 00000000 ____D C:\Program Files (x86)\7-Zip2013-05-15 15:07 - 2012-10-31 16:07 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-05-15 15:07 - 2012-10-31 15:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-05-15 15:07 - 2011-09-13 00:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe[2007-03-14 17:36] - [2007-02-18 08:00] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4BC:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.C:\Windows\explorer.exe[2007-03-14 17:36] - [2007-02-18 08:00] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7FC:\Windows\SysWOW64\explorer.exe[2007-03-14 17:36] - [2007-02-18 08:00] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344C:\Windows\System32\svchost.exe[2007-03-14 17:36] - [2007-02-18 08:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9C:\Windows\SysWOW64\svchost.exe[2007-03-14 17:37] - [2007-02-18 08:00] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682C:\Windows\System32\services.exe[2007-03-14 17:36] - [2009-03-19 19:51] - 0227840 ____A (Microsoft Corporation) 1E07EE3F50DFF2FE9B0A9D196E82698FC:\Windows\System32\User32.dll[2007-03-02 02:54] - [2007-03-02 02:54] - 1086464 ____A (Microsoft Corporation) C34683231AA9162B2106CA149B729D38C:\Windows\SysWOW64\User32.dll[2007-03-02 02:54] - [2007-03-02 02:54] - 0602624 ____A (Microsoft Corporation) 8BE4E29DA25073BF7894E2A61C9525DEC:\Windows\System32\userinit.exe[2007-03-14 17:36] - [2007-02-18 08:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9C:\Windows\SysWOW64\userinit.exe[2007-03-14 17:37] - [2007-02-18 08:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5C:\Windows\System32\Drivers\volsnap.sys[2007-03-14 17:36] - [2012-08-23 01:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEBC:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
celery Posted June 14, 2013 Author ID:690939 Share Posted June 14, 2013 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013Ran by Administrator at 2013-06-14 00:07:19 Run:Running from C:\Documents and Settings\Administrator\My Documents\DownloadsBoot Mode: Safe Mode (with Networking)============================================================================== Installed Programs =======================7-Zip 9.22betaAdobe AIR (Version: 2.5.0.16600)Adobe Flash Player 10 Plugin 64-bit (Version: 10.2.161.23)Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)Adobe Flash Player 11 Plugin (Version: 11.7.700.202)Amazon MP3 Downloader 1.0.3Apple Application Support (Version: 1.4.1)Apple Software Update (Version: 2.1.1.116)Ask Toolbar (Version: 1.15.2.0)Ask Toolbar Updater (Version: 1.2.1.23037)avast! Free Antivirus (Version: 8.0.1489.0)AVG PC Tuneup 2011 (Version: 10.0.0.24)Broadcom ASF Management Applications (Version: 10.16.02)Broadcom Management Programs (Version: 10.20.03)CD Wave Editor 1.98 (Version: 1.9.8.1)Creative MediaSource 5 (Version: 5.00)dBpoweramp Aiff Codec (Version: Release 7)dBpoweramp FLAC Codec (Version: Release 13.1 (FLAC 1.2.1))dBpoweramp Music Converter (Version: Release 13.1)DJ_SF_03_D4300_Software_Min (Version: 110.0.206.000)Dropbox (Version: 1.6.18)Exact Audio Copy 0.99pb3 (Version: 0.99pb3)Facebook Plug-Inffdshow [rev 2527] [2008-12-19] (Version: 1.0)FileZilla Client 3.3.2 (Version: 3.3.2)Google Update Helper (Version: 1.3.21.145)HP Deskjet D4300 Printer Driver 11.0 Rel .3 (Version: 11.0)Intel® Matrix Storage ManagerJava 7 Update 21 (Version: 7.0.210)Java Auto Updater (Version: 2.1.9.5)Java 6 Update 33 (Version: 6.0.330)Java 6 Update 7 (Version: 1.6.0.70)LG USB Modem driver (Version: 4.9.7)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2742597)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Silverlight (Version: 5.1.20125.0)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)mkw Audio Compression ToolkitMozilla Firefox (3.6.10) (Version: 3.6.10 (en-US))Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)Mozilla Maintenance Service (Version: 22.0)MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0)Music ManagerNeonatal Resuscitation DVD-ROM (Version: 1)NVIDIA DriversOpenOffice.org 3.0 (Version: 3.0.9358)PowerDVD (Version: 8.1)QuickTime (Version: 7.60.92.0)SmartFTP Client Setup Files 4.0 (x64) (remove only) (Version: 4.0)Sound Blaster X-Fi (Version: 1.0)Spotify (Version: 0.5.2)Spotify (Version: 0.8.3.222.g317ab79d)SumatraPDF 2.1.1 (Version: 2.1.1)Toolbox (Version: 110.0.180.000)Trader's Little Helper 2.6.0 (Version: 2.6.