Aendromeda Posted June 20, 2013 ID:693369 Share Posted June 20, 2013 I picked this up somewhere not sure how/ where, the only thing I've downloaded lately were some custom PS brushes. None of my security programs can get rid of it, they pick up the symptoms but are apparently missing the root problem. Hopefully I've posted correctly. Any help would be appreciated. logs: DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Mr. Yuk at 17:57:15 on 2013-06-19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1969 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: ActiveArmor Firewall *Disabled*.============== Running Processes ================.C:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeC:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exeC:\WINDOWS\system32\Pen_Tablet.exeC:\Program Files\Tablet\Wacom\Wacom_Tablet.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\smax4.exeC:\Program Files\Lexmark X5100 Series\lxbabmgr.exeC:\Program Files\Musicmatch Jukebox\mmtask.exeC:\Program Files\Lexmark X5100 Series\lxbabmon.exeC:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exeC:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Logitech\LWS\Webcam Software\LWS.exeC:\WINDOWS\system32\WTablet\Pen_TabletUser.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\WINDOWS\system32\Pen_Tablet.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exeC:\Program Files\Samsung\Kies\KiesTrayAgent.exeC:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\WINDOWS\system32\lexpps.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Tablet\Wacom\Wacom_TabletUser.exeC:\Program Files\Tablet\Wacom\Wacom_Tablet.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k bthsvcsC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dllBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dlluRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [soundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /traymRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe"mRun: [mmtask] "c:\program files\musicmatch jukebox\mmtask.exe"mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [PhilipsDM] "c:\program files\philips\philips device manager\bin\DeviceManager.exe"mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [Computer Alarm Clock] <no file>dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0819 -f video -m logitech -d 13.31.1044.0dRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster\printmaster\pmremind.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exeIE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe.INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..Handler: bw+0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw+0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw-0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw-0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw00 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw00s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw10 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw10s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw20 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw20s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw30 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw30s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw40 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw40s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw50 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw50s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw60 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw60s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw70 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw70s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw80 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw80s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw90 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bw90s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwa0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwa0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwb0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwb0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwc0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwc0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwd0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwd0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwe0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwe0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwf0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwf0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: bwg0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwg0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwh0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwh0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwi0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwi0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwj0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwj0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwk0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwk0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwl0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwl0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwm0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwm0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwn0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwn0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwo0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwo0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwp0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwp0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwq0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwq0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwr0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwr0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bws0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bws0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwt0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwt0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwu0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwu0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwv0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwv0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bww0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bww0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwx0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwx0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwy0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwy0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwz0 - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: bwz0s - {1dafa80f-6ffa-468b-8544-f1ae4e44d28f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: offline-8876480 - {1DAFA80F-6FFA-468B-8544-F1AE4E44D28F} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: NavLogon - <no file>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\mr. yuk\application data\mozilla\firefox\profiles\tzjf83at.default\FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dllFF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dllFF - plugin: c:\program files\realplayer\netscape6\nppl3260.dllFF - plugin: c:\program files\realplayer\netscape6\nprjplug.dllFF - plugin: c:\program files\realplayer\netscape6\nprpjplug.dllFF - plugin: c:\program files\tabletplugins\npwacom.