Jump to content

infected with the System Care virus...help, please.


Recommended Posts

Hello Cheeky1 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

    Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

I ran the TDSSrootkiller.  Results were clean:

 

13:32:25.0109 1780  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
13:32:25.0140 1780  ============================================================
13:32:25.0140 1780  Current date / time: 2013/08/10 13:32:25.0140
13:32:25.0140 1780  SystemInfo:
13:32:25.0140 1780 
13:32:25.0156 1780  OS Version: 5.1.2600 ServicePack: 3.0
13:32:25.0156 1780  Product type: Workstation
13:32:25.0156 1780  ComputerName: TIMBULGER
13:32:25.0156 1780  UserName: Administrator
13:32:25.0156 1780  Windows directory: C:\WINDOWS
13:32:25.0156 1780  System windows directory: C:\WINDOWS
13:32:25.0156 1780  Processor architecture: Intel x86
13:32:25.0156 1780  Number of processors: 1
13:32:25.0156 1780  Page size: 0x1000
13:32:25.0156 1780  Boot type: Safe boot
13:32:25.0156 1780  ============================================================
13:32:27.0859 1780  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F51D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
13:32:27.0875 1780  Drive \Device\Harddisk1\DR5 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:27.0875 1780  ============================================================
13:32:27.0875 1780  \Device\Harddisk0\DR0:
13:32:27.0875 1780  MBR partitions:
13:32:27.0875 1780  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xDAE6FE
13:32:27.0875 1780  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDAE73D, BlocksNum 0xAC9E843
13:32:27.0875 1780  \Device\Harddisk1\DR5:
13:32:27.0875 1780  MBR partitions:
13:32:27.0875 1780  \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
13:32:27.0875 1780  ============================================================
13:32:27.0968 1780  C: <-> \Device\Harddisk0\DR0\Partition2
13:32:27.0968 1780  D: <-> \Device\Harddisk0\DR0\Partition1
13:32:27.0968 1780  ============================================================
13:32:27.0968 1780  Initialize success
13:32:27.0968 1780  ============================================================
13:32:30.0906 1808  ============================================================
13:32:30.0906 1808  Scan started
13:32:30.0906 1808  Mode: Manual;
13:32:30.0906 1808  ============================================================
13:32:33.0062 1808  ================ Scan system memory ========================
13:32:33.0062 1808  System memory - ok
13:32:33.0093 1808  ================ Scan services =============================
13:32:34.0203 1808  Abiosdsk - ok
13:32:34.0265 1808  abp480n5 - ok
13:32:34.0578 1808  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:32:34.0765 1808  ACPI - ok
13:32:34.0859 1808  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:32:34.0875 1808  ACPIEC - ok
13:32:34.0921 1808  adpu160m - ok
13:32:35.0171 1808  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
13:32:35.0312 1808  aec - ok
13:32:35.0562 1808  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
13:32:35.0734 1808  AFD - ok
13:32:35.0796 1808  Aha154x - ok
13:32:35.0875 1808  aic78u2 - ok
13:32:35.0921 1808  aic78xx - ok
13:32:36.0046 1808  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
13:32:36.0062 1808  Alerter - ok
13:32:36.0203 1808  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
13:32:36.0250 1808  ALG - ok
13:32:36.0281 1808  AliIde - ok
13:32:36.0484 1808  [ E6A2299284013EC4DE3419481A62069F ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:32:36.0515 1808  AmdK8 - ok
13:32:36.0578 1808  amsint - ok
13:32:36.0875 1808  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:32:36.0937 1808  Apple Mobile Device - ok
13:32:37.0234 1808  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
13:32:37.0406 1808  AppMgmt - ok
13:32:37.0546 1808  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:32:37.0625 1808  Arp1394 - ok
13:32:37.0656 1808  asc - ok
13:32:37.0687 1808  asc3350p - ok
13:32:37.0750 1808  asc3550 - ok
13:32:38.0250 1808  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:32:38.0421 1808  aspnet_state - ok
13:32:38.0531 1808  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:32:38.0546 1808  AsyncMac - ok
13:32:38.0750 1808  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
13:32:38.0750 1808  atapi - ok
13:32:38.0796 1808  Atdisk - ok
13:32:39.0265 1808  [ 97F0D1CFEE7CCD1F3302F393BA3481FC ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:32:39.0625 1808  Ati HotKey Poller - ok
13:32:40.0875 1808  [ C8DC21751C5684A14EC075FDD2473719 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:32:41.0984 1808  ati2mtag - ok
13:32:42.0218 1808  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:32:42.0312 1808  Atmarpc - ok
13:32:42.0437 1808  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
13:32:42.0484 1808  AudioSrv - ok
13:32:42.0562 1808  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
13:32:42.0562 1808  audstub - ok
13:32:43.0421 1808  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:32:44.0062 1808  BCM43XX - ok
13:32:44.0203 1808  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:32:44.0203 1808  Beep - ok
13:32:44.0671 1808  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
13:32:45.0171 1808  BITS - ok
13:32:45.0640 1808  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:32:45.0984 1808  Bonjour Service - ok
13:32:46.0140 1808  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
13:32:46.0234 1808  Browser - ok
13:32:46.0343 1808  [ 80EB55B615ED0F669A28A96FEFD4603F ] CAMCAUD         C:\WINDOWS\system32\drivers\camc6aud.sys
13:32:46.0390 1808  CAMCAUD - ok
13:32:46.0781 1808  [ AD1D8DEBDB1DF8682E374E0CD1638C1B ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
13:32:47.0125 1808  CAMCHALA - ok
13:32:47.0250 1808  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
13:32:47.0265 1808  cbidf2k - ok
13:32:47.0578 1808  [ C8D7452EB1DFC5E1FF044BE28C4B07E1 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
13:32:47.0765 1808  ccEvtMgr - ok
13:32:47.0953 1808  [ EF8116F41B92AB7A577CFDA867CFA542 ] ccPwdSvc        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
13:32:48.0031 1808  ccPwdSvc - ok
13:32:48.0250 1808  [ 13248340757445EF3E158D99D6181FCC ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
13:32:48.0406 1808  ccSetMgr - ok
13:32:48.0453 1808  cd20xrnt - ok
13:32:48.0640 1808  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
13:32:48.0671 1808  Cdaudio - ok
13:32:48.0828 1808  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
13:32:48.0921 1808  Cdfs - ok
13:32:49.0093 1808  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:32:49.0156 1808  Cdrom - ok
13:32:49.0218 1808  Changer - ok
13:32:49.0328 1808  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\System32\cisvc.exe
13:32:49.0328 1808  cisvc - ok
13:32:49.0421 1808  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
13:32:49.0453 1808  ClipSrv - ok
13:32:49.0625 1808  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:49.0875 1808  clr_optimization_v2.0.50727_32 - ok
13:32:49.0968 1808  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:32:49.0984 1808  CmBatt - ok
13:32:50.0031 1808  CmdIde - ok
13:32:50.0125 1808  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:32:50.0156 1808  Compbatt - ok
13:32:50.0218 1808  COMSysApp - ok
13:32:50.0343 1808  Cpqarray - ok
13:32:50.0484 1808  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
13:32:50.0515 1808  CryptSvc - ok
13:32:50.0562 1808  dac2w2k - ok
13:32:50.0625 1808  dac960nt - ok
13:32:51.0140 1808  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:32:51.0515 1808  DcomLaunch - ok
13:32:51.0671 1808  [ CC564A31A2E9F7DDB6DE55848C3C0A0B ] DefWatch        C:\Program Files\Symantec AntiVirus\DefWatch.exe
13:32:51.0687 1808  DefWatch - ok
13:32:51.0937 1808  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
13:32:52.0078 1808  Dhcp - ok
13:32:52.0171 1808  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
13:32:52.0171 1808  Disk - ok
13:32:52.0265 1808  dmadmin - ok
13:32:53.0140 1808  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
13:32:53.0984 1808  dmboot - ok
13:32:54.0203 1808  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
13:32:54.0359 1808  dmio - ok
13:32:54.0437 1808  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
13:32:54.0453 1808  dmload - ok
13:32:54.0546 1808  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
13:32:54.0546 1808  dmserver - ok