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Windows Internet Explorer 7 (KB976749) (Version: 1)Update for Windows XP (KB2467659) (Version: 1)Update for Windows XP (KB2607712) (Version: 1)Update for Windows XP (KB2616676-v2) (Version: 2)Update for Windows XP (KB2641690-v2) (Version: 2)Update for Windows XP (KB2661254) (Version: 1)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2748349) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Visual C++ 8.0 Runtime Setup Package (x64) (Version: 8.0.0.35)Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)Windows Imaging Component (Version: 3.0.0.0)Windows Internet Explorer 7 (Version: 20070813.191434)Windows Presentation Foundation x64 (Version: 3.0.6920.0)WinRAR archiverWModem Driver Installer (Version: )XML Paper Specification Shared Components Pack 1.0ZipX V1.70==================== Restore Points =========================25-04-2013 20:38:52 System Checkpoint26-04-2013 00:47:58 Software Distribution Service 3.028-04-2013 01:36:34 System Checkpoint29-04-2013 02:33:02 System Checkpoint30-04-2013 03:33:02 System Checkpoint01-05-2013 04:33:01 System Checkpoint02-05-2013 05:33:09 System Checkpoint03-05-2013 06:33:02 System Checkpoint04-05-2013 07:33:01 System Checkpoint05-05-2013 08:33:01 System Checkpoint06-05-2013 08:33:05 System Checkpoint07-05-2013 09:33:06 System Checkpoint08-05-2013 10:33:07 System Checkpoint09-05-2013 11:33:07 System Checkpoint10-05-2013 12:37:08 System Checkpoint11-05-2013 13:45:34 System Checkpoint12-05-2013 14:36:25 System Checkpoint13-05-2013 15:33:11 System Checkpoint14-05-2013 16:33:13 System Checkpoint15-05-2013 17:33:12 System Checkpoint16-05-2013 18:33:13 System Checkpoint17-05-2013 20:44:24 System Checkpoint18-05-2013 21:33:13 System Checkpoint19-05-2013 22:33:12 System Checkpoint20-05-2013 23:33:10 System Checkpoint22-05-2013 00:46:48 System Checkpoint23-05-2013 01:06:40 System Checkpoint24-05-2013 01:33:10 System Checkpoint25-05-2013 02:33:10 System Checkpoint26-05-2013 03:45:17 System Checkpoint27-05-2013 04:33:14 System Checkpoint28-05-2013 04:47:08 System Checkpoint29-05-2013 05:26:00 System Checkpoint30-05-2013 06:25:59 System Checkpoint31-05-2013 07:26:00 System Checkpoint01-06-2013 08:25:59 System Checkpoint02-06-2013 08:27:05 System Checkpoint03-06-2013 09:26:01 System Checkpoint04-06-2013 10:26:01 System Checkpoint05-06-2013 11:26:01 System Checkpoint06-06-2013 13:00:03 System Checkpoint07-06-2013 13:26:01 System Checkpoint08-06-2013 17:19:31 System Checkpoint09-06-2013 19:14:34 System Checkpoint09-06-2013 23:04:35 Installed Java 7 Update 2110-06-2013 22:06:58 Software Distribution Service 3.0==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (06/11/2013 00:07:20 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode.Error: (06/11/2013 11:08:40 AM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode.Error: (06/11/2013 10:57:20 AM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode.Error: (06/10/2013 06:41:16 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode.Error: (06/09/2013 08:54:16 AM) (Source: Application Hang) (User: )Description: Hanging application javaw.exe, version 7.0.170.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/06/2013 07:38:12 AM) (Source: Application Hang) (User: )Description: Hanging application javaw.exe, version 7.0.170.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/02/2013 04:45:04 PM) (Source: Application Hang) (User: )Description: Hanging application javaw.exe, version 7.0.170.