Jump to content

Computer shuts down by itself


BeatBoy
 Share

Recommended Posts

Hello computer shuts down by itself after being on like two hours or something here is the dds log...

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.25.2
Run by Annukka at 18:51:34 on 2013-09-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.894.243 [GMT 3:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE
C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.





BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:1073741823
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.


TCP: NameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{22DE070B-39DD-4A46-9E6C-8484CD35FD86} : DHCPNameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{76C9DBCC-52FB-4537-B079-4EA0819D7674} : DHCPNameServer = 192.168.0.254
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\annukka\application data\mozilla\firefox\profiles\vr6shw64.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fi

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2010-12-20 15:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2013-8-27 704800]
R1 Znf;Znf;c:\windows\system32\drivers\znf.sys [2013-5-26 49992]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2011-10-6 84136]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-11-9 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-11-9 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-11-9 73216]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\annukka\my documents\lataukset\saskutil.sys --> c:\documents and settings\annukka\my documents\lataukset\SASKUTIL.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2011-11-9 655712]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-11-9 102784]
S3 zsc;zsc;c:\windows\system32\drivers\zsc.sys [2013-5-26 78336]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-5-23 260992]
.
=============== Created Last 30 ================
.
2013-09-15 10:12:09    --------    d-----w-    c:\program files\Core Temp
2013-09-15 10:08:32    --------    d-----w-    c:\documents and settings\all users\application data\APN
2013-09-14 06:37:53    --------    d-----w-    c:\program files\SpeedFan
2013-09-10 14:00:23    64000    ----a-w-    c:\windows\system32\ECBTEG.DLL
2013-09-10 14:00:23    34304    ----a-w-    c:\windows\system32\EBPCHP.DLL
2013-09-10 14:00:21    98304    ----a-w-    c:\windows\system32\E_SAGSET.DLL
2013-09-10 14:00:21    79622    ----a-w-    c:\windows\system32\EBPMON24.DLL
2013-09-10 14:00:00    25856    -c--a-w-    c:\windows\system32\dllcache\usbprint.sys
2013-09-10 14:00:00    25856    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2013-09-10 13:54:58    --------    d-----w-    c:\program files\EPSON
2013-09-10 13:54:42    --------    d-----w-    C:\epson
2013-09-03 13:53:52    187248    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-09-03 13:53:52    187248    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
2013-08-28 06:26:05    --------    d-----w-    c:\documents and settings\annukka\application data\FRISK Software
2013-08-27 15:21:20    704800    ----a-w-    c:\windows\system32\drivers\FStopW.sys
2013-08-27 15:21:11    --------    d-----w-    c:\documents and settings\all users\application data\FRISK Software
2013-08-27 15:21:08    --------    d-----w-    c:\program files\FRISK Software
.
==================== Find3M  ====================
.
2013-09-13 12:27:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-13 12:27:48    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 01:27:48    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-01 04:17:51    668672    ----a-w-    c:\windows\system32\wininet.dll
2013-08-01 04:17:51    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-08-01 04:17:50    81920    ----a-w-    c:\windows\system32\ieencode.dll
2013-08-01 01:01:18    369664    ----a-w-    c:\windows\system32\html.iec
2013-07-31 19:52:44    901808    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-06 09:15:12    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-06 09:15:01    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-07-06 09:14:58    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-06 09:14:57    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-04 02:59:11    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 18:53:13,06 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16.12.2010 9:05:26
System Uptime: 20.9.2013 18:36:04 (0 hours ago)
.
Motherboard: FUJITSU SIEMENS |  | AMILO Pa 1510
Processor: Mobile AMD Sempron Processor 3200+ | Socket M2/S1G1 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 19,551 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5975&SUBSYS_10B81734&REV_00\4&2C0D4F31&0&2808
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5975&SUBSYS_10B81734&REV_00\4&2C0D4F31&0&2808