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 195296]R1 MpKsl5e39a1b7;MpKsl5e39a1b7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{389576e1-5a04-4358-8484-885da39d6593}\MpKsl5e39a1b7.sys [2013-6-19 29904]R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-2 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-8 701512]R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-4-6 1373480]R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-2-24 4807536]R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-31 450848]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-8 22856]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-19 40776]R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-9-16 10752]S1 gmtopupj;gmtopupj;\??\c:\windows\system32\drivers\gmtopupj.sys --> c:\windows\system32\drivers\gmtopupj.sys [?]S1 iuzhluxt;iuzhluxt;\??\c:\windows\system32\drivers\iuzhluxt.sys --> c:\windows\system32\drivers\iuzhluxt.sys [?]S1 xiyrdgve;xiyrdgve;\??\c:\windows\system32\drivers\xiyrdgve.sys --> c:\windows\system32\drivers\xiyrdgve.sys [?]S1 zjkihuvc;zjkihuvc;\??\c:\windows\system32\drivers\zjkihuvc.sys --> c:\windows\system32\drivers\zjkihuvc.sys [?]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-5-9 20608]S3 cpuz132;cpuz132;\??\c:\docume~1\kristin\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\kristin\locals~1\temp\cpuz132\cpuz132_x32.sys [?]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-6-9 20032]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-5-14 24576]S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\zd1211bu.sys --> c:\windows\system32\drivers\zd1211Bu.sys [?].=============== Created Last 30 ================.2067-05-27 22:16:26 1249280 ------w- c:\program files\microsoft games\impossible creatures\InsectMod.dll2067-05-22 05:35:22 106496 ------w- c:\program files\microsoft games\impossible creatures\Filesystem.dll2013-06-20 00:56:42 -------- d-----w- c:\documents and settings\mr. yuk\application data\BitTorrent2013-06-20 00:56:23 -------- d-----w- c:\documents and settings\mr. yuk\local settings\application data\Temp2013-06-20 00:28:11 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{389576e1-5a04-4358-8484-885da39d6593}\MpKsl5e39a1b7.sys2013-06-19 15:51:00 851456 ----a-w- c:\documents and settings\all users\application data\1C4F.tmp2013-06-19 15:51:00 850944 ----a-w- c:\documents and settings\all users\application data\ildefender.exe2013-06-19 14:35:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-06-19 14:32:39 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{389576e1-5a04-4358-8484-885da39d6593}\offreg.dll2013-06-19 02:52:59 -------- d-----w- C:\TDSSKiller_Quarantine2013-06-19 00:35:59 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{389576e1-5a04-4358-8484-885da39d6593}\mpengine.dll2013-06-17 00:48:35 -------- d-----w- c:\program files\Spybot - Search & Destroy2013-06-16 23:27:53 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-06-15 17:29:42 -------- d--h--w- c:\windows\PIF2013-06-15 03:46:17 -------- d-----w- c:\documents and settings\mr. yuk\local settings\application data\visi_coupon2013-06-14 05:14:48 -------- d-----w- c:\documents and settings\mr. yuk\local settings\application data\Mozilla2013-06-09 21:19:03 -------- d-----w- c:\program files\MyFree Codec2013-06-09 21:15:00 4659712 ----a-w- c:\windows\system32\Redemption.dll2013-06-09 21:14:49 319456 ----a-w- c:\windows\system32\DIFxAPI.dll2013-06-09 21:14:49 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys2013-06-09 21:14:48 821824 ----a-w- c:\windows\system32\dgderapi.dll2013-06-09 21:13:00 -------- d-----w- c:\program files\Samsung2013-06-09 21:13:00 -------- d-----w- c:\documents and settings\all users\application data\Samsung2013-05-23 22:58:39 193824 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe2013-05-23 22:58:17 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll2013-05-23 22:58:17 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2013-05-23 22:58:17 3076504 ----a-w- c:\program files\mozilla firefox\gkmedias.dll2013-05-23 22:58:17 117144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe2013-05-23 22:58:16 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe2013-05-23 22:58:16 3727360 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll2013-05-23 22:58:16 279448 ----a-w- c:\program files\mozilla firefox\freebl3.dll2013-05-23 22:58:11 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll2013-05-23 22:58:11 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll2013-05-23 22:58:11 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll2013-05-23 22:58:11 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe.==================== Find3M ====================.2013-06-11 22:39:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-11 22:39:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll2013-05-07 22:30:05 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-19 02:07:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx2013-04-19 02:07:00 330240 ----a-w- c:\windows\MASetupCaller.dll2013-04-19 02:07:00 30568 ----a-w- c:\windows\MusiccityDownload.exe2013-04-13 10:03:22 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin2013-04-13 10:03:22 1 ----a-w- c:\windows\system32\nvdrssel.bin2013-04-13 10:03:11 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 17:57:25.31 =============== . DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 3/19/2007 2:14:48 AMSystem Uptime: 6/19/2013 7:31:11 AM (10 hours ago).Motherboard: ASUSTeK Computer INC. | | M2NProcessor: AMD Athlon 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 149 GiB total, 1.883 GiB free.D: is CDROM ()E: is CDROM ()G: is FIXED (NTFS) - 233 GiB total, 66.369 GiB free.H: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: NVIDIA nForce Networking ControllerDevice ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&4641892&0&00Manufacturer: NVIDIAName: NVIDIA nForce Networking ControllerPNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&4641892&0&00Service: NVENETFD.