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (05/28/2013 07:22:42 PM) (Source: crypt32) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.Error: (05/28/2013 07:22:42 PM) (Source: crypt32) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.Error: (05/28/2013 04:41:23 PM) (Source: Application Error) (User: )Description: Fault bucket -680444233.The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.System errors:=============Error: (06/11/2013 00:09:07 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:aswRvrtaswSPaswTdiaswVmmFipsError: (06/11/2013 00:08:01 PM) (Source: DCOM) (User: )Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""in order to run the server:{1BE1F766-5536-11D1-B726-00C04FB926AF}Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:AFDaswRdraswRvrtaswSPaswTdiaswVmmFipsIPSecMRxSmbNetBIOSNetBTRasAcdRdbssTcpipError: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: )Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:%%31Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: )Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:%%31Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: )Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:%%31Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: )Description: The DHCP Client service depends on the AFD service which failed to start because of the following error:%%31Error: (06/11/2013 11:09:34 AM) (Source: DCOM) (User: )Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""in order to run the server:{1BE1F766-5536-11D1-B726-00C04FB926AF}Error: (06/11/2013 11:09:18 AM) (Source: DCOM) (User: )Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""in order to run the server:{BA126AE5-2166-11D1-B1D0-00805FC1270E}Error: (06/11/2013 11:06:40 AM) (Source: DCOM) (User: )Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.Microsoft Office Sessions:=========================Error: (06/11/2013 00:07:20 PM) (Source: VSS)(User: )Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}Error: (06/11/2013 11:08:40 AM) (Source: VSS)(User: )Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}Error: (06/11/2013 10:57:20 AM) (Source: VSS)(User: )Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}Error: (06/10/2013 06:41:16 PM) (Source: VSS)(User: )Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}Error: (06/09/2013 08:54:16 AM) (Source: Application Hang)(User: )Description: javaw.exe7.0.170.2hungapp0.0.0.000000000Error: (06/06/2013 07:38:12 AM) (Source: Application Hang)(User: )Description: javaw.exe7.0.170.2hungapp0.0.0.000000000Error: (06/02/2013 04:45:04 PM) (Source: Application Hang)(User: )Description: javaw.exe7.0.170.2hungapp0.0.0.000000000Error: (05/28/2013 07:22:42 PM) (Source: crypt32)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.Error: (05/28/2013 07:22:42 PM) (Source: crypt32)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.Error: (05/28/2013 04:41:23 PM) (Source: Application Error)(User: )Description: -680444233==================== Memory info ===========================Percentage of memory in use: 19%Total physical RAM: 4029.32 MBAvailable physical RAM: 3229.68 MBTotal Pagefile: 5831.37 MBAvailable Pagefile: 5358.99 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB==================== Drives ================================ Link to post Share on other sites More sharing options...
celery Posted June 14, 2013 Author ID:690942 Share Posted June 14, 2013 This feels a little like going to the dentist where you're afraid he's going to yell at you for not flossing and tell you you have 10 cavities, but I'm grateful for the help anyway I did get this warning the first time I tried to scan, but it seems like the second time worked fine here's about what the warning said "Autolt Error Line 14084 (blabladirectory the program saved to.exe) Error: Variable used without being declared" Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 15, 2013 ID:691350 Share Posted June 15, 2013 Please do this next: Download ComboFix from the link below:Link 1 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
celery Posted June 15, 2013 Author ID:691518 Share Posted June 15, 2013 combofix isn't available for Windows XP 64-bit. Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 16, 2013 ID:691753 Share Posted June 16, 2013 My mistake, sorry. Please do this next: Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic. Link to post Share on other sites More sharing options...