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_10B81734&REV_83\3&13C0B0C5&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_10B81734&REV_83\3&13C0B0C5&0&A0
Service:
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_17340000&REV_1007\4&22F7A6FE&0&0001
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_17340000&REV_1007\4&22F7A6FE&0&0001
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_2052168C&REV_01\4&FCF0450&0&18A4
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_2052168C&REV_01\4&FCF0450&0&18A4
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10B81734&REV_01\4&FCF0450&0&23A4
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10B81734&REV_01\4&FCF0450&0&23A4
Service:
.
==== System Restore Points ===================
.
RP537: 22.8.2013 18:17:30 - System Checkpoint
RP538: 25.8.2013 16:35:44 - System Checkpoint
RP539: 27.8.2013 11:41:02 - System Checkpoint
RP540: 27.8.2013 18:21:06 - Installed F-PROT Antivirus for Windows
RP541: 27.8.2013 18:28:00 - Removed Sophos Virus Removal Tool.
RP542: 28.8.2013 19:02:37 - System Checkpoint
RP543: 28.8.2013 21:42:43 - Software Distribution Service 3.0
RP544: 30.8.2013 11:39:52 - System Checkpoint
RP545: 31.8.2013 13:08:20 - System Checkpoint
RP546: 2.9.2013 9:19:46 - System Checkpoint
RP547: 3.9.2013 10:05:58 - System Checkpoint
RP548: 4.9.2013 11:34:13 - System Checkpoint
RP549: 5.9.2013 11:53:11 - System Checkpoint
RP550: 7.9.2013 15:04:22 - System Checkpoint
RP551: 8.9.2013 15:39:40 - System Checkpoint
RP552: 9.9.2013 16:27:58 - System Checkpoint
RP553: 11.9.2013 12:17:28 - System Checkpoint
RP554: 12.9.2013 9:30:32 - Software Distribution Service 3.0
RP555: 13.9.2013 11:08:25 - System Checkpoint
RP556: 14.9.2013 11:37:05 - System Checkpoint
RP557: 15.9.2013 12:09:47 - System Checkpoint
RP558: 16.9.2013 12:50:03 - System Checkpoint
RP559: 18.9.2013 13:08:56 - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Reader X (10.1.8) - Suomi
ALShow 2.01
ALTools Update
ApexDC++ 1.5.6
Apple Mobile Device Support
Apple Software Update
Applen ohjelmatuki
Ares 2.1.7
Ashampoo Burning Studio 6 FREE
Bonjour
Casino.com
CCleaner
Core Temp 1.0 RC5
EPSON Printer Software
F-PROT Antivirus for Windows
FileAlyzer 2
FrostWire 5.2.11
GearDrvs
Glary Utilities 2.55.0.1790
Google Chrome
Google Update Helper
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
iTunes
Java 7 Update 25
Java Auto Updater
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mobile Partner
Mozilla Firefox 23.0.1 (x86 fi)
Mozilla Maintenance Service
MWSnap 3
Paint.NET v3.5.10
Picasa 3
Puran Utilities 2.0
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834903-v2)
Security Update for Windows Media Player (KB2834903)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2829530)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2838727)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2846071)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862772)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SpeedFan (remove only)
TomTom HOME 2.8.0.2146
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
Wondershare DVD Creator(Build 2.6.5)
Zodiac-kasino
.
==== Event Viewer Messages From Past Week ========
.
16.9.2013 15:41:19, error: Dhcp [1002]  - The IP address lease 188.67.188.161 for the Network Card with network address 001E101F648E has been denied by the DHCP server 87.95.125.134 (The DHCP Server sent a DHCPNACK message).
15.9.2013 8:53:15, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
15.9.2013 16:09:13, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASKUTIL SBRE
15.9.2013 16:09:13, error: Service Control Manager [7009]  - Timeout (60000 milliseconds) waiting for the Mobile Partner. OUC service to connect.
15.9.2013 16:09:13, error: Service Control Manager [7000]  - The SAS Core Service service failed to start due to the following error:  The system cannot find the file specified.
15.9.2013 16:09:13, error: Service Control Manager [7000]  - The Mobile Partner. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
15.9.2013 13:01:24, error: Dhcp [1002]  - The IP address lease 87.93.148.61 for the Network Card with network address 001E101F34AD has been denied by the DHCP server 188.67.201.14 (The DHCP Server sent a DHCPNACK message).
15.9.2013 12:30:25, error: Dhcp [1002]  - The IP address lease 188.67.245.188 for the Network Card with network address 001E101F2D19 has been denied by the DHCP server 87.93.148.62 (The DHCP Server sent a DHCPNACK message).
15.9.2013 10:40:44, error: Dhcp [1002]  - The IP address lease 188.67.52.112 for the Network Card with network address 001E101F2A27 has been denied by the DHCP server 188.67.245.185 (The DHCP Server sent a DHCPNACK message).
13.9.2013 18:11:18, error: Dhcp [1002]  - The IP address lease 87.95.44.152 for the Network Card with network address 001E101F3534 has been denied by the DHCP server 188.67.39.65 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Staff