==== System Restore Points ===================.RP2511: 5/31/2013 7:29:01 AM - Software Distribution Service 3.0RP2512: 5/31/2013 4:35:32 PM - Software Distribution Service 3.0RP2513: 6/1/2013 4:35:36 PM - Software Distribution Service 3.0RP2514: 6/2/2013 4:35:28 PM - Software Distribution Service 3.0RP2515: 6/3/2013 5:38:37 PM - Software Distribution Service 3.0RP2516: 6/4/2013 5:37:55 PM - Software Distribution Service 3.0RP2517: 6/5/2013 5:38:00 PM - Software Distribution Service 3.0RP2518: 6/6/2013 6:33:51 PM - System CheckpointRP2519: 6/7/2013 7:18:59 AM - Software Distribution Service 3.0RP2520: 6/8/2013 7:18:46 AM - Software Distribution Service 3.0RP2521: 6/9/2013 7:18:44 AM - Software Distribution Service 3.0RP2522: 6/9/2013 2:12:31 PM - Installed Samsung KiesRP2523: 6/10/2013 7:19:04 AM - Software Distribution Service 3.0RP2524: 6/11/2013 7:19:38 AM - Software Distribution Service 3.0RP2525: 6/12/2013 7:19:13 AM - Software Distribution Service 3.0RP2526: 6/13/2013 3:00:30 AM - Software Distribution Service 3.0RP2527: 6/13/2013 10:10:48 PM - Software Distribution Service 3.0RP2528: 6/14/2013 7:28:27 AM - Software Distribution Service 3.0RP2529: 6/14/2013 10:22:18 PM - Removed Ask Toolbar.RP2530: 6/15/2013 10:34:17 AM - Software Distribution Service 3.0RP2531: 6/16/2013 10:57:08 AM - Software Distribution Service 3.0RP2532: 6/16/2013 4:27:43 PM - Software Distribution Service 3.0RP2533: 6/17/2013 4:37:39 PM - System CheckpointRP2534: 6/18/2013 5:34:20 PM - Software Distribution Service 3.0.==== Installed Programs ======================.7-Zip 4.65ACDSeeAdobe AIRAdobe Download ManagerAdobe Flash Media Live Encoder 3.1Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop 7.0Adobe Reader X (10.1.7)Adobe Shockwave Player 11.5Advanced RealMedia Export Plug-in for Premiere 6.0Amazon MP3 Downloader 1.0.3American McGee's AliceAmnesia: The Dark Descent DemoApple Application SupportApple Software UpdateAsdaStoryAudacity 1.2.1AutoUpdateBastionBig Fish Games: Game ManagerBlackBerry Desktop Software 6.1BlackBerry Smartphone Simulators 4.5.0.37 (8310)CameraHelperMsiCard Vault V1.5aChoice GuardClick to Call with SkypeCompatibility Pack for the 2007 Office systemComputer Alarm ClockConcise Oxford American DictionaryCritical Update for Windows Media Player 11 (KB959772)Cute KnightDivX CodecDivX Content UploaderDivX ConverterDivX PlayerDivX Web PlayerDragon Age: OriginsDragon Age: Origins Character CreatoreBook Library by SonyEquestriad 2001erLTEufloria - DemoFaerie SolitaireFeeding FrenzyFeeding Frenzy 2 1.0Fish TycoonFish Tycoon (remove only)FishdomFrom DustGameSpy ArcadeGonVisor 1.74Google Earth Plug-inGoogle Update HelperHigh Definition Audio Driver Package - KB888111honestech VHS to DVD 4.0 PlusHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HTC BMP USB DriverHTC Driver InstallerHTC SyncIcoFX 1.6.4ICQICQ7.2Insaniquarium Deluxe 1.0J2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 3Java 6 Update 2Java 6 Update 29Java 6 Update 3Java 6 Update 5Java 6 Update 7Java SE Runtime Environment 6 Update 1JquickTransJTabletKing's Bounty: Armored Princess - DemoLeague of LegendsLeft 4 DeadLeft 4 Dead 2Lexmark X5100 SeriesLiveUpdate 2.6 (Symantec Corporation)Logitech Desktop MessengerLogitech SetPointLogitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300Mass EffectMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2742597)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft National Language Support Downlevel APIsMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Edition 2003Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Ultimate 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Web Publishing Wizard 1.52Microsoft XNA Framework Redistributable 3.1Mirror's Edge™Morpheus Photo Animation Suite v3.10MorrowindMount & Blade DemoMozilla Firefox 21.0 (x86 en-US)Mozilla Maintenance ServiceMozilla Sunbird (0.8)Mozilla Thunderbird (5.0)MSVCRTMSXML 4.0 SP2 (KB925672)MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)MSXML 6 Service Pack 2 (KB954459)Musicmatch® JukeboxNero 6 Ultra EditionNeverwinter Nights Gold EditionNVIDIA DriversNVIDIA ForceWare Network Access ManagerNVIDIA nView Desktop ManagerNVIDIA PhysXOblivionOblivion - Construction SetOblivion - Horse Armor PackOblivion - Knights of the NineOblivion - Mehrunes RazorOblivion - OrreryOblivion - Spell TomesOblivion - Thieves DenOblivion - Vile LairOblivion - Wizard's TowerOGA Notifier 2.0.0048.0OpenALPando Media BoosterPen TabletPhilips Device ManagerPhilips Device Plug-inPlazmic CDK 4.7 for BlackBerryPortalPortal 2Portal 2 Authoring Tools - BetaPowerDVDPrintMasterPRS-500 USB driverQuickTimeRealPlayerRide!Riding StarRTP for RM2K (Png, Wav, Midi, Fonts)Samsung KiesSAMSUNG USB Driver for Mobile PhonesSeagate Manager InstallerSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165-v2)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Segoe UIShaiya(US)ShockwaveSimpleMU MUD ClientSkype™ 5.10SoundMAXSpybot - Search & DestroySteamSwitchSystem Requirements Lab CYRITES Construction SetThe Legacy of Rosemond HillThe Sims 2 HomeCrafter PlusThe Sims 2 PetsThe Sims™ 2 Double DeluxeTorchlight DemoTradewinds LegendsTypingMaster Typing TestUbisoft Game LauncherUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit EditionUpdate for Microsoft Windows (KB971513)Update for Windows Internet Explorer 8 (KB971930)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB961503)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)USB2.0 VIDBOX NW03Ventrilo ClientViewpoint Media PlayerVirtual Villagers: A New HomeVLC media player 1.1.10Vocal RemoverWacom TabletWebFldrs XPWebTablet IE PluginWebTablet Netscape PluginWinampWindows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0)Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Internet Explorer 7Windows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MessengerWindows Live Sign-in AssistantWindows Live Upload ToolWindows Media Format 11 runtimeWindows Media Player 11Windows Presentation FoundationWindows XP Service Pack 3WinRAR archiverWinX Free WMV to MP4 Converter 2.0.7WinZipXfire (remove only)XML Paper Specification Shared Components Pack 1.0Yahoo! MessengerYahoo! Software UpdateYahoo! ToolbarZoo Tycoon 2 - Extinct Animals.==== Event Viewer Messages From Past Week ========.6/19/2013 5:47:31 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.6/16/2013 3:11:52 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The TabletServiceWacom service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The Forceware Web Interface service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The ForceWare user log service service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:22 AM, error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.6/16/2013 11:44:22 AM, error: Service Control Manager [7031] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.6/16/2013 11:44:21 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).6/16/2013 11:44:21 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.6/15/2013 10:23:07 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified..==== End Of File =========================== Link to post Share on other sites More sharing options...