celery Posted June 16, 2013 Author ID:691908 Share Posted June 16, 2013 Thank you!Here's what it found:C:\Documents and Settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011\101101103406953.rsc multiple threats deleted - quarantinedC:\Documents and Settings\Administrator\Local Settings\Temp\9dg448Ld.exe.part a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantinedC:\Documents and Settings\Administrator\Local Settings\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantinedC:\Documents and Settings\Administrator\Local Settings\Temp\jNR_LgLp.exe.part Win32/Toolbar.SearchSuite application cleaned by deleting - quarantinedC:\Documents and Settings\Administrator\Local Settings\Temp\MFFFLC6L.exe.part Win32/Toolbar.SearchSuite application cleaned by deleting - quarantinedC:\Documents and Settings\Administrator\Local Settings\Temp\TjgDdkk5.exe.part a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantinedC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SR87YTE9\ApnToolbarInstaller[1].exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantinedC:\Documents and Settings\Administrator\My Documents\Downloads\ADLSoft_UnCompressor_v2_3.exe a variant of Win32/InstallCore.AG application cleaned by deleting - quarantinedC:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantinedC:\RECYCLER\S-1-5-21-2395821413-623369263-3516568228-500\Dc281.exe Win32/Adware.RK.AQ application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 17, 2013 ID:692104 Share Posted June 17, 2013 Please do this next: Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to begin the process.Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete clean You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.Open MBAMClick the Update tabClick Check for UpdatesIf an update is found, it will download and install the latest version.The program will close to update and reopen.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\QooboxMake sure that everything else is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please include the following in your next post:MBAM log Link to post Share on other sites More sharing options...
celery Posted June 17, 2013 Author ID:692364 Share Posted June 17, 2013 Alright, so I ran TFC and it restarted my computer. I tried to let it start in normal mode and the same thing that has been happening happened again: my machine starts to start up but then it just totally stops and hangs indefinitely before I can even log in as admin. So it was part way through reloading my preferences when it just stopped indefinitely. Soooo I powered off and restarted in safe mode, updated and ran malwarebytes and didn't turn up the trojan.agent for once at least! The scan was clean but I'll post the log. Should I run the TFC again and restart in safe mode? Something else? MBAM log:Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.06.17.03Windows XP Service Pack 2 x64 NTFS (Safe Mode/Networking)Internet Explorer 7.0.5730.13Administrator :: DHGXTRH1 [administrator]Protection: Disabled6/17/2013 8:55:47 AMmbam-log-2013-06-17 (08-55-47).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 295055Time elapsed: 18 minute(s), 10 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 18, 2013 ID:692499 Share Posted June 18, 2013 Please follow these instructions to run System File Checker:Click Start > Run or press the Windows Key + R, and enter the following command into the run box and click OK:sfc /scannow sfc<space>/scannow Let me know what, if anything this turns up. Link to post Share on other sites More sharing options...
celery Posted June 18, 2013 Author ID:692633 Share Posted June 18, 2013 It doesn't appear to do much of anything when I enter that into the run box... Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 19, 2013 ID:693094 Share Posted June 19, 2013 Please do this next: Go to this page and download Malwarebytes Anti-Rootkit (MBAR)Unzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. MBAR will create logs that you will find in the same folder you found MBAR.exe. Please post those for me to review. Link to post Share on other sites More sharing options...