13:32:54.0671 1808  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
13:32:54.0734 1808  DMusic - ok
13:32:54.0890 1808  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:32:54.0953 1808  Dnscache - ok
13:32:55.0171 1808  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:32:55.0312 1808  Dot3svc - ok
13:32:55.0375 1808  dpti2o - ok
13:32:55.0453 1808  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:32:55.0468 1808  drmkaud - ok
13:32:55.0562 1808  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
13:32:55.0609 1808  EapHost - ok
13:32:56.0093 1808  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:32:56.0468 1808  eeCtrl - ok
13:32:56.0671 1808  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
13:32:56.0781 1808  EraserUtilDrv11220 - ok
13:32:56.0843 1808  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
13:32:56.0859 1808  ERSvc - ok
13:32:57.0078 1808  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
13:32:57.0125 1808  Eventlog - ok
13:32:57.0484 1808  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
13:32:57.0750 1808  EventSystem - ok
13:32:57.0984 1808  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
13:32:58.0125 1808  Fastfat - ok
13:32:58.0375 1808  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:32:58.0515 1808  FastUserSwitchingCompatibility - ok
13:32:58.0609 1808  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
13:32:58.0640 1808  Fdc - ok
13:32:58.0750 1808  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
13:32:58.0812 1808  Fips - ok
13:32:58.0875 1808  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
13:32:58.0906 1808  Flpydisk - ok
13:32:59.0109 1808  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:32:59.0250 1808  FltMgr - ok
13:32:59.0468 1808  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:32:59.0531 1808  FontCache3.0.0.0 - ok
13:32:59.0609 1808  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:32:59.0625 1808  Fs_Rec - ok
13:32:59.0812 1808  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:32:59.0937 1808  Ftdisk - ok
13:33:00.0031 1808  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:33:00.0062 1808  GEARAspiWDM - ok
13:33:00.0187 1808  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:33:00.0234 1808  Gpc - ok
13:33:00.0453 1808  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:33:00.0453 1808  helpsvc - ok
13:33:00.0484 1808  HidServ - ok
13:33:00.0531 1808  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:33:00.0546 1808  hidusb - ok
13:33:00.0703 1808  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
13:33:00.0765 1808  hkmsvc - ok
13:33:00.0812 1808  hpn - ok
13:33:01.0265 1808  [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:33:01.0484 1808  hpqcxs08 - ok
13:33:01.0734 1808  [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:33:01.0875 1808  hpqddsvc - ok
13:33:01.0906 1808  hpt3xx - ok
13:33:02.0218 1808  [ A32F20830996D61D862311F138870A0C ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
13:33:02.0421 1808  HSFHWATI - ok
13:33:03.0531 1808  [ 822C60F2ABEE73A0E089230D94064F39 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:33:04.0593 1808  HSF_DPV - ok
13:33:05.0078 1808  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
13:33:05.0421 1808  HTTP - ok
13:33:05.0531 1808  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
13:33:05.0593 1808  HTTPFilter - ok
13:33:05.0656 1808  i2omgmt - ok
13:33:05.0687 1808  i2omp - ok
13:33:05.0812 1808  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:33:05.0859 1808  i8042prt - ok
13:33:06.0906 1808  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:33:07.0828 1808  idsvc - ok
13:33:07.0921 1808  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
13:33:07.0953 1808  Imapi - ok
13:33:08.0218 1808  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\System32\imapi.exe
13:33:08.0375 1808  ImapiService - ok
13:33:08.0468 1808  ini910u - ok
13:33:08.0531 1808  IntelIde - ok
13:33:08.0625 1808  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
13:33:08.0671 1808  ip6fw - ok
13:33:08.0812 1808  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:33:08.0843 1808  IpFilterDriver - ok
13:33:08.0921 1808  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:33:08.0953 1808  IpInIp - ok
13:33:09.0203 1808  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:33:09.0359 1808  IpNat - ok
13:33:10.0265 1808  [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:33:11.0109 1808  iPod Service - ok
13:33:11.0281 1808  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:33:11.0359 1808  IPSec - ok
13:33:11.0406 1808  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
13:33:11.0421 1808  IRENUM - ok
13:33:11.0546 1808  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:33:11.0578 1808  isapnp - ok
13:33:11.0906 1808  [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:33:12.0109 1808  JavaQuickStarterService - ok
13:33:12.0218 1808  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:33:12.0234 1808  Kbdclass - ok
13:33:12.0468 1808  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
13:33:12.0640 1808  kmixer - ok
13:33:12.0796 1808  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
13:33:12.0906 1808  KSecDD - ok
13:33:13.0109 1808  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
13:33:13.0265 1808  lanmanserver - ok
13:33:13.0500 1808  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:33:13.0640 1808  lanmanworkstation - ok
13:33:13.0703 1808  lbrtfdc - ok
13:33:13.0843 1808  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
13:33:13.0859 1808  LmHosts - ok
13:33:14.0281 1808  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
13:33:14.0531 1808  McComponentHostService - ok
13:33:14.0656 1808  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:33:14.0687 1808  mdmxsdk - ok
13:33:14.0812 1808  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
13:33:14.0843 1808  Messenger - ok
13:33:14.0953 1808  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
13:33:14.0953 1808  mnmdd - ok
13:33:15.0062 1808  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
13:33:15.0109 1808  mnmsrvc - ok
13:33:15.0187 1808  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
13:33:15.0218 1808  Modem - ok
13:33:15.0328 1808  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:33:15.0343 1808  Mouclass - ok
13:33:15.0453 1808  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:33:15.0453 1808  mouhid - ok
13:33:15.0578 1808  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
13:33:15.0609 1808  MountMgr - ok
13:33:15.0671 1808  mraid35x - ok
13:33:15.0921 1808  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:33:16.0109 1808  MRxDAV - ok
13:33:16.0671 1808  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:33:17.0140 1808  MRxSmb - ok
13:33:17.0187 1808  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
13:33:17.0203 1808  MSDTC - ok
13:33:17.0312 1808  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:33:17.0328 1808  Msfs - ok
13:33:17.0406 1808  MSIServer - ok
13:33:17.0468 1808  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:33:17.0468 1808  MSKSSRV - ok
13:33:17.0562 1808  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:33:17.0578 1808  MSPCLOCK - ok
13:33:17.0656 1808  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
13:33:17.0671 1808  MSPQM - ok
13:33:17.0781 1808  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:33:17.0828 1808  mssmbios - ok
13:33:18.0015 1808  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
13:33:18.0156 1808  Mup - ok
13:33:18.0578 1808  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
13:33:18.0859 1808  napagent - ok
13:33:19.0125 1808  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130708.002\naveng.sys
13:33:19.0296 1808  NAVENG - ok
13:33:20.0953 1808  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130708.002\navex15.sys
13:33:22.0609 1808  NAVEX15 - ok
13:33:22.0843 1808  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
13:33:23.0031 1808  NDIS - ok
13:33:23.0125 1808  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:33:23.0140 1808  NdisTapi - ok
13:33:23.0265 1808  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:33:23.0281 1808  Ndisuio - ok
13:33:23.0453 1808  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:33:23.0562 1808  NdisWan - ok
13:33:23.0703 1808  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
13:33:23.0750 1808  NDProxy - ok
13:33:23.0843 1808  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
13:33:23.0875 1808  NetBIOS - ok