Psychotic Posted June 20, 2013 ID:693441 Share Posted June 20, 2013 Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Please download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
Aendromeda Posted June 21, 2013 Author ID:693846 Share Posted June 21, 2013 Thank you for helping me. Here is the scan. GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-06-20 18:38:43Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000076 ST3160318AS rev.CC38 149.05GBRunning: 5lgljjv9.exe; Driver: C:\DOCUME~1\MR0FCE~1.YUK\LOCALS~1\Temp\kgrdqpow.sys---- System - GMER 2.1 ----SSDT spcn.sys ZwCreateKey [0xB7EB50E0]SSDT spcn.sys ZwEnumerateKey [0xB7ECDDA4]SSDT spcn.sys ZwEnumerateValueKey [0xB7ECE132]SSDT spcn.sys ZwOpenKey [0xB7EB50C0]SSDT spcn.sys ZwQueryKey [0xB7ECE20A]SSDT spcn.sys ZwQueryValueKey [0xB7ECE08A]SSDT spcn.sys ZwSetValueKey [0xB7ECE29C]INT 0x62 ? 8B054BF8INT 0x63 ? 8B053BF8INT 0x73 ? 8B053BF8INT 0x83 ? 8B0C7BF8INT 0xB4 ? 8AED2BF8---- Devices - GMER 2.1 ----Device 8B0521F8Device Ntfs.sysDevice \Driver\sptd \Device\2794051666 spcn.sysDevice \Driver\usbohci \Device\USBPDO-0 8AE0E1F8Device \Driver\usbehci \Device\USBPDO-1 8AE0A1F8Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0C51F8Device \Driver\dmio \Device\DmControl\DmConfig 8B0C51F8Device \Driver\dmio \Device\DmControl\DmPnP 8B0C51F8Device \Driver\dmio \Device\DmControl\DmInfo 8B0C51F8Device \Driver\PCI_PNP0416 \Device\00000052 spcn.sysDevice rdpdr.sysDevice \Driver\Ftdisk \Device\HarddiskVolume1 8B0551F8Device \Driver\Ftdisk \Device\HarddiskVolume2 8B0551F8Device \Driver\Cdrom \Device\CdRom0 8AEBF1F8Device \Driver\atapi \Device\Ide\IdePort0 [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}Device \Driver\atapi \Device\Ide\IdePort1 [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}Device \Driver\Cdrom \Device\CdRom1 8AEBF1F8Device \Driver\Cdrom \Device\CdRom2 8AEBF1F8Device \Driver\nvata \Device\00000076 8B0531F8Device \Driver\nvata \Device\00000077 8B0531F8Device \Driver\NetBT \Device\NetBt_Wins_Export 8A7DF500Device \Driver\NetBT \Device\NetbiosSmb 8A7DF500Device \Driver\usbohci \Device\USBFDO-0 8AE0E1F8Device \Driver\usbehci \Device\USBFDO-1 8AE0A1F8Device \Driver\nvata \Device\NvAta0 8B0531F8Device \Driver\NetBT \Device\NetBT_Tcpip_{D913E184-9AB1-45C0-8903-22C33FDB5BD5} 8A7DF500Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A7C81F8Device \Driver\nvata \Device\NvAta1 8B0531F8Device 8A7C81F8Device \Driver\Ftdisk \Device\FtControl 8B0551F8Device \Driver\atrtvsl9 \Device\Scsi\atrtvsl91Port5Path0Target0Lun0 8AE8D500Device \Driver\ultra \Device\Scsi\ultra1 8B0C41F8Device \Driver\atrtvsl9 \Device\Scsi\atrtvsl91 8AE8D500Device \FileSystem\Cdfs \Cdfs 8A79D500---- Trace I/O - GMER 2.1 ----Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8b0531f8]<< 8b0531f8Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afddab8] 8afddab8Trace 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000078[0x8b0092d8] 8b0092d8Trace 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\00000076[0x8afdd030] 8afdd030Trace \Driver\nvata[0x8b035940] -> IRP_MJ_CREATE -> 0x8b0531f8 8b0531f8---- Registry - GMER 2.1 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250@00249f09c101 0x10 0x3F 0x12 0xE9 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0xC9 0x2E 0x63 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9D 0xA7 0x9F 0x15 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x17 0x9A 0xC8 ...Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f81000250@00249f09c101 0x10 0x3F 0x12 0xE9 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0xC9 0x2E 0x63 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9D 0xA7 0x9F 0x15 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x17 0x9A 0xC8 ...Reg HKLM\SOFTWARE\Classes\CLSID\{3BEADDAF-E918-CD7F-7DFF-05FDED509D78}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dllReg HKLM\SOFTWARE\Classes\CLSID\{3BEADDAF-E918-CD7F-7DFF-05FDED509D78}\InprocServer32@ThreadingModel ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{3BEADDAF-E918-CD7F-7DFF-05FDED509D78}\InprocServer32@RuntimeVersion v1.0.3705Reg HKLM\SOFTWARE\Classes\CLSID\{3BEADDAF-E918-CD7F-7DFF-05FDED509D78}\InprocServer32@Assembly dao, Version=10.0.4504.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35Reg HKLM\SOFTWARE\Classes\CLSID\{3BEADDAF-E918-CD7F-7DFF-05FDED509D78}\InprocServer32@Class dao.DBEngineClassReg HKLM\SOFTWARE\Classes\CLSID\{3BEADDAF-E918-CD7F-7DFF-05FDED509D78}\ProgID@ DAO.DBEngine.36---- EOF - GMER 2.1 ---- Link to post Share on other sites More sharing options...