celery Posted June 19, 2013 Author ID:693203 Share Posted June 19, 2013 My computer froze up part way through the first scan (in safe mode) and I had to power off (I even left it for hours in hopes that it would stop being so incorrigible, but no luck there.) I started back up in safe mode and had to re-update the program and then ran a scan which came up clean. Ugh. Do you think throwing the computer might help? Here are the logs:Malwarebytes Anti-Rootkit BETA 1.06.0.1003www.malwarebytes.orgDatabase version: v2013.06.19.09Windows XP Service Pack 2 x64 NTFS (Safe Mode/Networking)Internet Explorer 7.0.5730.13Administrator :: DHGXTRH1 [administrator]6/19/2013 3:47:22 PMmbar-log-2013-06-19 (15-47-22).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: Deep Anti-Rootkit Scan | PUPObjects scanned: 240439Time elapsed: 4 minute(s), 13 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) And the other log that is in there from the same time...Malwarebytes Anti-Rootkit BETA 1.06.0.1003© Malwarebytes Corporation 2011-2012OS version: 5.2.3790 Windows XP Service Pack 2 x64System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 7.0.5730.13Java version: 1.6.0_33File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 4225052672, free: 3503001600Could not load protection driverDownloaded database version: v2013.06.19.04Downloaded database version: v2013.05.22.01Initializing...------------ Kernel report ------------ 06/19/2013 10:15:29------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.sysMountMgr.sysftdisk.sysdmload.sysdmio.sysvolsnap.sysPartMgr.sysiaStor.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltMgr.syssr.sysKSecDD.sysNtfs.sysNDIS.sysMup.syscrcdisk.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\b57amd64.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\Drivers\aswRdr.SYS\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\srv.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffadf9e066100Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffadf9e067050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffadf9e066100, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffadf9e065040, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xfffffadf9e066100, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffadf9e067050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesThe directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted.Drivers scan is aborted.Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: ECAB17EPartition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 128457 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 128520 Numsec = 312367860 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 160000000000 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...Done!---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1003© Malwarebytes Corporation 2011-2012OS version: 5.2.3790 Windows XP Service Pack 2 x64System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 7.0.5730.13Java version: 1.6.0_33File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 4225052672, free: 3606900736Could not load protection driverDownloaded database version: v2013.06.19.09Downloaded database version: v2013.05.22.01Initializing...------------ Kernel report ------------ 06/19/2013 15:47:17------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.sysMountMgr.sysftdisk.sysdmload.sysdmio.sysvolsnap.sysPartMgr.sysiaStor.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltMgr.syssr.sysKSecDD.sysNtfs.sysNDIS.sysMup.syscrcdisk.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\b57amd64.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\Drivers\aswRdr.SYS\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\srv.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffadf9de5e060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffadf9e0cc050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffadf9de5e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffadf9e1e9510, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xfffffadf9de5e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffadf9e0cc050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesThe directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted.Drivers scan is aborted.Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: ECAB17EPartition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 128457 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 128520 Numsec = 312367860 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 160000000000 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...Done!Scan finished=======================================Removal queue found; removal startedRemoving c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_128520_i.mbam...Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 20, 2013 ID:693530 Share Posted June 20, 2013 Please do this next: Download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Delete Once done it will ask to reboot, allow the reboot On reboot a log will be produced, please attach the content of the log to your next reply Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet Services Windows Firewall System Restore Security Center [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.Please include the following in your next post:AdwCleaner log FSS log Link to post Share on other sites More sharing options...
celery Posted June 20, 2013 Author ID:693602 Share Posted June 20, 2013 adwcleaner won't run. I'm not sure if you want me to run farbar without first running adwcleaner, so I'll wait before trying it. I downloaded adw sucessfully, clicked on it, chose "run" and it just doesn't open the program. My computer also did something it did when it was acting crazy when this all started where it sounds like the hard drive is spinning up really fast (or something to that effect but it starts making WAY more whirring noise than it ever does--no CD in the CD drive but it is almost as loud as it spinning up a CD) Not hardly anything running in task manager. (And actually whatever that is is happening again right now which makes me want to shut down cause it doesn't sound good for the computer...)I tried to restart when it was ramping up before and it did a funny abbreviated restart where it never really shut down at all. I'm getting really discouraged! I'm really grateful for your patience and help though! Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 20, 2013 ID:693764 Share Posted June 20, 2013 Go ahead and run FSS if you can. Link to post Share on other sites More sharing options...