Please run the following:

Download ComboFix from the following location:

Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
cfRC_screen_2.png
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Link to post
Share on other sites

Hello and thanks for helping me! Here is the log...

 

ComboFix 13-09-19.01 - Annukka 21.09.2013   8:24.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.894.505 [GMT 3:00]
Running from: c:\documents and settings\Annukka\Desktop\ComboFix.exe
AV: F-PROT Antivirus for Windows *Disabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-21 to 2013-09-21  )))))))))))))))))))))))))))))))
.
.
2013-09-20 16:27 . 2013-09-20 16:27    3723656    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-09-20 16:00 . 2013-09-20 16:00    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-09-20 16:00 . 2013-04-04 11:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-09-15 10:12 . 2013-09-15 10:15    --------    d-----w-    c:\program files\Core Temp
2013-09-15 10:08 . 2013-09-15 10:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\APN
2013-09-14 06:37 . 2013-09-16 12:20    --------    d-----w-    c:\program files\SpeedFan
2013-09-10 14:00 . 2003-05-20 23:27    64000    ----a-w-    c:\windows\system32\ECBTEG.DLL
2013-09-10 14:00 . 2000-06-06 22:01    34304    ----a-w-    c:\windows\system32\EBPCHP.DLL
2013-09-10 14:00 . 2004-05-21 02:04    79622    ----a-w-    c:\windows\system32\EBPMON24.DLL
2013-09-10 14:00 . 2004-02-17 22:10    98304    ----a-w-    c:\windows\system32\E_SAGSET.DLL
2013-09-10 14:00 . 2008-04-13 17:47    25856    -c--a-w-    c:\windows\system32\dllcache\usbprint.sys
2013-09-10 14:00 . 2008-04-13 17:47    25856    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2013-09-10 13:54 . 2013-09-10 13:54    --------    d-----w-    c:\program files\EPSON
2013-09-10 13:54 . 2013-09-10 13:54    --------    d-----w-    C:\epson
2013-09-03 13:53 . 2013-09-03 13:53    187248    ----a-w-    c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53    187248    ----a-w-    c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-08-28 06:26 . 2013-08-28 06:26    --------    d-----w-    c:\documents and settings\Annukka\Application Data\FRISK Software
2013-08-27 15:21 . 2011-11-11 07:24    704800    ----a-w-    c:\windows\system32\drivers\FStopW.sys
2013-08-27 15:21 . 2013-08-27 15:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\FRISK Software
2013-08-27 15:21 . 2013-08-27 15:21    --------    d-----w-    c:\program files\FRISK Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 16:27 . 2012-03-29 08:40    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 16:27 . 2012-03-29 08:40    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56 . 2004-08-03 13:56    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 01:27 . 2004-08-03 12:17    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-05 13:30 . 2004-08-03 13:56    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-01 04:17 . 2004-08-03 13:56    668672    ----a-w-    c:\windows\system32\wininet.dll
2013-08-01 04:17 . 2004-08-03 11:59    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-08-01 04:17 . 2004-08-03 13:56    81920    ----a-w-    c:\windows\system32\ieencode.dll
2013-08-01 01:01 . 2004-08-03 11:59    369664    ----a-w-    c:\windows\system32\html.iec
2013-07-31 19:52 . 2004-08-03 13:56    901808    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2004-08-03 13:56    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-06 09:15 . 2013-07-06 09:15    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-06 09:15 . 2013-07-06 09:15    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-07-06 09:14 . 2012-03-29 08:45    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-06 09:14 . 2011-01-25 14:18    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-04 02:59 . 2004-08-03 12:20    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE" [2003-09-10 99840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-11-03 1674016]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE" [2003-09-10 99840]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\AV-CLS\\WGET.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
.
R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [27.8.2013 18:21 704800]
R1 Znf;Znf;c:\windows\system32\drivers\znf.sys [26.5.2013 13:55 49992]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [6.10.2011 12:24 84136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [10.12.2010 15:29 92008]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [9.11.2011 19:34 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [9.11.2011 19:34 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [9.11.2011 19:34 73216]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\Annukka\My Documents\Lataukset\SASKUTIL.SYS --> c:\documents and settings\Annukka\My Documents\Lataukset\SASKUTIL.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.3.2011 18:27 271712]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [9.11.2011 19:34 655712]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [9.11.2011 19:34 102784]
S3 zsc;zsc;c:\windows\system32\drivers\zsc.sys [26.5.2013 13:55 78336]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [23.5.2013 16:57 260992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-10 05:31    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:27]
.
2013-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 14:57]
.
2013-09-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-03-27 12:39]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 08:47]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 08:47]
.
.
------- Supplementary Scan -------
.



uInternet Settings,ProxyOverride = *.local


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Annukka\Application Data\Mozilla\Firefox\Profiles\vr6shw64.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fi

FF - ExtSQL: !HIDDEN! 2010-12-20 15:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-21 08:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  EPSON Stylus Photo RX600 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"??????????H????????????IB~?????????????????????????????????????JB~????????????3???8?????????????C~??????????????C~???????????????|???????
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-09-21  08:33:54
ComboFix-quarantined-files.txt  2013-09-21 05:33
.
Pre-Run: 20 930 871 296 bytes free
Post-Run: 20 965 994 496 bytes free
.
- - End Of File - - 1A3AA09D629FDAE2C53DF8EA93139D96
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Clean
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to post
Share on other sites

Here are the jrt adwcleaner and mbam logs. The computer shut down during the eset scan so i will have to let this computer rest and cool a littlebit and i will then post that log... The computer fan should be working though because i checked that it's rolling even though speedfan seems not to find the fan...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Annukka on la 21.09.2013 at 17:07:29,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C4DF2914-52B4-42BD-8890-90EC3EAE7508}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C4DF2914-52B4-42BD-8890-90EC3EAE7508}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Program Files\Common Files\wondershare"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Annukka\Application Data\mozilla\firefox\profiles\vr6shw64.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Documents and Settings\Annukka\Application Data\mozilla\firefox\profiles\vr6shw64.default\prefs.js







~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on la 21.09.2013 at 17:11:55,12
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.004 - Report created 21/09/2013 at 17:15:38
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Annukka - COMPUTER-106A68
# Running from : C:\Documents and Settings\Annukka\desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v23.0.1 (fi)

[ File : C:\Documents and Settings\Annukka\Application Data\Mozilla\Firefox\Profiles\vr6shw64.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Documents and Settings\Annukka\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1404 octets] - [21/09/2013 17:14:58]
AdwCleaner[s0].txt - [1333 octets] - [21/09/2013 17:15:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1393 octets] ##########
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Tietokantaversio: v2013.09.21.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Annukka :: COMPUTER-106A68 [järjestelmänvalvoja]

21.9.2013 17:20:28
mbam-log-2013-09-21 (17-20-28).txt

Tarkistustyyppi: Pikatarkistus
Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos
Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)
Tarkistettuja kohteita: 189305
Kulunut aika: 5 minuutti(a), 25 sekunti(a)

Epäilyttäviä muistiprosesseja: 0
(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0
(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0
(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 2
C:\Documents and Settings\Annukka\Local Settings\temp\6T0JeYlf.exe.part (PUP.Optional.Amonetize.A) -> Toimintoja ei suoritettu.
C:\Documents and Settings\Annukka\Local Settings\temp\X2HWVGNv.exe.part (PUP.Optional.Amonetize.A) -> Toimintoja ei suoritettu.

(loppu)
 

Yesterday mbam did not found that thing but today it did that's strange...

Link to post
Share on other sites

They are in your temp directory, which if you emptied your temp directories, browser history etc. they will be gone,

or select those files for deletion and then let MBAM remove them

 

I deleted those files with mbam. I have tried the eset online scan now for 4 times but the computer shuts down always when some 50% of the scan have passed. I dont know if it could be something else than malware related problem.

Link to post
Share on other sites

  • Staff

Could it be possible the machine is overheating? Check for dust and debris, check that the fans are not blocked.

Please try the following.

Please download Windows Repair (all in one) from here

  • Install the program then run it
  • Go to step 2 and allow it to run Disk check
  • Once that is done then go to step 3 and allow it to run SFC

    Capture.gif

  • On the the Start Repairs tab => Click the Start

    7fthj.png

  • Click on the select all check box and then click on Start
  • DON'T use the computer while each scan is in progress.
  • Restart may be needed to finish the repair procedure.
Link to post
Share on other sites

I will try that. I dont know about the sfc because i dont have the windows cd anymore but i could always cancel that part i quess. This computer have now been on for two hours or something and i looked at the temperatures with speedfan the core is 85 c, temp1 is 78 c and hd is 36 c... I looked at the fun and there was dust in it i blowed away some but i could not get it all out... Well i have to see if it's worth fixing this computer anymore. Maybe it's already time to buy a new or old used one... I have to think about it. :)

Link to post
Share on other sites

Hello i opened the computer and took of some more dust. Now it seems that the computer is no longer shutting down at least for now. I succeeded to run the eset online scan it found 1 threats...

C:\Documents and Settings\Annukka\.frostwire5\updates\frostwire-5.5.1.windows.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
 

The temperatures have now stayed under 75 c. Do you think that there is some malware still in my computer? I will now run the windows repair. Thank you very much for helping me out! :)

Link to post
Share on other sites

  • Staff

I think it was more hardware issue for the shut downs, so let's see how it behaves after the windows repair tool, then we'll get another diagnostic scan to make sure everything is clear.

Re-run the DDS tool and post the new log.

As for the ESET detection, delete that installer file if you no longer need it as it is bundled with adware.

In fact, I would recommend removing Frostwire altogether, we see most of the infections come in through peer to peer, torrents etc.

Link to post
Share on other sites

Hello i ran the repairs and here is the new dds logs...

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16.12.2010 9:05:26
System Uptime: 25.9.2013 8:35:29 (0 hours ago)
.
Motherboard: FUJITSU SIEMENS |  | AMILO Pa 1510
Processor: Mobile AMD Sempron Processor 3200+ | Socket M2/S1G1 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 18,139 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5975&SUBSYS_10B81734&REV_00\4&2C0D4F31&0&2808
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5975&SUBSYS_10B81734&REV_00\4&2C0D4F31&0&2808
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_10B81734&REV_83\3&13C0B0C5&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_10B81734&REV_83\3&13C0B0C5&0&A0
Service:
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_17340000&REV_1007\4&22F7A6FE&0&0001
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_17340000&REV_1007\4&22F7A6FE&0&0001
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_2052168C&REV_01\4&FCF0450&0&18A4
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_2052168C&REV_01\4&FCF0450&0&18A4
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10B81734&REV_01\4&FCF0450&0&23A4
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10B81734&REV_01\4&FCF0450&0&23A4
Service:
.
==== System Restore Points ===================
.
RP547: 3.9.2013 10:05:58 - System Checkpoint
RP548: 4.9.2013 11:34:13 - System Checkpoint
RP549: 5.9.2013 11:53:11 - System Checkpoint
RP550: 7.9.2013 15:04:22 - System Checkpoint
RP551: 8.9.2013 15:39:40 - System Checkpoint
RP552: 9.9.2013 16:27:58 - System Checkpoint
RP553: 11.9.2013 12:17:28 - System Checkpoint
RP554: 12.9.2013 9:30:32 - Software Distribution Service 3.0
RP555: 13.9.2013 11:08:25 - System Checkpoint
RP556: 14.9.2013 11:37:05 - System Checkpoint
RP557: 15.9.2013 12:09:47 - System Checkpoint
RP558: 16.9.2013 12:50:03 - System Checkpoint
RP559: 18.9.2013 13:08:56 - System Checkpoint
RP560: 20.9.2013 19:33:35 - System Checkpoint
RP561: 22.9.2013 9:11:32 - Removed F-PROT Antivirus for Windows
RP562: 23.9.2013 16:18:03 - System Checkpoint
RP563: 24.9.2013 16:43:13 - System Checkpoint
RP564: 25.9.2013 7:56:16 - Tweaking.com - Windows Repair
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Reader X (10.1.8) - Suomi
ALShow 2.01
ALTools Update
ApexDC++ 1.5.6
Apple Mobile Device Support
Apple Software Update
Applen ohjelmatuki
Ares 2.1.7
Ashampoo Burning Studio 6 FREE
Bonjour
Casino.com
CCleaner
Core Temp 1.0 RC5
EPSON Printer Software
FileAlyzer 2
FrostWire 5.2.11
GearDrvs
Glary Utilities 2.55.0.1790
Google Chrome
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
iTunes
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mobile Partner
Mozilla Firefox 23.0.1 (x86 fi)
Mozilla Maintenance Service
MWSnap 3
Paint.NET v3.5.10
Picasa 3
Puran Utilities 2.0
Realtek High Definition Audio Driver
Ruby 1.8.7-p374
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834903-v2)
Security Update for Windows Media Player (KB2834903)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2829530)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2838727)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2846071)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862772)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SpeedFan (remove only)
TomTom HOME 2.8.0.2146
TomTom HOME Visual Studio Merge Modules
Tweaking.com - Windows Repair (All in One)
UnThreat Free AntiVirus 2013
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
Wondershare DVD Creator(Build 2.6.5)
Zodiac-kasino
.
==== Event Viewer Messages From Past Week ========
.
25.9.2013 8:37:24, error: Dhcp [1002]  - The IP address lease 188.67.55.149 for the Network Card with network address 001E101FC8C1 has been denied by the DHCP server 87.93.71.249 (The DHCP Server sent a DHCPNACK message).
23.9.2013 9:44:45, error: Dhcp [1002]  - The IP address lease 188.67.199.160 for the Network Card with network address 001E101F034E has been denied by the DHCP server 87.95.58.93 (The DHCP Server sent a DHCPNACK message).
23.9.2013 15:04:42, error: Dhcp [1002]  - The IP address lease 87.93.68.36 for the Network Card with network address 001E101F4C53 has been denied by the DHCP server 87.93.134.217 (The DHCP Server sent a DHCPNACK message).
23.9.2013 12:08:23, error: Dhcp [1002]  - The IP address lease 188.67.11.234 for the Network Card with network address 001E101F83F8 has been denied by the DHCP server 87.93.68.33 (The DHCP Server sent a DHCPNACK message).
23.9.2013 11:45:13, error: Dhcp [1002]  - The IP address lease 87.93.16.148 for the Network Card with network address 001E101F83F8 has been denied by the DHCP server 188.67.11.233 (The DHCP Server sent a DHCPNACK message).
23.9.2013 11:10:09, error: Dhcp [1002]  - The IP address lease 87.93.48.49 for the Network Card with network address 001E101FB9B7 has been denied by the DHCP server 87.93.16.145 (The DHCP Server sent a DHCPNACK message).
23.9.2013 10:22:15, error: Dhcp [1002]  - The IP address lease 87.95.58.94 for the Network Card with network address 001E101F5ADC has been denied by the DHCP server 87.93.48.50 (The DHCP Server sent a DHCPNACK message).
22.9.2013 9:14:08, error: Dhcp [1002]  - The IP address lease 87.93.91.216 for the Network Card with network address 001E101F3534 has been denied by the DHCP server 188.67.56.113 (The DHCP Server sent a DHCPNACK message).
22.9.2013 9:11:09, error: Dhcp [1002]  - The IP address lease 188.67.48.24 for the Network Card with network address 001E101F8891 has been denied by the DHCP server 87.93.91.209 (The DHCP Server sent a DHCPNACK message).
22.9.2013 9:10:03, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASKUTIL SBRE
22.9.2013 9:09:48, error: Service Control Manager [7009]  - Timeout (60000 milliseconds) waiting for the Mobile Partner. OUC service to connect.
22.9.2013 9:09:48, error: Service Control Manager [7000]  - The SAS Core Service service failed to start due to the following error:  The system cannot find the file specified.
22.9.2013 9:09:48, error: Service Control Manager [7000]  - The Mobile Partner. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
22.9.2013 11:50:44, error: Dhcp [1002]  - The IP address lease 188.67.79.62 for the Network Card with network address 001E101FAE32 has been denied by the DHCP server 188.67.64.181 (The DHCP Server sent a DHCPNACK message).
22.9.2013 10:53:32, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
22.9.2013 10:50:57, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips Processor SASKUTIL SBRE
22.9.2013 10:50:14, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22.9.2013 10:18:49, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
22.9.2013 10:17:40, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
22.9.2013 10:17:07, error: Service Control Manager [7034]  - The TomTomHOMEService service terminated unexpectedly.  It has done this 1 time(s).
22.9.2013 10:16:49, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
22.9.2013 10:16:46, error: Service Control Manager [7034]  - The iPod-palvelu service terminated unexpectedly.  It has done this 1 time(s).
22.9.2013 10:16:09, error: Dhcp [1002]  - The IP address lease 188.67.56.114 for the Network Card with network address 001E101FAA9F has been denied by the DHCP server 188.67.79.61 (The DHCP Server sent a DHCPNACK message).
21.9.2013 8:36:20, error: Dhcp [1002]  - The IP address lease 87.93.54.89 for the Network Card with network address 001E101F5224 has been denied by the DHCP server 188.67.200.125 (The DHCP Server sent a DHCPNACK message).
21.9.2013 8:22:02, error: Service Control Manager [7034]  - The HWDeviceService.exe service terminated unexpectedly.  It has done this 1 time(s).
21.9.2013 18:15:17, error: Dhcp [1002]  - The IP address lease 87.95.39.85 for the Network Card with network address 001E101FDB2E has been denied by the DHCP server 87.93.41.157 (The DHCP Server sent a DHCPNACK message).
21.9.2013 17:52:21, error: Dhcp [1002]  - The IP address lease 188.67.76.28 for the Network Card with network address 001E101F5224 has been denied by the DHCP server 87.95.39.86 (The DHCP Server sent a DHCPNACK message).
21.9.2013 17:17:59, error: Dhcp [1002]  - The IP address lease 87.93.120.65 for the Network Card with network address 001E101FBCAD has been denied by the DHCP server 188.67.76.25 (The DHCP Server sent a DHCPNACK message).
21.9.2013 17:08:05, error: Dhcp [1002]  - The IP address lease 87.93.14.220 for the Network Card with network address 001E101F7433 has been denied by the DHCP server 87.93.120.66 (The DHCP Server sent a DHCPNACK message).
21.9.2013 14:12:59, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
21.9.2013 14:03:58, error: Dhcp [1002]  - The IP address lease 188.67.0.151 for the Network Card with network address 001E101F77CE has been denied by the DHCP server 188.67.1.145 (The DHCP Server sent a DHCPNACK message).
21.9.2013 12:23:44, error: Dhcp [1002]  - The IP address lease 188.67.200.126 for the Network Card with network address 001E101F8E22 has been denied by the DHCP server 188.67.0.145 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.25.2
Run by Annukka at 8:42:31 on 2013-09-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.894.448 [GMT 3:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\UnThreat AntiVirus\UnThreat.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE
C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UnThreat AntiVirus\utsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.





BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
mRun: [unThreat] "c:\program files\unthreat antivirus\UnThreat.exe" -silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.


TCP: NameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{22DE070B-39DD-4A46-9E6C-8484CD35FD86} : DHCPNameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{76C9DBCC-52FB-4537-B079-4EA0819D7674} : DHCPNameServer = 192.168.0.254
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\annukka\application data\mozilla\firefox\profiles\vr6shw64.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2010-12-20 15:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2013-9-22 22064]
R1 Znf;Znf;c:\windows\system32\drivers\znf.sys [2013-5-26 49992]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-9-22 66344]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-11-9 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-11-9 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-11-9 73216]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\annukka\my documents\lataukset\saskutil.sys --> c:\documents and settings\annukka\my documents\lataukset\SASKUTIL.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2011-11-9 655712]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-11-9 102784]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-5-26 41584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys --> c:\windows\system32\drivers\sbhips.sys [?]
S3 zsc;zsc;c:\windows\system32\drivers\zsc.sys [2013-5-26 78336]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-5-23 260992]
.
=============== Created Last 30 ================
.
2013-09-25 05:27:41    --------    d-----w-    c:\windows\system32\CatRoot2
2013-09-25 04:56:22    --------    d-----w-    C:\RegBackup
2013-09-24 12:06:51    --------    d-----w-    C:\Ruby187
2013-09-24 12:05:24    --------    d-----w-    C:\New Folder
2013-09-23 09:05:00    --------    d-----w-    c:\program files\Tweaking.com
2013-09-22 08:57:17    --------    d-----w-    c:\documents and settings\all users\application data\UnThreat
2013-09-22 08:57:15    66344    ----a-w-    c:\windows\system32\drivers\sbapifs.sys
2013-09-22 08:57:15    22064    ----a-w-    c:\windows\system32\drivers\sbaphd.sys
2013-09-21 14:14:43    --------    d-----w-    C:\AdwCleaner
2013-09-21 14:05:01    --------    d-----w-    c:\windows\ERUNT
2013-09-20 16:27:50    3723656    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-09-20 16:00:21    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-09-20 16:00:21    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-09-15 10:12:09    --------    d-----w-    c:\program files\Core Temp
2013-09-14 06:37:53    --------    d-----w-    c:\program files\SpeedFan
2013-09-10 14:00:23    64000    ----a-w-    c:\windows\system32\ECBTEG.DLL
2013-09-10 14:00:23    34304    ----a-w-    c:\windows\system32\EBPCHP.DLL
2013-09-10 14:00:21    98304    ----a-w-    c:\windows\system32\E_SAGSET.DLL
2013-09-10 14:00:21    79622    ----a-w-    c:\windows\system32\EBPMON24.DLL
2013-09-10 14:00:00    25856    -c--a-w-    c:\windows\system32\dllcache\usbprint.sys
2013-09-10 14:00:00    25856    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2013-09-10 13:54:58    --------    d-----w-    c:\program files\EPSON
2013-09-10 13:54:42    --------    d-----w-    C:\epson
2013-09-03 13:53:52    187248    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-09-03 13:53:52    187248    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
2013-08-28 06:26:05    --------    d-----w-    c:\documents and settings\annukka\application data\FRISK Software
2013-08-27 15:21:11    --------    d-----w-    c:\documents and settings\all users\application data\FRISK Software
.
==================== Find3M  ====================
.
2013-09-20 16:27:56    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 16:27:56    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 01:27:48    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-01 04:17:51    668672    ----a-w-    c:\windows\system32\wininet.dll
2013-08-01 04:17:51    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-08-01 04:17:50    81920    ----a-w-    c:\windows\system32\ieencode.dll
2013-08-01 01:01:18    369664    ----a-w-    c:\windows\system32\html.iec
2013-07-31 19:52:44    901808    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-06 09:15:12    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-06 09:15:01    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-07-06 09:14:58    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-06 09:14:57    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-04 02:59:11    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH:  8:44:49,12 ===============

 

Link to post
Share on other sites

  • Staff

very good,

we just have some housekeeping to do now, please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

Decline any additional installs that may be offered.

NEXT

javaicon.jpg

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u40
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u40-windows-i586.exe to install the newest version.
  • Decline any additional installs that may be offered.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked
      • Trace and Log Files

        Cached Applications and Applets

      • Click OK on Delete Temporary Files Window

        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.
You can delete the DDS, JRT and windows repair tool logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :

    http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.