Psychotic Posted June 21, 2013 ID:693962 Share Posted June 21, 2013 Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers. Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Do not re-enable these drivers until otherwise instructed. Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.Double click the mbar.zip file to open it, then 'Extract all files'. Double click the mbar folder to open it, then double click mbar.exe to start the tool.Check for Updates, then Scan your system for malwareIf malware is found, do NOT press the Cleanup button yet. Click EXIT.I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply. Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bitQuit all programs that you may have started. Please disconnect any external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start" For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply. You´ll find the log as RKreport[1].txt on your desktop also. Exit/Close RogueKiller. Link to post Share on other sites More sharing options...
Aendromeda Posted June 22, 2013 Author ID:694355 Share Posted June 22, 2013 I'm ashamed to say that I didn't follow your instructions well and overzealously pushed the cleanup button, exactly as you asked me not to do. Regardless, here are the logs: Malwarebytes Anti-Rootkit BETA 1.06.0.1003www.malwarebytes.orgDatabase version: v2013.06.21.10Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Mr. Yuk :: CELAENO [administrator]6/21/2013 6:00:19 PMmbar-log-2013-06-21 (18-00-19).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: Deep Anti-Rootkit Scan | PUPObjects scanned: 324772Time elapsed: 1 hour(s), 26 minute(s), 28 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 8C:\WINDOWS\system32\drivers\nv4_mini.sys (Unknown Rootkit Driver Infection) -> Replace on reboot.c:\Documents and Settings\All Users\Application Data\1C4F.tmp (Trojan.FakeAV.sig) -> Delete on reboot.c:\RECYCLER\S-1-5-21-1708537768-1482476501-725345543-1003\Dc8.exe (Trojan.FakeAV) -> Delete on reboot.c:\Documents and Settings\Erica\Local Settings\Temp\3F.tmp (Trojan.FakeAV.sig) -> Delete on reboot.c:\Documents and Settings\Erica\Local Settings\Temp\40.tmp (Trojan.FakeAV.sig) -> Delete on reboot.c:\Documents and Settings\Erica\Local Settings\Temp\2E.tmp (Trojan.FakeAV) -> Delete on reboot.c:\Documents and Settings\Erica\flashplayer.exe (Trojan.Ransom.FG) -> Delete on reboot.c:\Documents and Settings\Erica\vlcplayer.exe (Trojan.Ransom.FG) -> Delete on reboot.Physical Sectors Detected: 0(No malicious items detected)(end) And the other, RogueKiller V8.6.1 [Jun 19 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Mr. Yuk [Admin rights]Mode : Scan -- Date : 06/21/2013 21:40:49| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKUS\S-1-5-19\[...]\Run : Adobe CSS5.1 Manager (C:\Documents and Settings\LocalService\Local Settings\Application Data\a124413a-7819-4bd1-8279-995e11b106caad\aabdebcaad.exe [-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\RunOnce : A0 (cmd /c "C:\Documents and Settings\Mr. Yuk\Desktop\mbar-1.06.0.1003\mbar\mbar.exe" /r /s [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-19\[...]\RunOnce : Adobe CSS5.1 Manager (C:\Documents and Settings\LocalService\Local Settings\Application Data\a124413a-7819-4bd1-8279-995e11b106caad\aabdebcaad.exe [-]) -> FOUND[DNS] HKLM\[...]\CS001\[...]\{D913E184-9AB1-45C0-8903-22C33FDB5BD5} : NameServer (207.109.251.1,207.109.251.10) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DLL][ROGUE ST] HKLM\[...]\CS001\[...]\Parameters : ServiceDll (C:\DOCUME~1\Erica\2838625.dll [x]) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V1][sUSP PATH] {003825B9-9125-478A-B73A-6EDBCF15B4AB}.job : C:\Documents and Settings\LocalService\Local Settings\Application Data\a124413a-7819-4bd1-8279-995e11b106caad\aabdebcaad.exe [-] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB1FAEC4C)[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB1FAED3C)¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : Mal.Hosts ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 www.mp3winmx.com --> Potentially malicious!127.0.0.1 mp3winmx.com --> Potentially malicious!127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!127.0.0.1 winmx.click-new-download.com --> Potentially malicious!127.0.0.1 www.winmxfrance.com --> Potentially malicious!127.0.0.1 winmxfrance.com --> Potentially malicious!127.0.0.1 www.winmx-freebie.com --> Potentially malicious!127.0.0.1 winmx-freebie.com --> Potentially malicious!127.0.0.1 www.winmx-music-download.com --> Potentially malicious!127.0.0.1 