celery Posted June 20, 2013 Author ID:693777 Share Posted June 20, 2013 Thanks!Farbar Service Scanner Version: 16-06-2013Ran by Administrator (administrator) on 20-06-2013 at 18:59:51Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"Microsoft Windows XP Service Pack 2 (X64)Boot Mode: Network****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.File Check:========C:\WINDOWS\SysWOW64\dhcpcsvc.dll[2007-03-14 17:37] - [2007-02-18 08:00] - 0117248 ____A (Microsoft Corporation) 1201DF9A11FBB0F69EBD22E503D3BC87ATTENTION!=====> C:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\ipsec.sys FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.C:\WINDOWS\SysWOW64\ipnathlp.dll[2007-03-14 17:37] - [2007-02-18 08:00] - 0343552 ____A (Microsoft Corporation) 27C6B8C2AFED21C10429A56DB95735F6C:\WINDOWS\SysWOW64\netman.dll[2007-03-14 17:37] - [2007-02-18 08:00] - 0263680 ____A (Microsoft Corporation) 12BCFB57162AD17CEA545E362CD886A8ATTENTION!=====> C:\WINDOWS\SysWOW64\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\WINDOWS\SysWOW64\srsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\sr.sys FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.ATTENTION!=====> C:\WINDOWS\SysWOW64\services.exe FILE IS MISSING AND SHOULD BE RESTORED.Extra List:=======aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)0x09000000040000000100000002000000030000000900000008000000050000000600000007000000IpSec Tag value is correct.**** End of log **** Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 22, 2013 ID:694488 Share Posted June 22, 2013 Do you have your Windows XP install CD/DVD? Link to post Share on other sites More sharing options...
celery Posted June 24, 2013 Author ID:694938 Share Posted June 24, 2013 I do... (I back up most of my stuff on an external hard drive that is not connected--hasn't been for a long time-- so it can't be infected...I have some stuff on my computer that I don't want to lose that I haven't backed up yet. Can I move it to a thumb drive without fearing that the malware will then glom onto the thumb drive and then back onto my clean computer once I'm done and want to move it back?) Link to post Share on other sites More sharing options...
RPMcMurphy Posted June 24, 2013 ID:695272 Share Posted June 24, 2013 I'm afraid that a reformat and reinstall of the operating system is your best bet at this point. Sometimes we just cant effectively un-do all the damage that some of these infections cause. Fortunately, it sounds like you have a good backup strategy, so that will make things a bit easier. Move the remaining items you need to back up to a removable drive of any sort then proceed with these instructions:http://howtoformatacomputer.com/format-windows-xpOnce you are back up and running, run Windows Update to obtain all of the necessary updates, (it will likely need to be run several times) then scan your backups on the removable drive(s) with your antivirus before moving them back to the PC. Link to post Share on other sites More sharing options...
celery Posted June 25, 2013 Author ID:695679 Share Posted June 25, 2013 Alright. I was afraid of that. I'll get right to it on Thur when I will have a chunk of time to devote to it. I'll let you know when I'm all clear. Thank you so much for all of your help. Link to post Share on other sites More sharing options...
celery Posted June 29, 2013 Author ID:696794 Share Posted June 29, 2013 I wish I was a little more chipper after HOURS of computer work...But...TWO freaking Windows re-installs (and lots of tears) later...I'm a)up and running (in normal mode even right now...) but b)unable to run malwarebytes without totally blitzing my computer. I guess I didn't fully reformat the first time which is why I did the OS reinstall again, but as far as I can tell I totally and completely and totally wiped it the last time. (I can give more of a play-by-play if necessary but there's the moral of the story--I deleted the partition the reinstalled fresh.)I decided purchasing mbam pro was probably a good idea at this point, but my computer doesn't seem to run with it installed (I had already installed it when it started crashing after reinstall #1, THEN installed again after OS reinstall #2 THEN recently uninstalled it in safe mode which is how I'm up and running right now as far as I can tell...) It's the only "common denominator" I can come up with...computer runs without, crashes (freezes) with...It doesn't inspire confidence in my computer and any assumptions about its health that it won't run with mbam on it...Any advice? Link to post Share on other sites More sharing options...
Recommended Posts