13:33:24.0093 1808  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:33:24.0359 1808  NetBT - ok
13:33:24.0578 1808  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
13:33:24.0703 1808  NetDDE - ok
13:33:24.0875 1808  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
13:33:24.0875 1808  NetDDEdsdm - ok
13:33:24.0968 1808  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\System32\lsass.exe
13:33:24.0968 1808  Netlogon - ok
13:33:25.0234 1808  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
13:33:25.0421 1808  Netman - ok
13:33:25.0656 1808  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:25.0796 1808  NetTcpPortSharing - ok
13:33:25.0937 1808  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:33:26.0015 1808  NIC1394 - ok
13:33:26.0343 1808  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
13:33:26.0578 1808  Nla - ok
13:33:26.0656 1808  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:33:26.0687 1808  Npfs - ok
13:33:27.0328 1808  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
13:33:27.0906 1808  Ntfs - ok
13:33:27.0953 1808  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
13:33:27.0953 1808  NtLmSsp - ok
13:33:28.0468 1808  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
13:33:28.0906 1808  NtmsSvc - ok
13:33:28.0984 1808  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:33:28.0984 1808  Null - ok
13:33:29.0312 1808  [ FC2A8AAA0F3321F41231EDE0AF1968AE ] NWADI           C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
13:33:29.0312 1808  NWADI - ok
13:33:29.0437 1808  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:33:29.0453 1808  NwlnkFlt - ok
13:33:29.0546 1808  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:33:29.0578 1808  NwlnkFwd - ok
13:33:29.0687 1808  [ 224131778C92AEE8C13AFAC5FBFF19CA ] NWUSBCDFIL      C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
13:33:29.0703 1808  NWUSBCDFIL - ok
13:33:29.0921 1808  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem      C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
13:33:30.0093 1808  NWUSBModem - ok
13:33:30.0359 1808  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort       C:\WINDOWS\system32\DRIVERS\nwusbser.sys
13:33:30.0531 1808  NWUSBPort - ok
13:33:30.0781 1808  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2      C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
13:33:30.0953 1808  NWUSBPort2 - ok
13:33:31.0578 1808  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:33:32.0015 1808  odserv - ok
13:33:32.0156 1808  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:33:32.0218 1808  ohci1394 - ok
13:33:32.0500 1808  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:32.0656 1808  ose - ok
13:33:32.0875 1808  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
13:33:32.0984 1808  Parport - ok
13:33:33.0031 1808  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
13:33:33.0062 1808  PartMgr - ok
13:33:33.0171 1808  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
13:33:33.0187 1808  ParVdm - ok
13:33:33.0343 1808  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
13:33:33.0406 1808  PCI - ok
13:33:33.0468 1808  PCIDump - ok
13:33:33.0562 1808  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
13:33:33.0562 1808  PCIIde - ok
13:33:33.0750 1808  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:33:33.0890 1808  Pcmcia - ok
13:33:33.0953 1808  PDCOMP - ok
13:33:34.0015 1808  PDFRAME - ok
13:33:34.0078 1808  PDRELI - ok
13:33:34.0140 1808  PDRFRAME - ok
13:33:34.0171 1808  perc2 - ok
13:33:34.0234 1808  perc2hib - ok
13:33:34.0484 1808  [ ED2E7F396B4098608C95BC3806BDF6FC ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
13:33:34.0500 1808  pfc - ok
13:33:34.0656 1808  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
13:33:34.0656 1808  PlugPlay - ok
13:33:34.0734 1808  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
13:33:34.0734 1808  PolicyAgent - ok
13:33:34.0859 1808  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:33:34.0921 1808  PptpMiniport - ok
13:33:35.0062 1808  [ 6135B976E16F80C1B1363BE882344785 ] PrismXL         C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
13:33:35.0125 1808  PrismXL - ok
13:33:35.0296 1808  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
13:33:35.0328 1808  Processor - ok
13:33:35.0406 1808  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:33:35.0406 1808  ProtectedStorage - ok
13:33:35.0593 1808  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
13:33:35.0656 1808  PSched - ok
13:33:35.0828 1808  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:33:35.0859 1808  Ptilink - ok
13:33:35.0921 1808  ql1080 - ok
13:33:35.0984 1808  Ql10wnt - ok
13:33:36.0046 1808  ql12160 - ok
13:33:36.0109 1808  ql1240 - ok
13:33:36.0171 1808  ql1280 - ok
13:33:36.0281 1808  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:33:36.0296 1808  RasAcd - ok
13:33:36.0468 1808  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:33:36.0593 1808  RasAuto - ok
13:33:36.0718 1808  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:33:36.0765 1808  Rasl2tp - ok
13:33:37.0078 1808  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:33:37.0265 1808  RasMan - ok
13:33:37.0390 1808  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:33:37.0437 1808  RasPppoe - ok
13:33:37.0515 1808  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
13:33:37.0531 1808  Raspti - ok
13:33:37.0765 1808  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:33:37.0937 1808  Rdbss - ok
13:33:38.0015 1808  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:33:38.0015 1808  RDPCDD - ok
13:33:38.0312 1808  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:33:38.0515 1808  rdpdr - ok
13:33:38.0796 1808  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
13:33:38.0937 1808  RDPWD - ok
13:33:39.0156 1808  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
13:33:39.0296 1808  RDSessMgr - ok
13:33:39.0453 1808  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
13:33:39.0515 1808  redbook - ok
13:33:39.0656 1808  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:33:39.0703 1808  RemoteAccess - ok
13:33:39.0828 1808  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:33:39.0890 1808  RemoteRegistry - ok
13:33:40.0046 1808  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
13:33:40.0125 1808  RpcLocator - ok
13:33:40.0640 1808  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
13:33:40.0640 1808  RpcSs - ok
13:33:40.0906 1808  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
13:33:41.0046 1808  RSVP - ok
13:33:41.0140 1808  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:33:41.0140 1808  SamSs - ok
13:33:41.0421 1808  [ E20AED7668511D2848D64F2F3FA7C8E0 ] SavRoam         C:\Program Files\Symantec AntiVirus\SavRoam.exe
13:33:41.0546 1808  SavRoam - ok
13:33:41.0968 1808  [ A00D5AA4748A1002590F08AA00FC660D ] SAVRT           C:\Program Files\Symantec AntiVirus\savrt.sys
13:33:42.0296 1808  SAVRT - ok
13:33:42.0437 1808  [ 1E805005583BE1C1568A3FCE259C81E3 ] SAVRTPEL        C:\Program Files\Symantec AntiVirus\Savrtpel.sys
13:33:42.0484 1808  SAVRTPEL - ok
13:33:42.0656 1808  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
13:33:42.0750 1808  SCardSvr - ok
13:33:43.0031 1808  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:33:43.0218 1808  Schedule - ok
13:33:43.0421 1808  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:33:43.0500 1808  sdbus - ok
13:33:43.0593 1808  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:33:43.0625 1808  Secdrv - ok
13:33:43.0703 1808  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
13:33:43.0734 1808  seclogon - ok
13:33:43.0828 1808  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
13:33:43.0859 1808  SENS - ok
13:33:44.0000 1808  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
13:33:44.0062 1808  Serial - ok
13:33:44.0234 1808  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
13:33:44.0390 1808  Sfloppy - ok
13:33:44.0625 1808  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:33:44.0625 1808  ShellHWDetection - ok
13:33:44.0671 1808  Simbad - ok
13:33:44.0828 1808  SMNDIS5 - ok
13:33:45.0187 1808  [ 074001698482DE1F6DDC7BE92DA67721 ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
13:33:45.0437 1808  SNDSrvc - ok
13:33:45.0531 1808  Sparrow - ok
13:33:46.0031 1808  [ C30FA11923892A4DBD1C747DB8492E8F ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:33:46.0421 1808  SPBBCDrv - ok
13:33:47.0468 1808  [ EA07435C72A8534C3A8E02D87246E546 ] SPBBCSvc        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
13:33:48.0453 1808  SPBBCSvc - ok
13:33:48.0562 1808  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
13:33:48.0562 1808  splitter - ok
13:33:48.0734 1808  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
13:33:48.0796 1808  Spooler - ok
13:33:48.0906 1808  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
13:33:49.0000 1808  sr - ok
13:33:49.0312 1808  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\System32\srsvc.dll
13:33:49.0500 1808  srservice - ok
13:33:49.0953 1808  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:33:50.0312 1808  Srv - ok
13:33:50.0468 1808  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:33:50.0546 1808  SSDPSRV - ok
13:33:50.0937 1808  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
13:33:51.0281 1808  stisvc - ok
13:33:51.0375 1808  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
13:33:51.0390 1808  swenum - ok
13:33:51.0484 1808  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
13:33:51.0546 1808  swmidi - ok
13:33:51.0609 1808  SwPrv - ok
13:33:53.0453 1808  [ 07C8477743AA4A7DB19CCD23598817B1 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
13:33:55.0234 1808  Symantec AntiVirus - ok
13:33:55.0312 1808  symc810 - ok
13:33:55.0375 1808  symc8xx - ok
13:33:55.0656 1808  [ 3FEEB051C94F5005F56423619315273B ] SymEvent        C:\Program Files\Symantec\SYMEVENT.SYS
13:33:55.0781 1808  SymEvent - ok
13:33:55.0875 1808  [ 8D668FE83A439E2166B7DEFFF995CDDC ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:33:55.0906 1808  SYMREDRV - ok
13:33:56.0296 1808  [ B825E10CD61046672FEF234820842C42 ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
13:33:56.0562 1808  SYMTDI - ok
13:33:56.0625 1808  sym_hi - ok
13:33:56.0687 1808  sym_u3 - ok
13:33:56.0937 1808  [ EB363DDFBE8B6D51003CCAB29D93D744 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:33:57.0125 1808  SynTP - ok
13:33:57.0265 1808  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
13:33:57.0312 1808  sysaudio - ok
13:33:57.0484 1808  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
13:33:57.0578 1808  SysmonLog - ok
13:33:57.0875 1808  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:33:58.0125 1808  TapiSrv - ok
13:33:58.0562 1808  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:33:58.0921 1808  Tcpip - ok
13:33:59.0046 1808  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
13:33:59.0062 1808  TDPIPE - ok
13:33:59.0140 1808  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
13:33:59.0156 1808  TDTCP - ok
13:33:59.0296 1808  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
13:33:59.0328 1808  TermDD - ok
13:33:59.0718 1808  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
13:34:00.0015 1808  TermService - ok
13:34:00.0203 1808  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
13:34:00.0203 1808  Themes - ok
13:34:00.0375 1808  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
13:34:00.0453 1808  TlntSvr - ok
13:34:00.0500 1808  TosIde - ok
13:34:00.0640 1808  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
13:34:00.0734 1808  TrkWks - ok
13:34:00.0859 1808  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
13:34:00.0953 1808  Udfs - ok
13:34:00.0984 1808  ultra - ok
13:34:01.0468 1808  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
13:34:01.0843 1808  Update - ok
13:34:02.0125 1808  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:34:02.0328 1808  upnphost - ok
13:34:02.0421 1808  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
13:34:02.0453 1808  UPS - ok
13:34:02.0625 1808  [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
13:34:02.0656 1808  USBAAPL - ok
13:34:02.0828 1808  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:34:02.0859 1808  usbccgp - ok
13:34:02.0953 1808  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:34:02.0968 1808  usbehci - ok
13:34:03.0140 1808  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:34:03.0187 1808  usbhub - ok
13:34:03.0265 1808  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:34:03.0281 1808  usbohci - ok
13:34:03.0406 1808  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:34:03.0437 1808  usbprint - ok
13:34:03.0515 1808  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:34:03.0531 1808  usbscan - ok
13:34:03.0640 1808  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:34:03.0671 1808  USBSTOR - ok
13:34:03.0750 1808  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
13:34:03.0765 1808  VgaSave - ok
13:34:03.0828 1808  ViaIde - ok
13:34:03.0937 1808  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
13:34:03.0984 1808  VolSnap - ok
13:34:04.0359 1808  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
13:34:04.0671 1808  VSS - ok
13:34:04.0953 1808  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\System32\w32time.dll
13:34:05.0125 1808  W32Time - ok
13:34:05.0265 1808  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:34:05.0312 1808  Wanarp - ok
13:34:05.0390 1808  WDICA - ok
13:34:05.0546 1808  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
13:34:05.0625 1808  wdmaud - ok
13:34:05.0765 1808  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:34:05.0828 1808  WebClient - ok
13:34:06.0703 1808  [ 5EA185425BFCBC2D4B96D673D8C4DEAF ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:34:07.0406 1808  winachsf - ok
13:34:07.0734 1808  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:34:07.0859 1808  winmgmt - ok
13:34:08.0015 1808  wltrysvc - ok
13:34:08.0156 1808  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
13:34:08.0187 1808  WmdmPmSN - ok
13:34:08.0875 1808  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
13:34:09.0453 1808  Wmi - ok
13:34:09.0656 1808  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:34:09.0812 1808  WmiApSrv - ok
13:34:10.0859 1808  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
13:34:11.0812 1808  WMPNetworkSvc - ok
13:34:11.0921 1808  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:34:11.0968 1808  WpdUsb - ok
13:34:12.0046 1808  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
13:34:12.0078 1808  wuauserv - ok
13:34:12.0265 1808  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:34:12.0343 1808  WudfPf - ok
13:34:12.0531 1808  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:34:12.0625 1808  WudfRd - ok
13:34:12.0781 1808  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
13:34:12.0859 1808  WudfSvc - ok
13:34:13.0437 1808  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
13:34:13.0921 1808  WZCSVC - ok
13:34:14.0140 1808  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
13:34:14.0265 1808  xmlprov - ok
13:34:14.0609 1808  [ 9A916F4354EEF85C535DD792754EDC1D ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:34:14.0875 1808  yukonwxp - ok
13:34:15.0343 1808  [ 3E70D7B861BA46961CB2E1ED5606906A ] ‮etadpug        C:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe
13:34:15.0515 1808  ‮etadpug - ok
13:34:15.0546 1808  ================ Scan global ===============================
13:34:15.0671 1808  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:34:16.0062 1808  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:34:16.0671 1808  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:34:16.0828 1808  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:34:16.0828 1808  [Global] - ok
13:34:16.0859 1808  ================ Scan MBR ==================================
13:34:16.0937 1808  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:34:17.0515 1808  \Device\Harddisk0\DR0 - ok
13:34:17.0625 1808  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR5
13:34:17.0656 1808  \Device\Harddisk1\DR5 - ok
13:34:17.0687 1808  ================ Scan VBR ==================================
13:34:17.0734 1808  [ 83AF556582CA3F696FFB48F3BE6901A8 ] \Device\Harddisk0\DR0\Partition1
13:34:17.0734 1808  \Device\Harddisk0\DR0\Partition1 - ok
13:34:17.0828 1808  [ D770575CDDBBF5556390FF3860F1EE02 ] \Device\Harddisk0\DR0\Partition2
13:34:17.0828 1808  \Device\Harddisk0\DR0\Partition2 - ok
13:34:17.0875 1808  [ C8EBB0EF2FE05518238B63127C8BC15B ] \Device\Harddisk1\DR5\Partition1
13:34:17.0875 1808  \Device\Harddisk1\DR5\Partition1 - ok
13:34:17.0906 1808  ============================================================
13:34:17.0906 1808  Scan finished
13:34:17.0906 1808  ============================================================
13:34:18.0000 1800  Detected object count: 0
13:34:18.0000 1800  Actual detected object count: 0
13:34:26.0218 1772  Deinitialize success

 

 

 

_______________________

 

 

However, before the mbar completed its scan (found 7 threats) my computer shut down on its own.  I was attempt to start it back up and it would start then immediately (within 2 or 3 seconds) shut down again.  I removed my USB from the computer and it has completed its start routine.

Link to post
Share on other sites

Ok.  The mbar needed to be run 3 times before it resulted 'clean'.

 

system log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.989000 GHz
Memory total: 1004781568, free: 789327872

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.989000 GHz
Memory total: 1004781568, free: 787632128

=======================================

Initializing...
------------ Kernel report ------------
     08/10/2013 13:38:53
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR5
Upper Device Object: 0xffffffff85502498
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff85521ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85770908
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff85792940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85770908, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8576fda8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85770908, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85774910, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85792940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D8F6105D

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 14345982

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14346045  Numsec = 181004355
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff85502498, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85542e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85502498, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85521ea0, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 7821280

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 4004511744 bytes
Sector size: 512 bytes

Done!
Infected: c:\Documents and Settings\Tim\Application Data\dmdpn.dll --> [iPH.Trojan.Medfos.ADRM3]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dmdpn --> [iPH.Trojan.Medfos.ADRM3]
Infected: c:\Documents and Settings\Tim\Application Data\urylap.dll --> [iPH.Trojan.Medfos.ADRM3]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|urylap --> [iPH.Trojan.Medfos.ADRM3]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\googleupdate.exe --> [Trojan.0Access]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\‮etadpug --> [Trojan.0Access]
Infected: c:\Documents and Settings\All Users\Application Data\38E67D37F1FADA74000038E64455DEA5\38E67D37F1FADA74000038E64455DEA5.exe --> [Trojan.Genpack.SRE]
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.989000 GHz
Memory total: 1004781568, free: 809066496

Initializing...
------------ Kernel report ------------
     08/10/2013 14:26:50
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85770908
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff85792940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85770908, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8576fda8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85770908, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85774910, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85792940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D8F6105D

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 14345982

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14346045  Numsec = 181004355
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
Done!
Infected: c:\Documents and Settings\Tim\Application Data\dmdpn.dll --> [iPH.Trojan.Medfos.ADRM3]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dmdpn --> [iPH.Trojan.Medfos.ADRM3]
Infected: c:\Documents and Settings\Tim\Application Data\urylap.dll --> [iPH.Trojan.Medfos.ADRM3]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|urylap --> [iPH.Trojan.Medfos.ADRM3]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\googleupdate.exe --> [Trojan.0Access]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\‮etadpug --> [Trojan.0Access]
Infected: c:\Documents and Settings\All Users\Application Data\38E67D37F1FADA74000038E64455DEA5\38E67D37F1FADA74000038E64455DEA5.exe --> [Trojan.Genpack.SRE]
Infected: c:\Documents and Settings\Tim\Local Settings\Temp\~!#53.tmp --> [Trojan.Genpack.SRE]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙ --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f} --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\@ --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\L --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\U --> [Trojan.0Access]
Infected: c:\Documents and Settings\Tim\Local Settings\Application Data\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\    --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \    --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\@ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\l --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\u --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\u\00000001.@ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\u\80000000.@ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\u\800000cb.@ --> [Trojan.0Access]
Infected: c:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_14346045_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.989000 GHz
Memory total: 1004781568, free: 794353664

Initializing...
------------ Kernel report ------------
     08/10/2013 17:18:20
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\yk51x86.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff857d6ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff85775940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff857d6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8573abb0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff857d6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff857839e8, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85775940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D8F6105D

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 14345982

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14346045  Numsec = 181004355
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
Done!
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\    --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \    --> [Trojan.0Access]
Infected: c:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_14346045_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.989000 GHz
Memory total: 1004781568, free: 794542080

Initializing...
------------ Kernel report ------------
     08/10/2013 17:40:25
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\yk51x86.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85775ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8578a940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85775ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85759990, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85775ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff857cb9e8, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8578a940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D8F6105D

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 14345982

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14346045  Numsec = 181004355
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_14346045_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

 

 

________________

 

The final mbar log:

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.07.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: TIMBULGER [administrator]

8/10/2013 5:40:38 PM
mbar-log-2013-08-10 (17-40-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 235650
Time elapsed: 13 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

_________

_________________-

 

 

I am having a bit of trouble disabling symantec antivirus corporate edition.  I have symantic AV, but I find no corporate edition on my machine.  Combofix is picking up that the SAVCE is active.  I have disabled all the SAV autoprotect features.  I am at a loss here.  The version I have is 2005 Symantec AntiVirus Full version:  10.0.1.1000.

Link to post
Share on other sites

Combo fix report:

 

ComboFix 13-08-09.02 - Administrator 08/10/2013  20:00:56.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.697 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\vlc-1.0.3-win32.exe
c:\documents and settings\Tim\WINDOWS
c:\program files\CouponAlert_2pEI
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-10 17:38 . 2013-08-10 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-08-10 17:36 . 2013-08-10 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-10 17:36 . 2013-08-10 17:36 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-10 17:07 . 2013-08-10 17:07 -------- d-----w- c:\documents and settings\Administrator
2013-08-10 12:56 . 2013-08-10 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\38E67D37F1FADA74000038E64455DEA5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 03:55 . 2009-02-04 19:01 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2001-08-23 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2001-08-23 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-06-03 15:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"(cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\cleanup.dll" [2013-08-07 1563448]
"A0"="c:\documents and settings\Administrator\Desktop\mbar\mbar.exe" [2013-08-07 770872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/10/2013 1:36 PM 35144]
S2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608]
S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [7/12/2013 8:55 AM 106656]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/25/2005 3:26 PM 200576]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.

FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-mbamchameleon
AddRemove-KeynoteConnector - c:\windows\DOWNLO~1\CONNEC~2.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-10 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
Binary file temp00 matches
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-08-10  20:08:33
ComboFix-quarantined-files.txt  2013-08-11 00:08
.
Pre-Run: 60,482,895,872 bytes free
Post-Run: 62,703,190,016 bytes free
.
- - End Of File - - 42501DE7C1856EF6B0296E6C66CB3388
8F558EB6672622401DA993E1E865C861
 

____________________

 

checkup report:

 

 Results of screen317's Security Check version 0.99.72 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Disabled! 
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
C
o
r
p
o
r
a
t
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Cavaj Java Decompiler  
 Java 6 Update 24 
 Java version out of Date!
 Adobe Flash Player  11.1.102.55 
 Adobe Reader 10.1.0 Adobe Reader out of Date! 
 Mozilla Firefox (4.0.1)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

You didn't install the Recovery Console. It's important that you do, because if things go south at some point while we're removing malware, that's your ticket out.

 

Re-run ComboFix but allow it to install the Recovery Console this time.

Link to post
Share on other sites

New combofix log:

 

ComboFix 13-08-09.02 - Administrator 08/10/2013  22:33:33.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.761 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-10 17:36 . 2013-08-10 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-10 17:36 . 2013-08-10 17:36 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-10 17:07 . 2013-08-11 01:23 -------- d-----w- c:\documents and settings\Administrator
2013-08-10 12:56 . 2013-08-10 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\38E67D37F1FADA74000038E64455DEA5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 03:55 . 2009-02-04 19:01 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2001-08-23 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2001-08-23 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-06-03 15:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/25/2005 3:26 PM 200576]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/10/2013 1:36 PM 35144]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 156.154.119.11 156.154.129.11

FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\u2npmhuw.default\
FF - prefs.js: browser.search.selectedEngine - Search Results


FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-08-10 08:58; {8210c391-01bc-11e3-8277-b8ac6f996f26}; c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\u2npmhuw.default\extensions\{8210c391-01bc-11e3-8277-b8ac6f996f26}.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-10 22:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
Binary file temp00 matches
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-08-10  22:41:03
ComboFix-quarantined-files.txt  2013-08-11 02:41
ComboFix2.txt  2013-08-11 00:08
.
Pre-Run: 62,634,778,624 bytes free
Post-Run: 62,642,946,048 bytes free
.
- - End Of File - - 640A1CA0D56790ACF572536AE52FC9A8
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

We're making progress. :)

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

ADwcleaner logfile:

 

# AdwCleaner v2.306 - Logfile created 08/10/2013 at 23:02:21
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - TIMBULGER
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [search]

***** [services] *****

Found : WajamUpdater

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
Folder Found : C:\Documents and Settings\Administrator\Start Menu\Programs\Wajam
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Found : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
Folder Found : C:\Documents and Settings\Tim\Application Data\DriverCure
Folder Found : C:\Documents and Settings\Tim\Application Data\searchquband
Folder Found : C:\Documents and Settings\Tim\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Program Files\PC Optimizer Pro
Folder Found : C:\Program Files\Wajam

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\Wajam
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\Software\pc optimizer pro
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [4215 octets] - [10/08/2013 23:02:21]

########## EOF - C:\AdwCleaner[R1].txt - [4275 octets] ##########

 

 

_________________

 

JRT logfile:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.1 (08.10.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sat 08/10/2013 at 23:05:37.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [service] wajamupdater
Successfully deleted: [service] wajamupdater

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\consumer input"
Failed to delete: [Folder] "C:\Program Files\pc optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\start menu\programs\wajam"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/10/2013 at 23:07:57.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

_____________________

 

OTL logfile:

 

OTL logfile created on: 8/10/2013 11:09:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.23 Mb Total Physical Memory | 602.32 Mb Available Physical Memory | 62.86% Memory free
2.26 Gb Paging File | 2.10 Gb Available in Paging File | 92.69% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 58.28 Gb Free Space | 67.52% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.77 Gb Free Space | 69.92% Space Free | Partition Type: FAT32
 
Computer Name: TIMBULGER | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/10 23:09:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/03/05 03:00:08 | 013,713,688 | ---- | M] (Xportsoft Technologies) -- C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \???\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe <] -- (‮etadpug)
SRV - [2009/02/05 11:50:12 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/06/23 20:27:30 | 000,124,608 | ---- | M] (symantec) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 20:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 20:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 10:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 10:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 10:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 13:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tim\Desktop\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/08/10 13:36:25 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/06/17 04:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130708.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/06/17 04:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130708.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/02/14 11:01:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/18 12:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 12:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/10/12 17:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/05/13 20:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/28 22:37:50 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/22 13:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/22 13:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/04/20 22:46:42 | 000,350,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/04/20 22:45:48 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/04/18 08:26:00 | 000,230,912 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 21:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 21:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/25 15:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 15:26:32 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/01/25 15:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/05/08 11:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1275210071-2000478354-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130832,20029,0,8,0
IE - HKU\S-1-5-21-1275210071-2000478354-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1275210071-2000478354-725345543-500\..\SearchScopes\{05850CFC-C608-4F71-8709-B64C28660600}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130832,20028,0,8,0
IE - HKU\S-1-5-21-1275210071-2000478354-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1275210071-2000478354-725345543-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1275210071-2000478354-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tim\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/03 11:44:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/11 23:05:32 | 000,000,000 | ---D | M]
 
[2012/09/03 12:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/11 23:05:30 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/20 20:29:04 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
O1 HOSTS File: ([2013/08/10 22:39:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-2000478354-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.119.11 156.154.129.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B37CDD-C61E-413D-97C1-DB6F71B54E5A}: DhcpNameServer = 156.154.119.11 156.154.129.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/04 14:12:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/10 23:09:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/08/10 23:05:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/10 23:05:17 | 000,958,418 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2013/08/10 23:00:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/10 22:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\7-Zip
[2013/08/10 22:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
[2013/08/10 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/08/10 22:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/08/10 22:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/08/10 22:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2013/08/10 22:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/08/10 21:24:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/10 21:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/08/10 21:23:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2013/08/10 18:20:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/10 18:20:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/10 18:20:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/10 18:20:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/10 18:06:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/10 18:06:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2013/08/10 18:06:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/08/10 18:06:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/08/10 18:06:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2013/08/10 18:06:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/10 18:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2013/08/10 17:17:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/08/10 16:34:54 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/08/10 13:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/08/10 13:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mbar
[2013/08/10 13:31:20 | 005,102,523 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/08/10 13:31:15 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/08/10 13:31:14 | 012,081,912 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Administrator\Desktop\mbar-1.06.1.1005.exe
[2013/08/10 13:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/08/10 13:07:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/08/10 13:07:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/08/10 13:07:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/08/10 13:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/08/10 13:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/08/10 13:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/08/10 13:07:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/08/10 13:07:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/08/10 13:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/08/10 13:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/08/10 13:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/08/10 13:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/08/10 13:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/08/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/08/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2013/08/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/08/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/08/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/08/10 09:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/08/10 08:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\38E67D37F1FADA74000038E64455DEA5
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/10 23:09:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/08/10 23:05:21 | 000,958,418 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2013/08/10 23:02:15 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/08/10 22:58:11 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Scan.job
[2013/08/10 22:58:08 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2013/08/10 22:58:08 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2013/08/10 22:39:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/10 22:30:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/10 22:30:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/10 21:24:59 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2013/08/10 13:36:25 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/10 13:15:26 | 000,891,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2013/08/10 13:15:00 | 005,102,523 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/08/10 13:12:38 | 012,081,912 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Administrator\Desktop\mbar-1.06.1.1005.exe
[2013/08/10 13:07:04 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/08/02 10:45:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/16 14:42:47 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/16 11:05:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/16 10:56:16 | 000,445,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/16 10:56:16 | 000,072,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/10 23:02:07 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/08/10 22:58:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro Scan.job
[2013/08/10 22:58:08 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2013/08/10 22:58:08 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2013/08/10 21:24:59 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2013/08/10 21:24:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/10 18:20:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/10 18:20:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/10 18:20:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/10 18:20:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/10 18:20:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/10 13:36:25 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/10 13:31:14 | 000,891,115 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2013/08/10 13:07:38 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/08/10 13:07:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/02/22 16:35:31 | 000,056,708 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/14 23:40:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/07 20:05:10 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011/09/07 20:03:31 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/09/07 20:03:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
 
========== ZeroAccess Check ==========
 
[2009/02/04 17:00:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

______________________

 

Extras logfile: 

 

OTL Extras logfile created on: 8/10/2013 11:09:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.23 Mb Total Physical Memory | 602.32 Mb Available Physical Memory | 62.86% Memory free
2.26 Gb Paging File | 2.10 Gb Available in Paging File | 92.69% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 58.28 Gb Free Space | 67.52% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.77 Gb Free Space | 69.92% Space Free | Partition Type: FAT32
 
Computer Name: TIMBULGER | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Cavaj Java Decompiler" = Cavaj Java Decompiler
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FreeWAVToMP3Converter" = Free WAV To MP3 Converter 2.1
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"KeynoteConnector" = Keynote Connector
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"PC Optimizer Pro" = PC Optimizer Pro
"Pdf995" = Pdf995
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.1
"Wajam" = Wajam
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/2/2013 11:11:47 AM | Computer Name = TIMBULGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21328
 
Error - 8/2/2013 11:12:08 AM | Computer Name = TIMBULGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/2/2013 11:12:08 AM | Computer Name = TIMBULGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 43250
 
Error - 8/2/2013 11:12:08 AM | Computer Name = TIMBULGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 43250
 
Error - 8/9/2013 10:20:15 PM | Computer Name = TIMBULGER | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
 hpwucli.exe, version 5.0.8.1, fault address 0x00004607.
 
Error - 8/9/2013 10:20:23 PM | Computer Name = TIMBULGER | Source = Application Error | ID = 1001
Description = Fault bucket 1415223371.
 
Error - 8/10/2013 9:13:23 AM | Computer Name = TIMBULGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/10/2013 9:13:23 AM | Computer Name = TIMBULGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 862235
 
Error - 8/10/2013 9:13:23 AM | Computer Name = TIMBULGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 862235
 
Error - 8/10/2013 10:28:32 PM | Computer Name = TIMBULGER | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
  The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
[ System Events ]
Error - 8/10/2013 8:13:59 PM | Computer Name = TIMBULGER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 8/10/2013 9:22:54 PM | Computer Name = TIMBULGER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the  Network Card with network address 00E0B88DE0CA.
 
Error - 8/10/2013 10:07:05 PM | Computer Name = TIMBULGER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 8/10/2013 10:28:32 PM | Computer Name = TIMBULGER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 8/10/2013 10:30:51 PM | Computer Name = TIMBULGER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
 arguments ""  in order to run the server:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 8/10/2013 10:31:06 PM | Computer Name = TIMBULGER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 8/10/2013 10:32:15 PM | Computer Name = TIMBULGER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AmdK8  eeCtrl  Fips  SAVRT  SAVRTPEL  SYMTDI
 
Error - 8/10/2013 10:41:58 PM | Computer Name = TIMBULGER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 8/10/2013 10:57:40 PM | Computer Name = TIMBULGER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
 arguments ""  in order to run the server:  {000C101C-0000-0000-C000-000000000046}
 
Error - 8/10/2013 11:08:10 PM | Computer Name = TIMBULGER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
 

__________________________

 

With regard to the ESET scan, at the 'check scan archives' and 'click start button'....there is no start button.  It seems as though the pop up window is set to a certain size and when I expand the window, it only shows blue where the expanded sections should be.

Link to post
Share on other sites

The ESETscan:

 

C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\10\67dec4ca-15183ad6 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\10\7c88068a-211e9c33 Java/Agent.BV trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\32\6a5b2be0-402a8636 a variant of Java/TrojanDownloader.OpenConnection.MU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\35\6e9ba0e3-3aa40378 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\38\49ba2326-2c568086 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\44\30c80c6c-7b32d9ec multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\44\38e63bec-23b71cf7 Java/Agent.BV trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\51\4c81ed73-67a1c6d9 probably a variant of Java/Agent.BR trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\56\5ad4b738-604310b2 Java/Agent.BV trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Application Data\Sun\Java\Deployment\cache\6.0\6\4ed4f7c6-595dde63 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tim\Local Settings\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tim\My Documents\Downloads\FreeWAVToMP3ConverterSetup.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Still have a little more to do, but we're nearly there.

----------Step 1----------------
We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

    :OTL
    [2009/02/04 17:00:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \???\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe <] -- (‮etadpug)


    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

OTL logfile:

 

All processes killed
========== OTL ==========
C:\WINDOWS\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
C:\WINDOWS\002239_.tmp deleted successfully.
C:\WINDOWS\005311_.tmp deleted successfully.
C:\WINDOWS\DUMPac8b.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
Service ‮etadpug stopped successfully!
Service ‮etadpug deleted successfully!
File C:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \‮ﯹ๛\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\   \   \???\{a7a7ba0d-7afb-6b34-f76f-441dcad8597f}\GoogleUpdate.exe <] not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 3539640 bytes
->Temporary Internet Files folder emptied: 4613713 bytes
->Flash cache emptied: 56924 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Tim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 743939025 bytes
->Java cache emptied: 4728615 bytes
->FireFox cache emptied: 87640404 bytes
->Flash cache emptied: 23741 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2184320 bytes
 
Total Files Cleaned = 808.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Tim
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Tim
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08112013_133204
 

 

 

 

_________________________________

 

 

 

adwcleaner logfile:

 

# AdwCleaner v2.306 - Logfile created 08/11/2013 at 13:53:05
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - TIMBULGER
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\Tim\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Tim\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Tim\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\PC Optimizer Pro

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6774 octets] - [10/08/2013 23:02:21]
AdwCleaner[s1].txt - [2411 octets] - [11/08/2013 13:53:05]

########## EOF - C:\AdwCleaner[s1].txt - [2471 octets] ##########

Link to post
Share on other sites

new combofix log:

 

ComboFix 13-08-11.02 - Administrator 08/11/2013  14:35:27.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.750 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-11 17:32 . 2013-08-11 17:32 -------- d-----w- C:\_OTL
2013-08-11 03:18 . 2013-08-11 03:18 -------- d-----w- c:\program files\ESET
2013-08-11 03:05 . 2013-08-11 03:05 -------- d-----w- c:\windows\ERUNT
2013-08-11 02:57 . 2013-08-11 02:57 -------- d-----w- c:\program files\7-Zip
2013-08-11 02:57 . 2013-08-11 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2013-08-10 17:36 . 2013-08-10 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-10 17:36 . 2013-08-10 17:36 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-10 17:07 . 2013-08-11 01:23 -------- d-----w- c:\documents and settings\Administrator
2013-08-10 12:56 . 2013-08-10 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\38E67D37F1FADA74000038E64455DEA5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 03:55 . 2009-02-04 19:01 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2001-08-23 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2001-08-23 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-06-03 15:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/25/2005 3:26 PM 200576]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/10/2013 1:36 PM 35144]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 156.154.119.11 156.154.129.11

FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\u2npmhuw.default\
FF - prefs.js: browser.search.selectedEngine - Search Results


FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-08-10 08:58; {8210c391-01bc-11e3-8277-b8ac6f996f26}; c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\u2npmhuw.default\extensions\{8210c391-01bc-11e3-8277-b8ac6f996f26}.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-11 14:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-2000478354-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,d5,8d,3a,e4,79,d1,4c,9e,ae,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,d5,8d,3a,e4,79,d1,4c,9e,ae,94,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\. e*t*a*d*p*u*g*\Security]
"Security"=hex:01,00,14,80,5c,00,00,00,68,00,00,00,14,00,00,00,30,00,00,00,02,
   00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-08-11  14:42:54
ComboFix-quarantined-files.txt  2013-08-11 18:42
ComboFix2.txt  2013-08-11 02:41
ComboFix3.txt  2013-08-11 00:08
.
Pre-Run: 63,220,961,280 bytes free
Post-Run: 63,236,726,784 bytes free
.
- - End Of File - - 76AFC6FD4FBE6F1C4060EFE5BA660C47
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

 

Folder::
C:\Program Files\Google\Desktop

 

Reboot::



Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now
 
Link to post
Share on other sites

new combofix logfile:

 

ComboFix 13-08-11.02 - Administrator 08/11/2013  15:03:42.2.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.673 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-11 17:32 . 2013-08-11 17:32 -------- d-----w- C:\_OTL
2013-08-11 03:18 . 2013-08-11 03:18 -------- d-----w- c:\program files\ESET
2013-08-11 03:05 . 2013-08-11 03:05 -------- d-----w- c:\windows\ERUNT
2013-08-11 02:57 . 2013-08-11 02:57 -------- d-----w- c:\program files\7-Zip
2013-08-11 02:57 . 2013-08-11 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2013-08-10 17:36 . 2013-08-10 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-10 17:36 . 2013-08-10 17:36 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-10 17:07 . 2013-08-11 01:23 -------- d-----w- c:\documents and settings\Administrator
2013-08-10 12:56 . 2013-08-10 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\38E67D37F1FADA74000038E64455DEA5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 03:55 . 2009-02-04 19:01 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2001-08-23 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2001-08-23 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-06-03 15:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/25/2005 3:26 PM 200576]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/10/2013 1:36 PM 35144]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 156.154.119.11 156.154.129.11

FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\u2npmhuw.default\
FF - prefs.js: browser.search.selectedEngine - Search Results


FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-08-10 08:58; {8210c391-01bc-11e3-8277-b8ac6f996f26}; c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\u2npmhuw.default\extensions\{8210c391-01bc-11e3-8277-b8ac6f996f26}.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-11 15:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-2000478354-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,d5,8d,3a,e4,79,d1,4c,9e,ae,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,d5,8d,3a,e4,79,d1,4c,9e,ae,94,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\. e*t*a*d*p*u*g*\Security]
"Security"=hex:01,00,14,80,5c,00,00,00,68,00,00,00,14,00,00,00,30,00,00,00,02,
   00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-08-11  15:14:11 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-11 19:14
ComboFix2.txt  2013-08-11 18:42
ComboFix3.txt  2013-08-11 02:41
ComboFix4.txt  2013-08-11 00:08
.
Pre-Run: 63,237,152,768 bytes free
Post-Run: 63,235,969,024 bytes free
.
- - End Of File - - 5F9F263B91ADE80F4A98579781901755
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Things look good. Judging by your last few logs, I'd say your system is clean. :)

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

 

---------

 

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

---------

 

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://java.com/en/download/index.jsp.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).  
They will have this icon next to them:  javaicon.gif
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

 

---------

 

Please let me know how the updates went, as failed updates may be due to malware.

Link to post
Share on other sites

Glad to hear the updates went successfully!

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.


-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG
Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available


A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.


---------------------------------------------------------



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:
paypal.gif
Every little bit helps. smile.png

-DFB
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.