winmx-music-download.com --> Potentially malicious!127.0.0.1 www.download-winmx-free.com --> Potentially malicious!127.0.0.1 download-winmx-free.com --> Potentially malicious!127.0.0.1 free-winmx-downloads.com --> Potentially malicious!127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!127.0.0.1 winmx-d0wnload.com --> Potentially malicious!127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!127.0.0.1 www.winmx-usa.com --> Potentially malicious!127.0.0.1 winmx-usa.com --> Potentially malicious!127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!127.0.0.1 www.google.dospop.com --> Potentially malicious!127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.100888290cs.com127.0.0.1 100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.123topsearch.com127.0.0.1 123topsearch.com127.0.0.1 www.132.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3160318AS +++++--- User ---[MBR] d63dd0b0e83fede57857cc55f0fe6f0c[bSP] 19823ee9ddaa35ffe6db8d40e1364134 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 MoUser = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive1: ST3160318AS +++++--- User ---[MBR] 797c3f174ecaef1a34de6daabde046ba[bSP] 10665f327cbefc5447ae8ed6df053414 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[0]_S_06212013_214049.txt >> Sorry for being an inexpert instruction follower. Link to post Share on other sites More sharing options...
Psychotic Posted June 22, 2013 ID:694417 Share Posted June 22, 2013 Run Roguekiller again and hit delete.When finished, reboot ysour machine (if not prompted to do).Post up the log. Link to post Share on other sites More sharing options...
Aendromeda Posted June 22, 2013 Author ID:694533 Share Posted June 22, 2013 Do I need to delete each individual tab or just the registry tab? Link to post Share on other sites More sharing options...
Psychotic Posted June 23, 2013 ID:694727 Share Posted June 23, 2013 No, just run another scan. When finished, hit the delete button. Post up the log. Link to post Share on other sites More sharing options...
Aendromeda Posted June 23, 2013 Author ID:694778 Share Posted June 23, 2013 RogueKiller V8.6.1 [Jun 19 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Mr. Yuk [Admin rights]Mode : Remove -- Date : 06/23/2013 08:03:53| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 1 ¤¤¤[DNS] HKLM\[...]\CS001\[...]\{D913E184-9AB1-45C0-8903-22C33FDB5BD5} : NameServer (207.109.251.1,207.109.251.10) -> NOT REMOVED, USE DNSFIX¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : Mal.Hosts ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 www.mp3winmx.com --> Potentially malicious!127.0.0.1 mp3winmx.com --> Potentially malicious!127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!127.0.0.1 winmx.click-new-download.com --> Potentially malicious!127.0.0.1 www.winmxfrance.com --> Potentially malicious!127.0.0.1 winmxfrance.com --> Potentially malicious!127.0.0.1 www.winmx-freebie.com --> Potentially malicious!127.0.0.1 winmx-freebie.com --> Potentially malicious!127.0.0.1 www.winmx-music-download.com --> Potentially malicious!127.0.0.1 winmx-music-download.com --> Potentially malicious!127.0.0.1 www.download-winmx-free.com --> Potentially malicious!127.0.0.1 download-winmx-free.com --> Potentially malicious!127.0.0.1 free-winmx-downloads.com --> Potentially malicious!127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!127.0.0.1 winmx-d0wnload.com --> Potentially malicious!127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!127.0.0.1 www.winmx-usa.com --> Potentially malicious!127.0.0.1 winmx-usa.com --> Potentially malicious!127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!127.0.0.1 www.google.dospop.com --> Potentially malicious!127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.100888290cs.com127.0.0.1 100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.123topsearch.com127.0.0.1 123topsearch.com127.0.0.1 www.132.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3160318AS +++++--- User ---[MBR] d63dd0b0e83fede57857cc55f0fe6f0c[bSP] 19823ee9ddaa35ffe6db8d40e1364134 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 MoUser = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive1: ST3160318AS +++++--- User ---[MBR] 797c3f174ecaef1a34de6daabde046ba[bSP] 10665f327cbefc5447ae8ed6df053414 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[0]_D_06232013_080353.txt >>RKreport[0]_D_06222013_092937.txt;RKreport[0]_S_06212013_214049.txt;RKreport[0]_S_06222013_094343.txtRKreport[0]_S_06232013_080347.txt Link to post Share on other sites More sharing options...
Psychotic Posted June 23, 2013 ID:694861 Share Posted June 23, 2013 Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications====================================================Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
Aendromeda Posted June 23, 2013 Author ID:694903 Share Posted June 23, 2013 If you would prefer it copy-pasted, let me know. ComboFix.txt Link to post Share on other sites More sharing options...
Psychotic Posted June 24, 2013 ID:695177 Share Posted June 24, 2013 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.CFScript.txt Link to post Share on other sites More sharing options...
Aendromeda Posted June 24, 2013 Author ID:695319 Share Posted June 24, 2013 Here's the log.ComboFix.txt Link to post Share on other sites More sharing options...
Psychotic Posted June 25, 2013 ID:695544 Share Posted June 25, 2013 Looks good - let´s cross check: Please go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
Aendromeda Posted June 26, 2013 Author ID:695796 Share Posted June 26, 2013 C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Documents and Settings\Erica\Desktop\GO THROUGH THIS\BestVideoDownloader(1).exe a variant of Win32/KBM.A applicationC:\Documents and Settings\Erica\Desktop\GO THROUGH THIS\BestVideoDownloader.exe a variant of Win32/KBM.A applicationC:\Program Files\ICQ7.2\packages\bloom\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\evergreen\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\Facebook\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\featuredThemes\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\geo1\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\kolobok\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\purple\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\quest\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\sky\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\strawberries\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\zlango7\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\Xtraz\zlango7\resources\en-us\xtraz_list.dtd Win32/Adware.SpywareProtect2009 applicationC:\Qoobox\Quarantine\C\Documents and Settings\Erica\Local Settings\Application Data\DivXNetworks\lyfhchqb.dll.vir Win32/Boaxxe.G trojanC:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo applicationC:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214275.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214277.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214291.dll a variant of Win32/Adware.Yontoo.A applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214293.dll a variant of Win32/Adware.Yontoo.B applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214331.dll Win32/Toolbar.Babylon applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214332.dll Win32/Toolbar.Babylon applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214333.dll a variant of Win32/Toolbar.Babylon applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214334.dll Win32/Toolbar.Babylon applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2529\A0214336.exe probably a variant of Win32/Toolbar.Babylon applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2532\A0217844.dll probably a variant of Win32/Adware.Gamevance.AG applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2541\A0219244.dll Win32/Boaxxe.G trojanC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2541\A0219246.dll Win32/Toolbar.Zugo applicationC:\System Volume Information\_restore{D379DF66-44AF-4C0A-B2E2-189825230D5E}\RP2541\A0219248.exe Win32/Toolbar.Zugo applicationG:\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe multiple threatsG:\Downloads\BitTorrent-6.2.exe a variant of Win32/Bundled.Toolbar.Ask.A applicationG:\Downloads\Install_AIM.exe Win32/Adware.WBug.A applicationG:\Downloads\winamp5572_full_emusic-7plus_en-us.exe Win32/OpenCandy applicationG:\Downloads\winamp5572_full_emusic-7plus_en-us.exe.part Win32/OpenCandy applicationG:\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy applicationG:\Downloads\Pets\felix.exe a variant of Win32/Joke.ScreenMate.AA application Link to post Share on other sites More sharing options...
Psychotic Posted June 26, 2013 ID:695874 Share Posted June 26, 2013 C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Documents and Settings\Erica\Desktop\GO THROUGH THIS\BestVideoDownloader(1).exe a variant of Win32/KBM.A applicationC:\Documents and Settings\Erica\Desktop\GO THROUGH THIS\BestVideoDownloader.exe a variant of Win32/KBM.A applicationC:\Program Files\ICQ7.2\packages\bloom\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\evergreen\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\Facebook\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\featuredThemes\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\geo1\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\kolobok\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\purple\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\quest\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\sky\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\strawberries\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\packages\zlango7\updates\manifest Win32/Adware.SpywareProtect2009 applicationC:\Program Files\ICQ7.2\Xtraz\zlango7\resources\en-us\xtraz_list.dtd Win32/Adware.SpywareProtect2009 applicationG:\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe multiple threatsG:\Downloads\BitTorrent-6.2.exe a variant of Win32/Bundled.Toolbar.Ask.A applicationG:\Downloads\Install_AIM.exe Win32/Adware.WBug.A applicationG:\Downloads\winamp5572_full_emusic-7plus_en-us.exe Win32/OpenCandy applicationG:\Downloads\winamp5572_full_emusic-7plus_en-us.exe.part Win32/OpenCandy applicationG:\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy applicationG:\Downloads\Pets\felix.exe a variant of Win32/Joke.ScreenMate.AA application These files aren´t malware but contain security risks. I would delete them immediately. Your choice. Then we can do the cleanup - if you are facing any issues, report that immediately.Scan with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe.Hit delete.When the run is finished, it will open up a text file.Please post its contents within your next reply.You´ll find the log file at C:\AdwCleaner[s1].txt also.SecurityCheckPlease download SecurityCheck: LINK1 LINK2 Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
Aendromeda Posted June 26, 2013 Author ID:695964 Share Posted June 26, 2013 # AdwCleaner v2.303 - Logfile created 06/26/2013 at 14:38:02# Updated 08/06/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : Erica - CELAENO# Boot Mode : Normal# Running from : C:\Documents and Settings\Erica\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\ecwo2zze.default\extensions\plugin@yontoo.com.xpiFolder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma InstallerFolder Deleted : C:\Documents and Settings\All Users\Application Data\TrymediaFolder Deleted : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Deleted : C:\Documents and Settings\Erica\Application Data\BabylonFolder Deleted : C:\Documents and Settings\Erica\Application Data\BabylonToolbarFolder Deleted : C:\Documents and Settings\Erica\Application Data\ComplitlyFolder Deleted : C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\ecwo2zze.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}Folder Deleted : C:\Documents and Settings\Erica\Application Data\yourfiledownloaderFolder Deleted : C:\Documents and Settings\Erica\Local Settings\Application Data\ConduitFolder Deleted : C:\Documents and Settings\Erica\Local Settings\Application Data\ConduitEngineFolder Deleted : C:\Documents and Settings\Tea for 3\Local Settings\Application Data\AskToolbarFolder Deleted : C:\Program Files\PlaySushiFolder Deleted : C:\Program Files\Viewpoint***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\PlaySushiKey Deleted : HKCU\Software\BabylonToolbarKey Deleted : HKCU\Software\ComplitlyKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\conduitEngineKey Deleted : HKCU\Software\Microsoft\BabylonKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\YourFileDownloaderKey Deleted : HKCU\ToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondaryKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\Conduit.EngineKey Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\MetaStreamKey Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushiKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FAKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayerKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Deleted : HKLM\Software\ViewpointValue Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.18702-\\ Mozilla Firefox v21.0 (en-US)File : C:\Documents and Settings\Mr. Yuk\Application Data\Mozilla\Firefox\Profiles\tzjf83at.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\Tea for 3\Application Data\Mozilla\Firefox\Profiles\1gv75t7e.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\ecwo2zze.default\prefs.jsC:\Documents and Settings\Erica\Application Data\Mozilla\Firefox\Profiles\ecwo2zze.default\user.js ... Deleted !Deleted : user_pref("extensions.aniweather.timeShifted", 1731182);Deleted : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"short_url_length_hxxps\":21,\"[...]Deleted : user_pref("extentions.y2layers.lastDnsTest", 372029);-\\ Google Chrome v27.0.1453.94File : C:\Documents and Settings\Erica\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences*************************AdwCleaner[R1].txt - [9978 octets] - [26/06/2013 14:36:28]AdwCleaner[s1].txt - [9958 octets] - [26/06/2013 14:38:02]########## EOF - C:\AdwCleaner[s1].txt - [10018 octets] ########## And the other, Results of screen317's Security Check version 0.99.68 Windows XP Service Pack 3 x86 Internet Explorer 8 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 29 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! Mozilla Thunderbird (5.0). Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted June 27, 2013 ID:696228 Share Posted June 27, 2013 Then you´re all clean now! Java update updateYour Java runtime environment is outdated. We will fix this.Get the actual JRE from hereSave jxpiinstall.exe to your desktopClose all running programs, especially your browser(s)Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the softwarewhen finished, go toStart-->control panel-->add/remove programs and remove all older Java versions. (if existing)When finished, reboot your computer.After the rebootOpen control panel again and click the java symbol.Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.Click Delete Files.The Delete Temporary Files dialog box appearsClick OK on Delete Temporary Files window.Click OK again. Adobe Reader updateYour Adobe Reader is outdated. We will fix this. Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.Run setup and follow the instructions.Click upon Start-->control panel-->add/remove programs.Search for and remove any older reader versions. Mozilla Firefox updateYour Firefox browser is outdated. Please follow these instructions to update it:Get the actual firefox from here.Run setup and follow the instructions on your monitor.Report any problems you have with the update. Mozilla Thunderbird updateYour Thunderbird mail client is outdated. Please follow these instructions to update it:Get the actual Thunderbird from here.Run setup and follow the instructions on your monitor.Report any problems you have with the update. Uninstall our tools.Please follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy. Reading MaterialHow to protect yourself System UpdatesBeeing up to date is very important. Please be sure to activate automatic updates in your control panel. Windows XP | Windows Vista | Windows 7 | windows 8 ProtectionWhat you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software. Up to date SoftwareStay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check: Secunia Online Software Inspector - Checks if your software has updates available. Filehippo Update Checkere - This tool also scans your computer for outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser. [*] BackupsThere are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] BrainsIt's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want. Link to post Share on other sites More sharing options...
Aendromeda Posted June 29, 2013 Author ID:696811 Share Posted June 29, 2013 Thank you, Now I can finally get back to drawing. Link to post Share on other sites More sharing options...
Psychotic Posted June 29, 2013 ID:696855 Share Posted June 29, 2013 You´re welcome! Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 30, 2013 ID:697243 Share Posted June 30, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts