ibeenthere Posted October 1, 2013 ID:736582 Share Posted October 1, 2013 I get the following logs when I run DDS, Thanks for any help that can be provided. .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 1/3/2008 5:08:24 PMSystem Uptime: 10/1/2013 2:50:39 PM (1 hours ago).Motherboard: Dell Inc. | | Processor: Intel® Core2 Duo CPU T7700 @ 2.40GHz | Microprocessor | 790/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 181 GiB total, 82.095 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP832: 9/11/2013 11:24:44 AM - System CheckpointRP833: 9/12/2013 2:17:55 PM - Restore OperationRP834: 9/12/2013 2:19:57 PM - Restore OperationRP835: 9/13/2013 4:58:29 PM - System CheckpointRP836: 9/13/2013 7:14:33 PM - Software Distribution Service 3.0RP837: 9/14/2013 12:24:13 AM - Software Distribution Service 3.0RP838: 9/14/2013 11:18:51 AM - Software Distribution Service 3.0RP839: 9/15/2013 1:06:08 PM - System CheckpointRP840: 9/16/2013 6:17:40 PM - System CheckpointRP841: 9/18/2013 2:41:07 AM - Software Distribution Service 3.0RP842: 9/19/2013 3:35:33 PM - System CheckpointRP843: 9/19/2013 5:01:12 PM - Removed Empire Earth IIIRP844: 9/19/2013 8:42:20 PM - Removed Empire Earth - The Art of ConquestRP845: 9/19/2013 8:48:17 PM - Removed SPORE™RP846: 9/19/2013 8:51:02 PM - Removed Age of Empires IIIRP847: 9/21/2013 1:16:39 AM - System CheckpointRP848: 9/21/2013 11:07:43 PM - Installed Windows XP Wdf01009.RP849: 9/23/2013 1:37:21 PM - System CheckpointRP850: 9/25/2013 12:00:19 PM - System CheckpointRP851: 9/27/2013 4:50:11 PM - System CheckpointRP852: 9/28/2013 1:12:03 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17RP853: 9/29/2013 2:38:25 PM - System CheckpointRP854: 10/1/2013 11:47:50 AM - System Checkpoint.==== Installed Programs ======================.AbiWord 2.6.6Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Adobe Shockwave Player 11.6Advanced Audio FX EngineAdvanced Video FX EngineAnti-phishing Domain AdvisorApple Application SupportApple Software UpdateArcSoft PhotoBaseArcSoft PhotoStudio 2000ArcSoft Software SuiteAvery PLP9100BatteryBar (remove only)Bejeweled 2 Deluxe 1.1Bejeweled Twist 1.0BestPractice (remove only)BIAS SoundSoap SE 2.4Bing Maps 3DBroadcom Management ProgramsCaere Scan Manager 5.1Camera WindowCanon Camera WIA DriverCanon Camera Window for ZoomBrowser EXCanon FV M10, OPTURA20 WIA DriverCanon PhotoRecordCanon ScanGear Toolbox CS 2.2Canon Utilities PhotoStitch 3.1Canon Utilities ZoomBrowser EXCCleaner (remove only)Choice GuardCNET TechTrackerCodec Pack - All In 1 6.0.3.0ComputraceCoupon Printer for WindowsCritical Update for Windows Media Player 11 (KB959772)Crysis®Dawn of War - Dark CrusadeDell Driver Download ManagerDell Support Center (Support Software)Dell System Detect - 1 Dell System RestoreDell Webcam CenterDell Webcam ManagerDell Wireless WLAN CardDeluo GPS DiagnosticsDesignPro 5.4 Limited EditionDocument Express DjVu Plug-inDocumentation & Support LauncherEmoDioEPSON CardMonitorEPSON Copy Utility 3EPSON PhotoStarter3.2EPSON Printer SoftwareEPSON ScanEPSON Smart PanelEPSON SPRX620 Reference GuideEssentialPIMFamily Tree Maker 2009Games, Music, & Photos LauncherGarmin City Navigator North America NT 2010.30Garmin Communicator PluginGarmin MapSourceGarmin USB DriversGarmin WebUpdaterGearDrvsGoogle ChromeGoogle Update HelperGoToAssist 8.0.0.514Halo 2 for Windows VistaHigh Definition Audio Driver Package - KB835221HJ-Split 2.2Home Network ManagerHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Hoyle Puzzle and Board Games ClassicImage Resizer Powertoy for Windows XPImpulseInkscape 0.46Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32Internet Explorer (Enable DEP)Internet Service Offers LauncherIrfanView (remove only)Java Auto UpdaterJava 6 Update 31Java 7 Update 3Junk Mail filter updatejv16 PowerTools 2010K-Lite Codec Pack 3.6.5 FullLaptop Integrated Webcam Driver (1.04.01.1011) Live! Cam Avatar CreatorLive! Cam Avatar v1.0Logitech Gaming LCD Software 1.04Malwarebytes Anti-Malware version 1.75.0.1300MediaDirectMemeo Instant BackupMicrolife BPA 3.1Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Automated Troubleshooting Services ShimMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Calculator PlusMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Fix it CenterMicrosoft Games for Windows - LIVEMicrosoft Games for Windows - LIVE RedistributableMicrosoft IntelliPoint 8.2Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Location FinderMicrosoft National Language Support Downlevel APIsMicrosoft Office Excel Viewer 2003Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Plus! Digital Media EditionMicrosoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft Primary Interoperability Assemblies 2005Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Streets & Trips 2006Microsoft USB Flash Drive ManagerMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WorksMicrosoft WorldWide TelescopeMicrosoft WSE 3.0MSVCRTMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB933579)MSXML4 ParserMusicmatch for Windows Media PlayerNetwork Stumbler 0.4.0 (remove only)News Rover -- Usenet newsreaderNorton 360 Premier EditionNVIDIA DriversNVIDIA PhysXOeyEncOGA Notifier 2.0.0048.0OmniPage Pro 9.0OpenOffice.org 3.1Origami Craft StudioOutlookAddinSetupOverDrive Media ConsolePhotoStitchPowerChute Business Edition ConsolePradis Do Not RemovePradis: NIV Student Bible Notes, RevisedQualxServ Service AgreementQuickSetQuickTimeRarZilla Free UnrarRave-MPRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1Revo Uninstaller 1.85Rhapsody Player EngineRICOH R5C83x/84x Media Driver x86 Ver.3.34.03Roxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express LabelerRoxio MyDVD DERoxio PhotoShowRoxio Update ManagerRoxio Video Capture USB DriverScanToWebSeagate DashboardSearchAssistSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB2183461)Security Update for Windows Internet Explorer 7 (KB2360131)Security Update for Windows Internet Explorer 7 (KB2416400)Security Update for Windows Internet Explorer 7 (KB2482017)Security Update for Windows Internet Explorer 7 (KB2497640)Security Update for Windows Internet Explorer 7 (KB2530548)Security Update for Windows Internet Explorer 7 (KB2544521)Security Update for Windows Internet Explorer 7 (KB2559049)Security Update for Windows Internet Explorer 7 (KB2618444)Security Update for Windows Internet Explorer 7 (KB2647516)Security Update for Windows Internet Explorer 7 (KB2675157)Security Update for Windows Internet Explorer 7 (KB2699988)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834904-v2)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Segoe UISibelius Scorch (ActiveX Only)SmartSound Common DataSmartSound Quicktracks 5SmartSound Sonicfire Pro 5Sonic Activation ModuleSteamSUPERAntiSpywareswMSMSymantec Technical Support Advanced Chat ControlsSymantec Technical Support Web ControlsSySaverSystem Requirements LabTopo USA 4.0Trailer Life Campground Navigator 2007Ultimate Mahjongg 5Unity Web PlayerUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Windows (KB971513)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB961503)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Verbose UninstallWarhammer 40,000: Dawn Of War - Gold EditionWarhammer 40,000: Space Marine DemoWeatherBugWebFldrs XPWebshots DesktopWebshots Wallpaper & Screensaver version 1.1.0.78WIDCOMM Bluetooth SoftwareWindows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)Windows Driver Package - Prolific (ser2plms) Ports (04/28/2004 2.0.0.18)Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Imaging ComponentWindows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live SyncWindows Live Upload ToolWindows Live WriterWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 11Windows PowerShell 1.0Windows XP Service Pack 3XPS LightFX SDKyEnc32 (remove only)Zinio Reader 4.==== Event Viewer Messages From Past Week ========.9/27/2013 9:21:28 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.9/26/2013 2:02:30 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate1ca28cac94c7e3e) service failed to start due to the following error: The system cannot find the path specified.9/26/2013 2:02:30 AM, error: Service Control Manager [7000] - The AQFileRestoreSrv service failed to start due to the following error: The system cannot find the file specified.9/26/2013 2:02:30 AM, error: Service Control Manager [7000] - The AG Core Services service failed to start due to the following error: The system cannot find the file specified.9/26/2013 10:17:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%214794240210/1/2013 2:57:58 PM, error: System Error [1003] - Error code 1000000a, parameter1 01da1000, parameter2 0000001c, parameter3 00000000, parameter4 80616561.10/1/2013 2:46:08 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the rpcapd service..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.0Run by Moses at 15:00:06 on 2013-10-01Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1985 [GMT -5:00].AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 Premier Edition *Enabled* .============== Running Processes ================.C:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exeC:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\wrapper_inst\file_to_run.exeC:\Program Files\WinPcap\rpcapd.exeC:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\WINDOWS\system32\tcpsvcs.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\STacSV.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell\QuickSet\Quickset.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exeC:\program files\real\realplayer\update\realsched.exeC:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exeC:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Webshots\Wallpaper\WallScreen.exec:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exeC:\Documents and Settings\Moses\Local Settings\Apps\2.0\4OJOA9GX.J51\765CYZQJ.1ZX\dell..tion_0f612f649c4a10af_0005.0002_7f12339d141e75ac\DellSystemDetect.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uWindow Title = Microsoft Internet Explorer provided by CenturyLinkuURLSearchHooks: agihelper.AGUtils: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\moses\local settings\application data\sysaver\temp.datBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - LocalServer32 - <no file>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\6.4.1.14\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\6.4.1.14\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\6.4.1.14\coieplg.dlluRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Google Update] "c:\documents and settings\moses\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [DellSystemDetect] c:\documents and settings\moses\start menu\programs\dell\Dell System Detect.appref-msuRun: [showBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" showuRun: [Microsoft Webupdater] "c:\program files\common files\microsoft webupdater0\lgzovdrbn.exe"mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installquietmRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\LCDMon.exe"mRun: [sigmatelSysTrayApp] stsystra.exemRun: [instaLAN] "c:\program files\centurylink\home network manager\HomeNetworkManager.exe" startupmRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exemRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupmRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [NVHotkey] rundll32.exe nvHotkey.dll,StartmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Microsoft Webupdater] "c:\program files\common files\microsoft webupdater0\lgzovdrbn.exe"mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"StartupFolder: c:\docume~1\moses\startm~1\programs\startup\webshots wallpaper & screensaver.lnk - c:\program files\webshots\wallpaper\WallScreen.exeStartupFolder: c:\docume~1\moses\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7619\Launcher.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTrusted Zone: dell.comDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllNotify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLLIFEO: hijackthis.exe - k_.exeIFEO: housecalllauncher.exe - d_.exeIFEO: rstrui.exe - au_.exeIFEO: spybotsd.exe - v_.exe.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604010.00e\symds.sys [2013-9-14 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604010.00e\symefa.sys [2013-9-14 924320]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20130924.001\BHDrvx86.sys [2013-9-23 1097304]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys [2013-9-14 132768]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys [2013-9-14 149624]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-2-23 32512]R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2013-9-21 45288]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-9-13 108120]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20130928.002\IDSXpx86.sys [2013-9-30 380832]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\virusdefs\20131001.004\NAVENG.SYS [2013-10-1 93272]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\virusdefs\20131001.004\NAVEX15.SYS [2013-10-1 1612376]R3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [2007-12-21 117888]S0 mweetla;mweetla;c:\windows\system32\drivers\kxhtd.sys --> c:\windows\system32\drivers\kxhtd.sys [?]S2 AGCoreService;AG Core Services;"c:\program files\agi\core\4.2.0.10754\agcoreservice.exe" --> c:\program files\agi\core\4.2.0.10754\AGCoreService.exe [?]S2 AQFileRestoreSrv;AQFileRestoreSrv;"c:\program files\avanquest\systemsuite\aqfilerestoresrv.exe" --> c:\program files\avanquest\systemsuite\AQFileRestoreSrv.exe [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate1ca28cac94c7e3e;Google Update Service (gupdate1ca28cac94c7e3e);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [2008-1-6 21016]S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\aqfilerestore.sys --> c:\windows\system32\drivers\AQFileRestore.sys [?]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-1 22856]S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]S3 TFilter;TFilter;\??\c:\progra~1\avanquest\systemsuite\tfilter.sys --> c:\progra~1\avanquest\systemsuite\TFilter.sys [?].=============== File Associations ===============.ShellExec: oeyenc.eml.exe: open=c:\program files\jboschen\oeyenc\OeyEnc.exe /eml:%LShellExec: oeyenc.nws.exe: open=c:\program files\jboschen\oeyenc\OeyEnc.exe /nws:%L.=============== Created Last 30 ================.2074-05-07 23:38:48 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe2013-09-22 04:08:09 40936 ----a-w- c:\windows\system32\drivers\point32.sys2013-09-22 04:07:43 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll2013-09-22 04:07:12 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys2013-09-22 04:07:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll2013-09-22 04:06:32 -------- d-----w- c:\program files\Microsoft IntelliPoint2013-09-18 05:15:57 -------- d--h--w- c:\documents and settings\all users\application data\Common Files2013-09-18 05:15:57 -------- d-----w- c:\documents and settings\moses\local settings\application data\MFAData2013-09-18 05:15:57 -------- d-----w- c:\documents and settings\moses\local settings\application data\Avg20142013-09-18 05:15:57 -------- d-----w- c:\documents and settings\all users\application data\MFAData2013-09-18 05:09:07 5402832 ----a-w- c:\documents and settings\all users\application data\pclunst.exe2013-09-18 05:09:06 -------- d-----w- c:\documents and settings\all users\application data\PC1Data2013-09-18 04:29:11 -------- d-----w- c:\documents and settings\moses\application data\QuickScan2013-09-17 21:17:32 -------- d-sh--w- c:\program files\common files\Microsoft Webupdater02013-09-17 03:43:43 -------- d-----w- c:\documents and settings\moses\application data\Izuty2013-09-17 03:43:43 -------- d-----w- c:\documents and settings\moses\application data\Iqelcy2013-09-17 03:43:02 -------- d-----w- c:\documents and settings\moses\application data\tor2013-09-17 03:42:59 -------- d-----w- c:\documents and settings\moses\application data\Xiwie2013-09-17 03:42:59 -------- d-----w- c:\documents and settings\moses\application data\Aryf2013-09-15 19:46:33 736129 ----a-w- c:\program files\microsoft games\spidersolitaire\SpiderSolitaire.exe2013-09-15 19:46:20 766832 ----a-w- c:\program files\microsoft games\solitaire\Solitaire.exe2013-09-15 19:46:10 705422 ----a-w- c:\program files\microsoft games\shanghai\Shanghai.exe2013-09-15 19:46:00 960385 ----a-w- c:\program files\microsoft games\purble place\PurblePlace.exe2013-09-15 19:45:43 997774 ----a-w- c:\program files\microsoft games\minesweeper\Minesweeper.exe2013-09-15 19:45:18 731009 ----a-w- c:\program files\microsoft games\hearts\Hearts.exe2013-09-15 19:44:51 -------- d-----w- c:\documents and settings\moses\local settings\application data\Microsoft Games2013-09-15 19:44:50 732160 ----a-w- c:\program files\microsoft games\freecell\Freecell.exe2013-09-15 19:42:57 61440 ----a-w- c:\windows\system32\Vista.Emulation.dll2013-09-15 19:42:38 -------- d-----w- c:\program files\Vista Games2013-09-15 18:18:33 -------- d-----w- c:\documents and settings\moses\local settings\application data\SySaver2013-09-14 19:26:53 924320 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\symefa.sys2013-09-14 19:26:53 388216 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symtdi.sys2013-09-14 19:26:53 345208 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symtdiv.sys2013-09-14 19:26:53 340088 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symds.sys2013-09-14 19:26:53 32928 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\srtspx.sys2013-09-14 19:26:53 318584 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symnets.sys2013-09-14 19:26:52 574112 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\srtsp.sys2013-09-14 19:26:52 149624 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys2013-09-14 19:26:52 132768 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys2013-09-14 19:26:37 8942 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\symvtcer.dat2013-09-14 19:26:37 -------- d-----w- c:\windows\system32\drivers\n360\0604010.00E2013-09-14 16:19:25 -------- d-----w- c:\windows\system32\MRT2013-09-14 05:12:40 712264 ----a-w- c:\windows\is-JEM1A.exe2013-09-14 04:04:45 -------- d-----w- c:\documents and settings\all users\application data\Kristanix Games2013-09-14 03:38:50 -------- d-----w- c:\program files\Softgame Company2013-09-14 03:29:35 -------- d-----w- c:\windows\Application Data2013-09-14 01:13:47 -------- d-----w- c:\program files\wrapper_inst2013-09-14 00:14:55 -------- d-----w- C:\5e6da590d1206310ac5c8b68b22f432013-09-14 00:07:29 -------- d-----w- c:\windows\system32\drivers\N3602013-09-14 00:07:21 -------- d-----w- c:\program files\Norton 360 Premier Edition2013-09-13 22:27:04 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys2013-09-13 22:27:04 12928 ------w- c:\windows\system32\dllcache\usb8023.sys2013-09-13 21:24:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2013-09-12 19:40:46 453152 ----a-w- c:\windows\system32\nvudisp.exe2013-09-12 19:21:37 -------- d-----w- c:\windows\system32\wbem\repository\FS2013-09-12 19:21:37 -------- d-----w- c:\windows\system32\wbem\Repository2013-09-12 19:04:56 -------- d-----w- c:\windows\NV59845980.TMP2013-09-12 18:56:12 -------- d-----w- c:\windows\nview2013-09-12 18:56:11 -------- d-----w- c:\windows\NV27966000.TMP2013-09-12 18:55:28 453152 ----a-w- c:\windows\system32\NVUNINST.EXE2013-09-12 18:30:41 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin2013-09-12 18:30:41 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin2013-09-12 18:30:41 1 ----a-w- c:\windows\system32\nvdrssel.bin2013-09-12 18:29:58 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll2013-09-12 18:29:58 5967872 ----a-w- c:\windows\system32\nvopencl.dll2013-09-12 18:29:58 2581792 ----a-w- c:\windows\system32\nvcuvid.dll2013-09-12 18:29:58 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll2013-09-12 18:29:58 1010464 ----a-w- c:\windows\system32\nvdispco32.dll2013-09-12 18:29:57 17551360 ----a-w- c:\windows\system32\nvcompiler.dll2013-09-12 18:15:46 -------- d-----w- c:\program files\NVIDIA Corporation2013-09-04 17:47:08 17408 ----a-w- c:\windows\system32\rpcnetp.dll2013-09-04 17:44:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe2013-09-03 13:53:52 187248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll.==================== Find3M ====================.2013-09-14 00:09:33 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2013-09-14 00:09:33 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll2013-08-08 06:05:59 43520 ------w- c:\windows\system32\licmgr10.dll2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll2013-08-08 01:27:48 1877760 ------w- c:\windows\system32\win32k.sys2013-08-08 00:02:34 385024 ------w- c:\windows\system32\html.iec2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll2013-08-03 19:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll2013-07-04 03:03:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe.============= FINISH: 15:05:14.64 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted October 1, 2013 ID:736585 Share Posted October 1, 2013 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
ibeenthere Posted October 1, 2013 Author ID:736604 Share Posted October 1, 2013 RogueKiller V8.7.0 [sep 30 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Moses [Admin rights]Mode : Scan -- Date : 10/01/2013 15:55:16| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[iFEO] HKLM\[...]\hijackthis.exe : Debugger (k_.exe [x]) -> FOUND[iFEO] HKLM\[...]\housecalllauncher.exe : Debugger (d_.exe [x]) -> FOUND[iFEO] HKLM\[...]\rstrui.exe : Debugger (au_.exe [x]) -> FOUND[iFEO] HKLM\[...]\spybotsd.exe : Debugger (v_.exe [x]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x87A86F70)[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x87B44C60)[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x87B1B910)[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x87B16F70)[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x87B578D0)[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x87A86D98)[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x87B16E20)[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x87A94580)[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x87A86A80)[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x87B239A0)[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x87AF5DA0)[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x87A86E40)[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x87A86ED8)[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x87BFFC90)[Address] SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x87AF5CE8)[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x87A86D00)[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x87A944F8)[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x87B1B998)[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x87A86BD0)[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x87B23A28)[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x87B16EC8)[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x87B44CF8)[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x87B446A0)[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x87B44738)[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x87A86B18)[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x87A86C68)[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x87B44D90)[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x87AF6670)[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x87B44608)[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x87AF5C50)[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x87B1B848)[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87A9B218)[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AF0E130)[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A5789D8)[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87ABE3C8)[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87A966B0)[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x87A87730)[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x87B16998)[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87AC0B70)[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87B62340)[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x87432390)[inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x28C8C016)[inline] EAT @explorer.exe (_environ) : MSVCR90.dll -> HOOKED (Unknown @ 0x785CA522)[inline] EAT @explorer.exe (_environ) : MSVCR80.dll -> HOOKED (Unknown @ 0x02173216)[inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0xEC172D35)[inline] EAT @explorer.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)[inline] EAT @explorer.exe (?s_pszStartingCharsLCase@CReservedWordTable@@0PBGB) : fastprox.dll -> HOOKED (Unknown @ 0x05E54A6B)[inline] EAT @explorer.exe (_environ) : MSVCR100_CLR0400.dll -> HOOKED (Unknown @ 0x08667746)[inline] EAT @explorer.exe (?_M_truename@?$numpunct@D@_STL@@1V?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@2@A) : stlport_vc7145.dll -> HOOKED (Unknown @ 0x4A553666) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9200420ASG +++++--- User ---[MBR] c2427c7aefee7f479b39d16257337868[bSP] dfe4c0bfa859120fb83a6a1aa43abcee : MBR Code unknownPartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 184967 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 378973350 | Size: 2557 Mo3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 384210540 | Size: 3176 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10012013_155516.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted October 1, 2013 ID:736634 Share Posted October 1, 2013 Please uninstall SySaver from your add/remove programs.http://www.systemlookup.com/CLSID/77542-temp_dat.htmlThen......Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that they are now functioning normally.MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 3, 2013 Author ID:737146 Share Posted October 3, 2013 The first time I ran MBAR there were the original 4 hijack files and another one. The second time I ran it there were the 4 hijack files again. Should I run MBAR again? Link to post Share on other sites More sharing options...
MrCharlie Posted October 3, 2013 ID:737149 Share Posted October 3, 2013 Please post the logs so I can see what's on the system. MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 3, 2013 Author ID:737151 Share Posted October 3, 2013 Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.org Database version: v2013.07.26.06 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Moses :: SHUTTLE [administrator] 10/2/2013 7:37:27 PMmbar-log-2013-10-02 (19-37-27).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 256728Time elapsed: 42 minute(s), 21 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 4HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot.HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe (Security.Hijack) -> Delete on reboot.HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot.HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 3219116032, free: 1839525888 Downloaded database version: v2013.10.02.01Downloaded database version: v2013.09.30.01Initializing...======================------------ Kernel report ------------ 10/01/2013 21:11:01------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysiaStor.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSDRVMCDB.SYSPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSMup.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl5.sys\SystemRoot\system32\DRIVERS\physX32.sys\SystemRoot\system32\DRIVERS\b57xp32.sys\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\drivers\btaudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\drivers\sthda.sys\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys\SystemRoot\System32\Drivers\i2omgmt.SYS\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.004\NAVEX15.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.004\NAVENG.SYS\SystemRoot\System32\Drivers\btwusb.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\WDFLDR.SYS\SystemRoot\system32\DRIVERS\Wdf01000.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\DLACDBHM.SYS\SystemRoot\System32\Drivers\Cdr4_xp.SYS\SystemRoot\System32\Drivers\Cdralw2k.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\Drivers\DLARTL_M.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\arp1394.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20130928.002\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\??\C:\WINDOWS\system32\drivers\mbam.sys\SystemRoot\System32\Drivers\DRVNDDM.SYS\SystemRoot\System32\DLA\DLADResM.SYS\SystemRoot\System32\DLA\DLAIFS_M.SYS\SystemRoot\System32\DLA\DLAOPIOM.SYS\SystemRoot\System32\DLA\DLAPoolM.SYS\SystemRoot\System32\DLA\DLABMFSM.SYS\SystemRoot\System32\DLA\DLABOIOM.SYS\SystemRoot\System32\DLA\DLAUDFAM.SYS\SystemRoot\System32\DLA\DLAUDF_M.SYS\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\mrxdav.sys\??\C:\Program Files\Broadcom\BACS\BASFND.sys\??\C:\WINDOWS\system32\drivers\btserial.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\drivers\npf.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8aeb8ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff8af65030Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8aeb8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8aeba908, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8aeb8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8af65030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...Done!Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 3219116032, free: 1647173632 Downloaded database version: v2013.10.02.01Downloaded database version: v2013.09.30.01Initializing...=======================================------------ Kernel report ------------ 10/01/2013 22:48:58------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysiaStor.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSDRVMCDB.SYSPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSMup.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl5.sys\SystemRoot\system32\DRIVERS\physX32.sys\SystemRoot\system32\DRIVERS\b57xp32.sys\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\drivers\btaudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\drivers\sthda.sys\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys\SystemRoot\System32\Drivers\i2omgmt.SYS\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.017\NAVEX15.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.017\NAVENG.SYS\SystemRoot\System32\Drivers\btwusb.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\WDFLDR.SYS\SystemRoot\system32\DRIVERS\Wdf01000.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\DLACDBHM.SYS\SystemRoot\System32\Drivers\Cdr4_xp.SYS\SystemRoot\System32\Drivers\Cdralw2k.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\Drivers\DLARTL_M.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\arp1394.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\??\C:\WINDOWS\system32\drivers\mbam.sys\SystemRoot\System32\Drivers\DRVNDDM.SYS\SystemRoot\System32\DLA\DLADResM.SYS\SystemRoot\System32\DLA\DLAIFS_M.SYS\SystemRoot\System32\DLA\DLAOPIOM.SYS\SystemRoot\System32\DLA\DLAPoolM.SYS\SystemRoot\System32\DLA\DLABMFSM.SYS\SystemRoot\System32\DLA\DLABOIOM.SYS\SystemRoot\System32\DLA\DLAUDFAM.SYS\SystemRoot\System32\DLA\DLAUDF_M.SYS\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\mrxdav.sys\??\C:\Program Files\Broadcom\BACS\BASFND.sys\??\C:\WINDOWS\system32\drivers\btserial.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\drivers\npf.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\SystemRoot\system32\drivers\kmixer.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8a9c0ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff8af66030Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8a9c0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8af578f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a9c0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8af66030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...Done!Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]Scan InterruptedScan was aborted.---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 3219116032, free: 2126794752 Initializing...======================------------ Kernel report ------------ 10/02/2013 17:01:34------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysiaStor.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSDRVMCDB.SYSPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSMup.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl5.sys\SystemRoot\system32\DRIVERS\physX32.sys\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\drivers\btaudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\drivers\sthda.sys\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys\SystemRoot\System32\Drivers\i2omgmt.SYS\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\SystemRoot\System32\Drivers\btwusb.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\WDFLDR.SYS\SystemRoot\system32\DRIVERS\Wdf01000.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\DLACDBHM.SYS\SystemRoot\System32\Drivers\Cdr4_xp.SYS\SystemRoot\System32\Drivers\Cdralw2k.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\Drivers\DLARTL_M.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\arp1394.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\??\C:\WINDOWS\system32\drivers\mbam.sys\SystemRoot\System32\Drivers\DRVNDDM.SYS\SystemRoot\System32\DLA\DLADResM.SYS\SystemRoot\System32\DLA\DLAIFS_M.SYS\SystemRoot\System32\DLA\DLAOPIOM.SYS\SystemRoot\System32\DLA\DLAPoolM.SYS\SystemRoot\System32\DLA\DLABMFSM.SYS\SystemRoot\System32\DLA\DLABOIOM.SYS\SystemRoot\System32\DLA\DLAUDFAM.SYS\SystemRoot\System32\DLA\DLAUDF_M.SYS\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\??\C:\Program Files\Broadcom\BACS\BASFND.sys\??\C:\WINDOWS\system32\drivers\btserial.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\drivers\npf.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVEX15.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVENG.SYS\SystemRoot\system32\DRIVERS\b57xp32.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8aebd030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff8af50030Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8aebd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8af6c8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8aebd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8af50030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...Done!Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 3219116032, free: 2232762368 Initializing...======================------------ Kernel report ------------ 10/02/2013 17:41:55------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysiaStor.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSDRVMCDB.SYSPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSMup.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl5.sys\SystemRoot\system32\DRIVERS\physX32.sys\SystemRoot\system32\DRIVERS\b57xp32.sys\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\drivers\btaudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\drivers\sthda.sys\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys\SystemRoot\System32\Drivers\i2omgmt.SYS\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS\SystemRoot\System32\Drivers\DLACDBHM.SYS\SystemRoot\System32\Drivers\Cdr4_xp.SYS\SystemRoot\System32\Drivers\Cdralw2k.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\Drivers\DLARTL_M.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\arp1394.sys\SystemRoot\System32\Drivers\btwusb.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\WDFLDR.SYS\SystemRoot\system32\DRIVERS\Wdf01000.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\System32\Drivers\DRVNDDM.SYS\SystemRoot\System32\DLA\DLADResM.SYS\SystemRoot\System32\DLA\DLAIFS_M.SYS\SystemRoot\System32\DLA\DLAOPIOM.SYS\SystemRoot\System32\DLA\DLAPoolM.SYS\SystemRoot\System32\DLA\DLABMFSM.SYS\SystemRoot\System32\DLA\DLABOIOM.SYS\SystemRoot\System32\DLA\DLAUDFAM.SYS\SystemRoot\System32\DLA\DLAUDF_M.SYS\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\??\C:\Program Files\Broadcom\BACS\BASFND.sys\??\C:\WINDOWS\system32\drivers\btserial.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\drivers\npf.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8afd25a8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff8af4f030Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8afd25a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8aeb3908, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8afd25a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8af4f030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...Done!Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 3219116032, free: 2608160768 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 3219116032, free: 2236424192 =======================================Initializing...------------ Kernel report ------------ 10/02/2013 18:43:29------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dll\WINDOWS\system32\drivers\CLASSPNP.SYSimofugc.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysiaStor.sysdisk.sysfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSDRVMCDB.SYSPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSMup.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl5.sys\SystemRoot\system32\DRIVERS\physX32.sys\SystemRoot\system32\DRIVERS\b57xp32.sys\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\drivers\btaudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\drivers\sthda.sys\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys\SystemRoot\System32\Drivers\i2omgmt.SYS\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS\SystemRoot\System32\Drivers\btwusb.sys\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVEX15.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVENG.SYS\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\WDFLDR.SYS\SystemRoot\system32\DRIVERS\Wdf01000.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\DLACDBHM.SYS\SystemRoot\System32\Drivers\Cdr4_xp.SYS\SystemRoot\System32\Drivers\Cdralw2k.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\Drivers\DLARTL_M.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\arp1394.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\Drivers\DRVNDDM.SYS\SystemRoot\System32\DLA\DLADResM.SYS\SystemRoot\System32\DLA\DLAIFS_M.SYS\SystemRoot\System32\DLA\DLAOPIOM.SYS\SystemRoot\System32\DLA\DLAPoolM.SYS\SystemRoot\System32\DLA\DLABMFSM.SYS\SystemRoot\System32\DLA\DLABOIOM.SYS\SystemRoot\System32\DLA\DLAUDFAM.SYS\SystemRoot\System32\DLA\DLAUDF_M.SYS\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\mrxdav.sys\??\C:\Program Files\Broadcom\BACS\BASFND.sys\??\C:\WINDOWS\system32\drivers\btserial.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\drivers\npf.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\SystemRoot\system32\drivers\kmixer.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8af61030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff8a9c1030Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8af61030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8afb8198, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8af61030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a9c1030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...Done!Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.395000 GHzMemory total: 3219116032, free: 2653536256 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.395000 GHzMemory total: 3219116032, free: 2185707520 Host not found=======================================Initializing...------------ Kernel report ------------ 10/02/2013 19:37:04------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dll\WINDOWS\system32\drivers\CLASSPNP.SYSimofugc.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysiaStor.sysdisk.sysfltmgr.sysSYMDS.SYSsr.sysSYMEFA.SYSDRVMCDB.SYSPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSMup.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl5.sys\SystemRoot\system32\DRIVERS\physX32.sys\SystemRoot\system32\DRIVERS\b57xp32.sys\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\drivers\btaudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\drivers\sthda.sys\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys\SystemRoot\System32\Drivers\i2omgmt.SYS\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS\SystemRoot\System32\Drivers\DLACDBHM.SYS\SystemRoot\System32\Drivers\Cdr4_xp.SYS\SystemRoot\System32\Drivers\Cdralw2k.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\Drivers\DLARTL_M.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS\SystemRoot\system32\DRIVERS\ipnat.sys\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\arp1394.sys\SystemRoot\System32\Drivers\btwusb.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\WDFLDR.SYS\SystemRoot\system32\DRIVERS\Wdf01000.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\System32\Drivers\DRVNDDM.SYS\SystemRoot\System32\DLA\DLADResM.SYS\SystemRoot\System32\DLA\DLAIFS_M.SYS\SystemRoot\System32\DLA\DLAOPIOM.SYS\SystemRoot\System32\DLA\DLAPoolM.SYS\SystemRoot\System32\DLA\DLABMFSM.SYS\SystemRoot\System32\DLA\DLABOIOM.SYS\SystemRoot\System32\DLA\DLAUDFAM.SYS\SystemRoot\System32\DLA\DLAUDF_M.SYS\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\??\C:\Program Files\Broadcom\BACS\BASFND.sys\??\C:\WINDOWS\system32\drivers\btserial.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\drivers\npf.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8af63030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff8a9c0030Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8af63030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8af6b908, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8af63030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a9c0030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...Done!Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 3219116032, free: 2610515968 ======================================= Link to post Share on other sites More sharing options...
MrCharlie Posted October 3, 2013 ID:737153 Share Posted October 3, 2013 Don't worry about those for now. Run ComboFix: Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 3, 2013 Author ID:737418 Share Posted October 3, 2013 I ran Combofix, got the Microsoft program and it installed it then this window came up and it went no further and it has been over an hour. It did say earlier that c:\\windows\system 32\nview.dll was trying to keep Combofix from running. Link to post Share on other sites More sharing options...
MrCharlie Posted October 3, 2013 ID:737491 Share Posted October 3, 2013 OK...delete your copy of ComboFix, download a fresh one to your desktop. Now reboot into safe mode and see if it runs now. MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737531 Share Posted October 4, 2013 I ran Combofix and it went all the way through and restarted to my normal desktop with the blue box telling me it was preparing a log and after there is still no log. I really appreciate you taking your time to assist me. Maybe I have been doing something wrong or just a bad infection? There was a baloon popup in the lower right corner of my tool bar saying "pev,3xe-corrupt file" and "c:\\windows\prefetch\ CCSVCHST.EXE-2237-2237FED6.PF Corrupt and unreadable Run chkdsk utility" Thank you, Roger Link to post Share on other sites More sharing options...
MrCharlie Posted October 4, 2013 ID:737532 Share Posted October 4, 2013 OK, lets do this:Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system) (32bit version)Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737537 Share Posted October 4, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013Ran by Moses (administrator) on SHUTTLE on 03-10-2013 19:18:23Running from C:\Documents and Settings\Moses\My Documents\DownloadsMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== () C:\WINDOWS\System32\WLTRYSVC.EXE(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Affinegy, Inc.) C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe() C:\Program Files\wrapper_inst\file_to_run.exe(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe(SigmaTel, Inc.) C:\WINDOWS\system32\STacSV.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\Quickset.exe(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-07-17] (Synaptics, Inc.)HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [nwiz] - nwiz.exe /installquietHKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [775952 2007-07-17] (Logitech Inc.)HKLM\...\Run: [sigmatelSysTrayApp] - C:\Windows\stsystra.exe [405504 2007-07-17] (SigmaTel, Inc.)HKLM\...\Run: [instaLAN] - C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe [1144128 2009-10-05] (Affinegy, Inc.)HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-10-09] ( )HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [Dell QuickSet] - C:\Program Files\Dell\QuickSet\Quickset.exe [1245184 2008-02-22] (Dell Inc.)HKLM\...\Run: [iSUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296056 2012-06-17] (RealNetworks, Inc.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [NVHotkey] - rundll32.exe nvHotkey.dll,StartHKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [Windows Update Service] - "C:\Program Files\Common Files\Windows Update Service0\wfwhhydlr.exe"Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKCU\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [1343488 2006-04-07] (AWS Convergence Technologies, Inc.)HKCU\...\Run: [showBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()HKCU\...\Run: [Windows Update Service] - "C:\Program Files\Common Files\Windows Update Service0\wfwhhydlr.exe"IMEO\hijackthis.exe: [Debugger] kbqiypzy_.exeIMEO\housecalllauncher.exe: [Debugger] pghyfxdb_.exeIMEO\rstrui.exe: [Debugger] j_.exeIMEO\spybotsd.exe: [Debugger] sttezftc_.exeBootExecute: autocheck autochk /r \??\C:autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)SearchScopes: HKLM - DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=0&did=%7b6a7bcc30-2685-4654-aeb0-417ddedb49e2%7d&q={searchTerms}SearchScopes: HKLM - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=0&did=%7b6a7bcc30-2685-4654-aeb0-417ddedb49e2%7d&q={searchTerms}SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm003V4us&ptb=F5C214D8-D47B-41F8-924E-27CBB4ED328A&psa=&ind=2011080122&ptnrS=YKxdm003V4us&si=CKCdyKTOr6oCFQ7MKgodVTY89Q&st=sb&n=77dea5ba&searchfor={searchTerms}SearchScopes: HKCU - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=0&did=%7b6a7bcc30-2685-4654-aeb0-417ddedb49e2%7d&q={searchTerms}SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120505F50846F19A491EA75DEFAF8D&q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=disSearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm003V4us&ptb=F5C214D8-D47B-41F8-924E-27CBB4ED328A&psa=&ind=2011080122&ptnrS=YKxdm003V4us&si=CKCdyKTOr6oCFQ7MKgodVTY89Q&st=sb&n=77dea5ba&searchfor={searchTerms}SearchScopes: HKCU - {E38984B5-F962-4D01-8CED-5C73AA668B9F} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=englishBHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No FileBHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {84A6AEA7-C34B-4246-9A00-05AD7A36BF00} - No FileToolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cabDPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cabDPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dllDPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cabDPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CABDPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cabDPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cabDPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} https://www.lojackforlaptops.com/ctmweb/testoc.cabDPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelgraphics.com/l2/bin/cortvrml.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cabDPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cabDPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cabDPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CABDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} http://fdl.msn.com/public/investor/v13/ticker.cabHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: =======CHR Extension: (Google Docs) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1CHR Extension: (The Simple Life) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jjbgfbonmdidcihleedajlcaidfhffac\1_0CHR Extension: (Norton Identity Protection) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.18.4_1CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1CHR Extension: (Gmail) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crxCHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\Exts\Chrome.crxCHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)R2 AffinegyService; C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe [390464 2009-10-05] (Affinegy, Inc.)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2008-02-22] (Dell Inc.)R2 pcregservice; C:\Program Files\wrapper_inst\file_to_run.exe [31344 2013-09-13] ()R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2007-07-17] (SigmaTel, Inc.)S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)S2 AGCoreService; "C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe" [x]S2 AQFileRestoreSrv; "C:\Program Files\Avanquest\SystemSuite\AQFileRestoreSrv.exe" [x]S2 gupdate1ca28cac94c7e3e; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"S2 MaxBackServiceInt; "C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [x]S2 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x] ==================== Drivers (Whitelisted) ==================== S3 AFGSp50; C:\Windows\System32\Drivers\AFGSp50.sys [27072 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA))R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-17] (Broadcom Corporation)R2 BASFND; C:\Program Files\Broadcom\BACS\BASFND.sys [10480 2007-06-20] (Broadcom Corporation)R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation)R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-23] (Symantec Corporation)R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [328237 2006-05-24] (Broadcom Corporation.)S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30427 2006-05-24] (Broadcom Corporation.)R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [851434 2006-05-24] (Broadcom Corporation.)R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-05-24] (Broadcom Corporation.)S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148900 2006-05-24] (Broadcom Corporation.)S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [45683 2006-05-24] (Broadcom Corporation.)S3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [30285 2006-05-24] (Broadcom Corporation.)R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66488 2006-05-24] (Broadcom Corporation.)R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9072 2009-10-20] (Sonic Solutions)R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9200 2009-10-20] (Sonic Solutions)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-24] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-13] (Symantec Corporation)S2 HidCom; C:\Windows\System32\DRIVERS\HidCom.sys [21016 2004-08-10] (Cypress Semiconductor)R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131003.001\IDSxpx86.sys [380832 2013-09-13] (Symantec Corporation)S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36736 2006-03-28] (Logitech, Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15104 2004-07-09] (Microsoft Corporation)S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131003.009\NAVENG.SYS [93272 2013-09-24] (Symantec Corporation)R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131003.009\NAVEX15.SYS [1612376 2013-09-24] (Symantec Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA))R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-06-07] (Creative Technology Ltd.)S3 RT25USBAP; C:\Windows\System32\DRIVERS\rt25usbap.sys [162816 2006-04-10] (Ralink Technology Inc.)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2004-07-22] (Prolific Technology Inc.)R1 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-07-17] (SigmaTel, Inc.)R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [141944 2013-09-13] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)R1 SYMTDI; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDI.SYS [388216 2011-11-16] (Symantec Corporation)S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.)S3 AFGMp50; System32\Drivers\AFGMp50.sys [x]S3 AQFileRestore; system32\DRIVERS\AQFileRestore.sys [x]S3 catchme; \??\C:\DOCUME~1\Moses\LOCALS~1\Temp\catchme.sys [x]S3 LMouKE; system32\DRIVERS\LMouKE.Sys [x]S0 mweetla; System32\drivers\kxhtd.sys [x]S3 neokdss; system32\Drivers\neokdss.sys [x]S3 rt2870; system32\DRIVERS\rt2870.sys [x]S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [x]U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)S3 TFilter; \??\C:\PROGRA~1\Avanquest\SystemSuite\TFilter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\FRST2013-10-03 17:15 - 2013-10-03 18:46 - 00000000 __SHD C:\Program Files\Common Files\Windows Update Service02013-10-03 17:02 - 2013-10-03 17:02 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG2013-10-03 16:44 - 2013-10-03 17:16 - 00000000 ____D C:\ComboFix2013-10-03 16:23 - 2013-10-03 16:24 - 05130107 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\ComboFix.exe2013-10-03 15:27 - 2013-10-03 15:27 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MAYO.wps2013-10-03 12:33 - 2013-10-03 12:33 - 00000000 _RSHD C:\cmdcons2013-10-03 12:33 - 2012-02-19 23:11 - 00000211 _____ C:\Boot.bak2013-10-03 12:33 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr2013-10-03 12:25 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe2013-10-03 12:25 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe2013-10-03 12:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2013-10-03 12:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2013-10-03 12:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2013-10-03 12:25 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2013-10-03 12:25 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe2013-10-03 12:25 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe2013-10-03 12:25 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe2013-10-02 22:15 - 2013-10-03 17:04 - 00000000 ____D C:\Qoobox2013-10-02 22:13 - 2013-10-03 17:02 - 00000000 ____D C:\WINDOWS\erdnt2013-10-02 17:24 - 2013-10-02 17:24 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-02.dmp2013-10-02 11:22 - 2013-10-02 11:22 - 00012800 _____ C:\Documents and Settings\Moses\Desktop\Chicken-n-Slicks.wps2013-10-02 00:11 - 2013-10-02 00:11 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp2013-10-01 22:26 - 2013-10-01 22:26 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-02.dmp2013-10-01 21:04 - 2013-10-02 20:33 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\mbar2013-10-01 21:01 - 2013-10-01 21:03 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Moses\Desktop\mbar-1.07.0.1005.exe2013-10-01 15:55 - 2013-10-01 15:55 - 00006600 _____ C:\Documents and Settings\Moses\Desktop\RKreport[0]_S_10012013_155516.txt2013-10-01 15:50 - 2013-10-01 15:55 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RK_Quarantine2013-10-01 15:50 - 2013-10-01 15:50 - 00948736 _____ C:\Documents and Settings\Moses\Desktop\RogueKiller.exe2013-10-01 15:05 - 2013-10-01 15:12 - 00023133 _____ C:\Documents and Settings\Moses\Desktop\dds.txt2013-10-01 15:05 - 2013-10-01 15:11 - 00025728 _____ C:\Documents and Settings\Moses\Desktop\attach.txt2013-10-01 14:51 - 2013-10-01 14:51 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp2013-10-01 14:41 - 2013-10-01 14:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\dds.com2013-09-29 11:45 - 2013-09-29 11:45 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MALWARE.wps2013-09-28 19:07 - 2013-09-28 19:07 - 00010240 _____ C:\Documents and Settings\Moses\Desktop\Christmas.wps2013-09-28 01:12 - 2013-09-28 14:28 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Webshots2013-09-28 01:11 - 2013-09-28 01:11 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\WebShots Playlist2013-09-28 01:10 - 2013-09-28 01:22 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest (1).exe2013-09-28 00:56 - 2013-09-28 01:07 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest.exe2013-09-24 19:42 - 2013-09-25 00:41 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Smoothie and Juice2013-09-23 15:27 - 2013-09-23 15:27 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Chili 'Pie'.wps2013-09-21 23:08 - 2013-09-22 02:20 - 00000290 _____ C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse2013-09-21 23:08 - 2011-08-01 15:56 - 00040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\point32.sys2013-09-21 23:07 - 2013-09-21 23:07 - 00004259 _____ C:\WINDOWS\Wdf01009Inst.log2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf2013-09-21 23:07 - 2011-08-01 15:56 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll2013-09-21 23:07 - 2011-08-01 15:56 - 00045288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys2013-09-21 23:07 - 2008-11-07 18:55 - 00016928 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll2013-09-21 23:06 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint2013-09-19 01:15 - 2013-09-19 01:15 - 00019456 _____ C:\Documents and Settings\Moses\Desktop\Slow Cooker Beef Bourguignon.wps2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\MFAData2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Avg20142013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData2013-09-18 00:09 - 2013-09-18 00:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data2013-09-18 00:09 - 2013-09-18 00:08 - 05402832 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe2013-09-17 23:29 - 2013-09-17 23:29 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\QuickScan2013-09-17 23:24 - 2013-09-17 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee2013-09-17 16:17 - 2013-10-03 17:15 - 00000000 __SHD C:\Program Files\Common Files\Microsoft Webupdater02013-09-16 22:43 - 2013-09-18 01:03 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\tor2013-09-16 22:42 - 2013-09-18 01:20 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Aryf2013-09-16 22:42 - 2013-09-17 23:00 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Xiwie2013-09-15 14:44 - 2013-09-15 14:46 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Vista Games2013-09-15 14:44 - 2013-09-15 14:46 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Microsoft Games2013-09-15 14:44 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Microsoft Games2013-09-15 14:42 - 2013-09-15 14:42 - 00000000 ____D C:\Program Files\Vista Games2013-09-15 14:42 - 2007-05-17 07:55 - 00061440 _____ (Rafael & ZoRoNaX) C:\WINDOWS\system32\Vista.Emulation.dll2013-09-15 13:18 - 2013-10-01 20:39 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\SySaver2013-09-15 01:45 - 2013-09-15 01:45 - 04663296 _____ C:\Documents and Settings\Moses\My Documents\Little Go Bipe.wps2013-09-14 17:30 - 2013-09-14 17:30 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Dell DVD DRIVE.wps2013-09-14 12:43 - 2013-09-14 12:43 - 00139192 _____ C:\WINDOWS\KB2870699-IE8.log2013-09-14 12:38 - 2013-09-14 12:38 - 00132666 _____ C:\WINDOWS\KB2834886.log2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$2013-09-14 12:28 - 2013-09-14 12:28 - 00129216 _____ C:\WINDOWS\KB2834904-v2.log2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$2013-09-14 12:20 - 2013-09-14 12:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$2013-09-14 12:13 - 2013-09-14 12:13 - 00131753 _____ C:\WINDOWS\KB2753842-v2.log2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$2013-09-14 12:02 - 2013-09-14 12:02 - 00130837 _____ C:\WINDOWS\KB2807986.log2013-09-14 12:02 - 2013-09-14 12:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$2013-09-14 12:01 - 2013-09-14 12:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$2013-09-14 12:00 - 2013-09-14 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$2013-09-14 11:59 - 2013-09-14 11:59 - 00130600 _____ C:\WINDOWS\KB2820197.log2013-09-14 11:59 - 2013-09-14 11:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$2013-09-14 11:58 - 2013-09-14 11:58 - 00127218 _____ C:\WINDOWS\KB2863058.log2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$2013-09-14 11:56 - 2013-09-14 11:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$2013-09-14 11:44 - 2013-09-14 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$2013-09-14 11:43 - 2013-09-14 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$2013-09-14 11:19 - 2013-09-14 11:29 - 00000000 ____D C:\WINDOWS\system32\MRT2013-09-14 11:10 - 2013-09-14 11:10 - 00013312 _____ C:\Documents and Settings\Moses\Desktop\BofA 09-16-12.wps2013-09-14 00:12 - 2013-09-14 00:12 - 00712264 _____ C:\WINDOWS\is-JEM1A.exe2013-09-14 00:12 - 2013-09-14 00:12 - 00011277 _____ C:\WINDOWS\is-JEM1A.msg2013-09-14 00:12 - 2013-09-14 00:12 - 00000418 _____ C:\WINDOWS\is-JEM1A.lst2013-09-13 23:04 - 2013-09-13 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kristanix Games2013-09-13 22:52 - 2013-09-13 22:52 - 00001168 _____ C:\WINDOWS\msvxdll.ini2013-09-13 22:38 - 2013-09-13 22:38 - 00000000 ____D C:\Program Files\Softgame Company2013-09-13 20:14 - 2013-10-02 22:17 - 00000368 _____ C:\WINDOWS\Tasks\At1.job2013-09-13 20:14 - 2013-10-02 22:17 - 00000298 _____ C:\WINDOWS\Tasks\pcreg.job2013-09-13 20:13 - 2013-09-26 15:27 - 00000000 ____D C:\Program Files\wrapper_inst2013-09-13 19:14 - 2013-09-13 19:14 - 00000000 ____D C:\5e6da590d1206310ac5c8b68b22f432013-09-13 19:09 - 2013-09-15 11:35 - 00002004 _____ C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK2013-09-13 19:07 - 2013-09-15 11:37 - 00000000 ____D C:\WINDOWS\system32\Drivers\N3602013-09-13 19:07 - 2013-09-15 11:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 Premier Edition2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Program Files\Norton 360 Premier Edition2013-09-13 18:53 - 2013-09-13 19:06 - 00000779 _____ C:\Documents and Settings\Moses\Desktop\Norton Installation Files.lnk2013-09-13 17:41 - 2013-09-14 12:39 - 00146067 _____ C:\WINDOWS\KB2758857.log2013-09-13 17:36 - 2013-09-14 12:28 - 00144768 _____ C:\WINDOWS\KB2802968.log2013-09-13 17:34 - 2013-09-14 12:27 - 00144909 _____ C:\WINDOWS\KB2780091.log2013-09-13 17:34 - 2013-09-14 12:27 - 00142115 _____ C:\WINDOWS\KB2845187.log2013-09-13 17:34 - 2013-09-14 12:25 - 00143548 _____ C:\WINDOWS\KB2876315.log2013-09-13 17:34 - 2013-09-14 12:25 - 00142066 _____ C:\WINDOWS\KB2876217.log2013-09-13 17:30 - 2013-09-14 12:21 - 00141543 _____ C:\WINDOWS\KB2864063.log2013-09-13 17:29 - 2013-09-14 12:13 - 00141584 _____ C:\WINDOWS\KB2850869.log2013-09-13 17:27 - 2013-09-14 12:03 - 00142715 _____ C:\WINDOWS\KB2859537.log2013-09-13 17:27 - 2013-02-11 19:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys2013-09-13 17:27 - 2013-02-11 19:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys2013-09-13 17:26 - 2013-09-14 12:01 - 00142899 _____ C:\WINDOWS\KB2820917.log2013-09-13 17:26 - 2013-09-14 12:00 - 00142080 _____ C:\WINDOWS\KB2757638.log2013-09-13 17:26 - 2013-09-14 11:59 - 00142372 _____ C:\WINDOWS\KB2749655.log2013-09-13 17:25 - 2013-09-14 11:56 - 00140492 _____ C:\WINDOWS\KB2727528.log2013-09-13 17:24 - 2013-09-14 11:44 - 00141302 _____ C:\WINDOWS\KB2661254-v2.log2013-09-13 17:23 - 2013-09-14 11:43 - 00143370 _____ C:\WINDOWS\KB2813345.log2013-09-13 16:23 - 2013-09-13 16:24 - 00000000 ____D C:\Program Files\QuickTime2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer2013-09-13 15:39 - 2013-09-25 00:59 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RECIPIES2013-09-12 14:40 - 2013-10-03 18:45 - 00185449 _____ C:\WINDOWS\system32\nvapps.xml2013-09-12 14:40 - 2008-10-23 02:09 - 00453152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvudisp.exe2013-09-12 14:12 - 2013-09-20 09:24 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Dell2013-09-12 14:04 - 2013-09-12 14:14 - 00000000 ____D C:\WINDOWS\NV59845980.TMP2013-09-12 13:56 - 2013-09-12 14:45 - 00000000 ____D C:\WINDOWS\nview2013-09-12 13:56 - 2013-09-12 14:14 - 00000000 ____D C:\WINDOWS\NV27966000.TMP2013-09-12 13:56 - 2008-10-23 02:09 - 00018477 _____ C:\WINDOWS\system32\nvdisp.nvu2013-09-12 13:55 - 2008-10-20 23:16 - 00453152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE2013-09-12 13:33 - 2013-01-31 06:22 - 00015449 _____ C:\WINDOWS\system32\nvinfo.pb2013-09-12 13:30 - 2013-09-12 13:34 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin2013-09-12 13:30 - 2013-09-12 13:34 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin2013-09-12 13:30 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin2013-09-12 13:30 - 2013-09-12 13:30 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk2013-09-12 13:29 - 2013-01-31 06:22 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll2013-09-12 13:29 - 2013-01-31 06:22 - 05967872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll2013-09-12 13:29 - 2013-01-31 06:22 - 02816504 _____ C:\WINDOWS\system32\nvdata.data2013-09-12 13:29 - 2013-01-31 06:22 - 02581792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll2013-09-12 13:29 - 2013-01-31 06:22 - 01869088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll2013-09-12 13:29 - 2013-01-31 06:22 - 01010464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll2013-09-12 13:29 - 2013-01-31 06:22 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll2013-09-12 13:15 - 2013-09-12 14:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation2013-09-12 13:05 - 2013-09-12 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA2013-09-12 11:36 - 2013-09-12 11:37 - 00008628 ____H C:\WINDOWS\system32\SafeGuard20.GID2013-09-12 11:18 - 2013-09-12 11:18 - 00000000 _____ C:\WINDOWS\SafeGuard20.INI2013-09-11 09:16 - 2013-10-03 18:45 - 00000412 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Moses.job2013-09-11 09:11 - 2013-10-02 09:19 - 00000406 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Moses.job2013-09-11 09:11 - 2013-10-02 09:19 - 00000402 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_Moses.job2013-09-04 12:48 - 2013-09-04 12:48 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache2013-09-04 12:47 - 2013-09-04 12:47 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll2013-09-04 12:44 - 2013-09-04 12:44 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe ==================== One Month Modified Files and Folders ======= 2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\FRST2013-10-03 19:17 - 2008-04-07 16:10 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB70761C-307A-4237-8C57-61685BA35B49}.job2013-10-03 18:53 - 2012-05-03 19:47 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005UA.job2013-10-03 18:46 - 2013-10-03 17:15 - 00000000 __SHD C:\Program Files\Common Files\Windows Update Service02013-10-03 18:45 - 2013-09-12 14:40 - 00185449 _____ C:\WINDOWS\system32\nvapps.xml2013-10-03 18:45 - 2013-09-11 09:16 - 00000412 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Moses.job2013-10-03 18:45 - 2007-12-21 05:35 - 00027839 _____ C:\WINDOWS\system32\nvModes.0012013-10-03 18:45 - 2004-08-11 18:13 - 01564097 _____ C:\WINDOWS\WindowsUpdate.log2013-10-03 18:45 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-10-03 18:44 - 2004-08-11 18:09 - 00000159 _____ C:\WINDOWS\wiadebug.log2013-10-03 18:44 - 2004-08-11 18:09 - 00000049 _____ C:\WINDOWS\wiaservc.log2013-10-03 18:42 - 2012-01-13 22:21 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job2013-10-03 18:42 - 2010-11-18 11:05 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110049081-3069564722-2619245935-1005.job2013-10-03 18:42 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-10-03 18:40 - 2004-08-11 18:20 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt2013-10-03 17:21 - 2012-01-13 22:21 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job2013-10-03 17:16 - 2013-10-03 16:44 - 00000000 ____D C:\ComboFix2013-10-03 17:15 - 2013-09-17 16:17 - 00000000 __SHD C:\Program Files\Common Files\Microsoft Webupdater02013-10-03 17:07 - 2004-08-11 18:00 - 00000242 _____ C:\WINDOWS\system.ini2013-10-03 17:04 - 2013-10-02 22:15 - 00000000 ____D C:\Qoobox2013-10-03 17:02 - 2013-10-03 17:02 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG2013-10-03 17:02 - 2013-10-02 22:13 - 00000000 ____D C:\WINDOWS\erdnt2013-10-03 17:02 - 2008-01-03 18:09 - 00000178 ___SH C:\Documents and Settings\Moses\ntuser.ini2013-10-03 17:02 - 2004-08-11 12:06 - 53477376 _____ C:\WINDOWS\system32\config\SOFTWARE.bak2013-10-03 17:02 - 2004-08-11 12:06 - 08912896 _____ C:\WINDOWS\system32\config\SYSTEM.bak2013-10-03 17:02 - 2004-08-11 12:06 - 00786432 _____ C:\WINDOWS\system32\config\DEFAULT.bak2013-10-03 17:02 - 2004-08-11 12:06 - 00073728 _____ C:\WINDOWS\system32\config\SECURITY.bak2013-10-03 17:02 - 2004-08-11 12:06 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak2013-10-03 16:58 - 2008-01-03 18:09 - 00000000 ____D C:\Documents and Settings\Moses2013-10-03 16:24 - 2013-10-03 16:23 - 05130107 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\ComboFix.exe2013-10-03 15:27 - 2013-10-03 15:27 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MAYO.wps2013-10-03 15:27 - 2008-01-05 01:07 - 00039802 _____ C:\Documents and Settings\Moses\Application Data\wklnhst.dat2013-10-03 15:27 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\system32\FxsTmp2013-10-03 12:33 - 2013-10-03 12:33 - 00000000 _RSHD C:\cmdcons2013-10-03 12:33 - 2004-08-11 18:00 - 00000327 __RSH C:\boot.ini2013-10-02 22:17 - 2013-09-13 20:14 - 00000368 _____ C:\WINDOWS\Tasks\At1.job2013-10-02 22:17 - 2013-09-13 20:14 - 00000298 _____ C:\WINDOWS\Tasks\pcreg.job2013-10-02 20:42 - 2010-01-15 15:19 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Deployment2013-10-02 20:34 - 2008-01-04 00:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB920872$2013-10-02 20:33 - 2013-10-01 21:04 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\mbar2013-10-02 17:34 - 2008-01-03 23:36 - 00000000 __SHD C:\WINDOWS\CSC2013-10-02 17:24 - 2013-10-02 17:24 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-02.dmp2013-10-02 17:24 - 2008-10-16 13:59 - 00000000 ____D C:\WINDOWS\Minidump2013-10-02 15:53 - 2012-05-03 19:47 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005Core.job2013-10-02 15:44 - 2011-03-08 22:10 - 00522696 _____ C:\WINDOWS\setupapi.log2013-10-02 11:22 - 2013-10-02 11:22 - 00012800 _____ C:\Documents and Settings\Moses\Desktop\Chicken-n-Slicks.wps2013-10-02 09:19 - 2013-09-11 09:11 - 00000406 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Moses.job2013-10-02 09:19 - 2013-09-11 09:11 - 00000402 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_Moses.job2013-10-02 00:11 - 2013-10-02 00:11 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp2013-10-01 22:26 - 2013-10-01 22:26 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-02.dmp2013-10-01 21:03 - 2013-10-01 21:01 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Moses\Desktop\mbar-1.07.0.1005.exe2013-10-01 20:39 - 2013-09-15 13:18 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\SySaver2013-10-01 15:55 - 2013-10-01 15:55 - 00006600 _____ C:\Documents and Settings\Moses\Desktop\RKreport[0]_S_10012013_155516.txt2013-10-01 15:55 - 2013-10-01 15:50 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RK_Quarantine2013-10-01 15:50 - 2013-10-01 15:50 - 00948736 _____ C:\Documents and Settings\Moses\Desktop\RogueKiller.exe2013-10-01 15:12 - 2013-10-01 15:05 - 00023133 _____ C:\Documents and Settings\Moses\Desktop\dds.txt2013-10-01 15:11 - 2013-10-01 15:05 - 00025728 _____ C:\Documents and Settings\Moses\Desktop\attach.txt2013-10-01 14:51 - 2013-10-01 14:51 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp2013-10-01 14:41 - 2013-10-01 14:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\dds.com2013-09-29 14:17 - 2009-03-18 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton2013-09-29 14:14 - 2010-03-10 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Norton2013-09-29 11:52 - 2007-12-21 05:35 - 00027839 _____ C:\WINDOWS\system32\nvModes.dat2013-09-29 11:50 - 2009-05-29 14:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-09-29 11:45 - 2013-09-29 11:45 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MALWARE.wps2013-09-28 19:07 - 2013-09-28 19:07 - 00010240 _____ C:\Documents and Settings\Moses\Desktop\Christmas.wps2013-09-28 14:28 - 2013-09-28 01:12 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Webshots2013-09-28 11:48 - 2009-05-18 21:29 - 00000000 ____D C:\Program Files\Common Files\Logishrd2013-09-28 02:24 - 2009-12-25 16:40 - 00196608 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt2013-09-28 01:22 - 2013-09-28 01:10 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest (1).exe2013-09-28 01:11 - 2013-09-28 01:11 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\WebShots Playlist2013-09-28 01:11 - 2008-01-16 01:20 - 00000000 ____D C:\Program Files\Webshots2013-09-28 01:07 - 2013-09-28 00:56 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest.exe2013-09-28 01:06 - 2009-05-18 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogiShrd2013-09-28 01:06 - 2007-12-21 06:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech2013-09-28 01:06 - 2007-12-21 06:14 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-09-28 01:05 - 2011-07-19 23:03 - 00014715 _____ C:\WINDOWS\LDPINST.LOG2013-09-27 15:58 - 2008-04-26 15:35 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2013-09-26 15:29 - 2011-04-12 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2511455$2013-09-26 15:27 - 2013-09-13 20:13 - 00000000 ____D C:\Program Files\wrapper_inst2013-09-26 14:17 - 2010-11-18 11:05 - 00000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110049081-3069564722-2619245935-1005.job2013-09-25 23:54 - 2011-02-14 00:01 - 00105386 _____ C:\WINDOWS\wmsetup.log2013-09-25 00:59 - 2013-09-13 15:39 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RECIPIES2013-09-25 00:41 - 2013-09-24 19:42 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Smoothie and Juice2013-09-23 21:37 - 2009-04-20 03:08 - 00000703 _____ C:\WINDOWS\NewsRover.INI2013-09-23 21:29 - 2009-03-22 00:40 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\New Folder2013-09-23 15:27 - 2013-09-23 15:27 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Chili 'Pie'.wps2013-09-22 17:04 - 2008-01-05 00:16 - 00073728 _____ C:\Documents and Settings\Moses\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-09-22 10:09 - 2007-12-21 06:38 - 00122984 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-09-22 10:09 - 2004-08-11 18:06 - 00415064 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-09-22 02:20 - 2013-09-21 23:08 - 00000290 _____ C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse2013-09-21 23:08 - 2011-03-01 10:45 - 00005356 _____ C:\WINDOWS\setupact.log2013-09-21 23:08 - 2007-12-21 05:33 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups2013-09-21 23:07 - 2013-09-21 23:07 - 00004259 _____ C:\WINDOWS\Wdf01009Inst.log2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf2013-09-21 23:07 - 2011-03-01 10:45 - 00803126 _____ C:\WINDOWS\iis6.log2013-09-21 23:07 - 2011-03-01 10:45 - 00739094 _____ C:\WINDOWS\FaxSetup.log2013-09-21 23:07 - 2011-03-01 10:45 - 00354720 _____ C:\WINDOWS\ocgen.log2013-09-21 23:07 - 2011-03-01 10:45 - 00338535 _____ C:\WINDOWS\tsoc.log2013-09-21 23:07 - 2011-03-01 10:45 - 00247818 _____ C:\WINDOWS\comsetup.log2013-09-21 23:07 - 2011-03-01 10:45 - 00226918 _____ C:\WINDOWS\msmqinst.log2013-09-21 23:07 - 2011-03-01 10:45 - 00150043 _____ C:\WINDOWS\ntdtcsetup.log2013-09-21 23:07 - 2011-03-01 10:45 - 00129960 _____ C:\WINDOWS\netfxocm.log2013-09-21 23:07 - 2011-03-01 10:45 - 00051000 _____ C:\WINDOWS\MedCtrOC.log2013-09-21 23:07 - 2011-03-01 10:45 - 00041040 _____ C:\WINDOWS\ocmsn.log2013-09-21 23:07 - 2011-03-01 10:45 - 00037320 _____ C:\WINDOWS\tabletoc.log2013-09-21 23:07 - 2011-03-01 10:45 - 00037080 _____ C:\WINDOWS\msgsocm.log2013-09-21 23:07 - 2011-03-01 10:45 - 00001374 _____ C:\WINDOWS\imsins.log2013-09-21 23:06 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint2013-09-21 15:58 - 2008-01-28 17:47 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Folders2013-09-20 22:20 - 2012-03-10 16:32 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Hoyle Puzzle and Board Games2013-09-20 09:24 - 2013-09-12 14:12 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Dell2013-09-19 23:18 - 2010-11-28 22:04 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment2013-09-19 20:59 - 2009-04-28 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games2013-09-19 20:48 - 2008-04-15 00:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts2013-09-19 20:45 - 2008-04-05 14:26 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Microsoft Games2013-09-19 20:45 - 2008-01-06 16:53 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\My Games2013-09-19 20:44 - 2008-02-20 22:43 - 00000000 ____D C:\Program Files\Microsoft Games2013-09-19 20:42 - 2008-01-04 21:13 - 00000316 ____C C:\WINDOWS\SIERRA.INI2013-09-19 20:42 - 2008-01-04 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sierra2013-09-19 20:42 - 2007-12-21 06:14 - 00000000 ____D C:\Program Files\Common Files\InstallShield2013-09-19 13:11 - 2008-01-15 00:29 - 00000000 ____D C:\Program Files\yEnc322013-09-19 01:15 - 2013-09-19 01:15 - 00019456 _____ C:\Documents and Settings\Moses\Desktop\Slow Cooker Beef Bourguignon.wps2013-09-18 03:43 - 2004-08-11 18:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-09-18 01:21 - 2008-01-04 00:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB936357$2013-09-18 01:20 - 2013-09-16 22:42 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Aryf2013-09-18 01:10 - 2008-12-30 03:53 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat2013-09-18 01:03 - 2013-09-16 22:43 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\tor2013-09-18 00:34 - 2013-09-18 00:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\MFAData2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Avg20142013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData2013-09-18 00:08 - 2013-09-18 00:09 - 05402832 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe2013-09-17 23:29 - 2013-09-17 23:29 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\QuickScan2013-09-17 23:24 - 2013-09-17 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee2013-09-17 23:00 - 2013-09-16 22:42 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Xiwie2013-09-15 23:37 - 2008-01-04 06:45 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\WeatherBug2013-09-15 14:46 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Vista Games2013-09-15 14:46 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Microsoft Games2013-09-15 14:44 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Microsoft Games2013-09-15 14:42 - 2013-09-15 14:42 - 00000000 ____D C:\Program Files\Vista Games2013-09-15 11:37 - 2013-09-13 19:07 - 00000000 ____D C:\WINDOWS\system32\Drivers\N3602013-09-15 11:35 - 2013-09-13 19:09 - 00002004 _____ C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK2013-09-15 11:35 - 2013-09-13 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 Premier Edition2013-09-15 01:45 - 2013-09-15 01:45 - 04663296 _____ C:\Documents and Settings\Moses\My Documents\Little Go Bipe.wps2013-09-14 17:30 - 2013-09-14 17:30 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Dell DVD DRIVE.wps2013-09-14 14:01 - 2008-04-11 21:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-09-14 13:58 - 2009-12-10 03:40 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\BatteryBar2013-09-14 12:55 - 2004-08-11 18:07 - 00604440 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-09-14 12:43 - 2013-09-14 12:43 - 00139192 _____ C:\WINDOWS\KB2870699-IE8.log2013-09-14 12:43 - 2011-03-01 10:45 - 00131654 _____ C:\WINDOWS\updspapi.log2013-09-14 12:43 - 2011-03-01 10:45 - 00001374 _____ C:\WINDOWS\imsins.BAK2013-09-14 12:39 - 2013-09-13 17:41 - 00146067 _____ C:\WINDOWS\KB2758857.log2013-09-14 12:38 - 2013-09-14 12:38 - 00132666 _____ C:\WINDOWS\KB2834886.log2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$2013-09-14 12:28 - 2013-09-14 12:28 - 00129216 _____ C:\WINDOWS\KB2834904-v2.log2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$2013-09-14 12:28 - 2013-09-13 17:36 - 00144768 _____ C:\WINDOWS\KB2802968.log2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$2013-09-14 12:27 - 2013-09-13 17:34 - 00144909 _____ C:\WINDOWS\KB2780091.log2013-09-14 12:27 - 2013-09-13 17:34 - 00142115 _____ C:\WINDOWS\KB2845187.log2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$2013-09-14 12:25 - 2013-09-13 17:34 - 00143548 _____ C:\WINDOWS\KB2876315.log2013-09-14 12:25 - 2013-09-13 17:34 - 00142066 _____ C:\WINDOWS\KB2876217.log2013-09-14 12:21 - 2013-09-13 17:30 - 00141543 _____ C:\WINDOWS\KB2864063.log2013-09-14 12:20 - 2013-09-14 12:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$2013-09-14 12:13 - 2013-09-14 12:13 - 00131753 _____ C:\WINDOWS\KB2753842-v2.log2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$2013-09-14 12:13 - 2013-09-13 17:29 - 00141584 _____ C:\WINDOWS\KB2850869.log2013-09-14 12:13 - 2007-12-21 06:04 - 00000000 ___HD C:\WINDOWS\$hf_mig$2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$2013-09-14 12:03 - 2013-09-13 17:27 - 00142715 _____ C:\WINDOWS\KB2859537.log2013-09-14 12:02 - 2013-09-14 12:02 - 00130837 _____ C:\WINDOWS\KB2807986.log2013-09-14 12:02 - 2013-09-14 12:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$2013-09-14 12:01 - 2013-09-14 12:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$2013-09-14 12:01 - 2013-09-13 17:26 - 00142899 _____ C:\WINDOWS\KB2820917.log2013-09-14 12:00 - 2013-09-14 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$2013-09-14 12:00 - 2013-09-13 17:26 - 00142080 _____ C:\WINDOWS\KB2757638.log2013-09-14 11:59 - 2013-09-14 11:59 - 00130600 _____ C:\WINDOWS\KB2820197.log2013-09-14 11:59 - 2013-09-14 11:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$2013-09-14 11:59 - 2013-09-13 17:26 - 00142372 _____ C:\WINDOWS\KB2749655.log2013-09-14 11:58 - 2013-09-14 11:58 - 00127218 _____ C:\WINDOWS\KB2863058.log2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$2013-09-14 11:58 - 2007-12-21 06:07 - 00875266 _____ C:\WINDOWS\system32\TZLog.log2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$2013-09-14 11:56 - 2013-09-14 11:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$2013-09-14 11:56 - 2013-09-13 17:25 - 00140492 _____ C:\WINDOWS\KB2727528.log2013-09-14 11:44 - 2013-09-14 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$2013-09-14 11:44 - 2013-09-13 17:24 - 00141302 _____ C:\WINDOWS\KB2661254-v2.log2013-09-14 11:43 - 2013-09-14 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$2013-09-14 11:43 - 2013-09-13 17:23 - 00143370 _____ C:\WINDOWS\KB2813345.log2013-09-14 11:41 - 2010-06-03 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight2013-09-14 11:31 - 2009-08-08 18:26 - 00000000 ____D C:\WINDOWS\system32\XPSViewer2013-09-14 11:29 - 2013-09-14 11:19 - 00000000 ____D C:\WINDOWS\system32\MRT2013-09-14 11:10 - 2013-09-14 11:10 - 00013312 _____ C:\Documents and Settings\Moses\Desktop\BofA 09-16-12.wps2013-09-14 10:36 - 2012-07-01 16:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-09-14 00:24 - 2008-01-03 18:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared2013-09-14 00:12 - 2013-09-14 00:12 - 00712264 _____ C:\WINDOWS\is-JEM1A.exe2013-09-14 00:12 - 2013-09-14 00:12 - 00011277 _____ C:\WINDOWS\is-JEM1A.msg2013-09-14 00:12 - 2013-09-14 00:12 - 00000418 _____ C:\WINDOWS\is-JEM1A.lst2013-09-14 00:12 - 2012-07-01 16:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-09-13 23:04 - 2013-09-13 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kristanix Games2013-09-13 22:52 - 2013-09-13 22:52 - 00001168 _____ C:\WINDOWS\msvxdll.ini2013-09-13 22:38 - 2013-09-13 22:38 - 00000000 ____D C:\Program Files\Softgame Company2013-09-13 22:20 - 2004-08-11 18:00 - 00000580 _____ C:\WINDOWS\win.ini2013-09-13 19:14 - 2013-09-13 19:14 - 00000000 ____D C:\5e6da590d1206310ac5c8b68b22f432013-09-13 19:11 - 2010-03-10 20:41 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Norton2013-09-13 19:09 - 2012-02-01 18:43 - 00141944 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS2013-09-13 19:09 - 2012-02-01 18:43 - 00060872 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL2013-09-13 19:09 - 2012-02-01 18:43 - 00007468 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT2013-09-13 19:09 - 2012-02-01 18:43 - 00000000 ____D C:\Program Files\Symantec2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Program Files\Norton 360 Premier Edition2013-09-13 19:06 - 2013-09-13 18:53 - 00000779 _____ C:\Documents and Settings\Moses\Desktop\Norton Installation Files.lnk2013-09-13 18:39 - 2009-12-10 03:40 - 00000000 ____D C:\Program Files\BatteryBar2013-09-13 16:24 - 2013-09-13 16:23 - 00000000 ____D C:\Program Files\QuickTime2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer2013-09-13 15:36 - 2011-06-16 16:02 - 00002377 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk2013-09-13 15:36 - 2007-12-21 06:30 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-09-12 14:50 - 2008-01-06 22:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard2013-09-12 14:45 - 2013-09-12 13:56 - 00000000 ____D C:\WINDOWS\nview2013-09-12 14:45 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\Help2013-09-12 14:22 - 2004-08-11 18:20 - 00000000 ____D C:\Documents and Settings\Administrator2013-09-12 14:21 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\NetworkService2013-09-12 14:21 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\LocalService2013-09-12 14:21 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\Registration2013-09-12 14:14 - 2013-09-12 14:04 - 00000000 ____D C:\WINDOWS\NV59845980.TMP2013-09-12 14:14 - 2013-09-12 13:56 - 00000000 ____D C:\WINDOWS\NV27966000.TMP2013-09-12 14:12 - 2013-09-12 13:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation2013-09-12 13:34 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin2013-09-12 13:34 - 2013-09-12 13:30 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin2013-09-12 13:30 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin2013-09-12 13:30 - 2013-09-12 13:30 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk2013-09-12 13:14 - 2009-01-06 03:30 - 00000000 ____D C:\NVIDIA2013-09-12 13:05 - 2013-09-12 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA2013-09-12 11:37 - 2013-09-12 11:36 - 00008628 ____H C:\WINDOWS\system32\SafeGuard20.GID2013-09-12 11:18 - 2013-09-12 11:18 - 00000000 _____ C:\WINDOWS\SafeGuard20.INI2013-09-10 15:57 - 2012-05-03 19:54 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Google Chrome2013-09-04 12:48 - 2013-09-04 12:48 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache2013-09-04 12:47 - 2013-09-04 12:47 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll2013-09-04 12:44 - 2013-09-04 12:44 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe Files to move or delete:====================C:\Windows\Tasks\At1.job ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted October 4, 2013 ID:737544 Share Posted October 4, 2013 Download the attached fixlist.txt to the same folder as FRST.Run FRST and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.Then......Please run a free online scan with the ESET Online Scanner (it may take a while to run)Note: You will need to use Internet Explorer for this scan.First please Disable any Antivirus you have active, as shown in This TopicNote: Don't forget to re-enable it after the scan.http://www.eset.eu/online-scannerTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyClick StartWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicMrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737562 Share Posted October 4, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013Ran by Moses at 2013-10-03 20:49:22 Run:1Running from C:\FRST\LogsBoot Mode: Normal ============================================== Content of fixlist:*****************IMEO\hijackthis.exe: [Debugger] kbqiypzy_.exeIMEO\housecalllauncher.exe: [Debugger] pghyfxdb_.exeIMEO\rstrui.exe: [Debugger] j_.exeIMEO\spybotsd.exe: [Debugger] sttezftc_.exe***************** HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737748 Share Posted October 4, 2013 I ran the eset that took a very long time and it said there were 27 items found and removed however there is no log txt to be found in the eset file mentioned. Link to post Share on other sites More sharing options...
MrCharlie Posted October 4, 2013 ID:737750 Share Posted October 4, 2013 Try running ComboFix now: Try it like this...... Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu). Click Start --> Run, and enter this command exactly as shown: (copy and paste) "%userprofile%\desktop\combofix.exe" /nombr See if it will run successfully now. MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737775 Share Posted October 4, 2013 ComboFix 13-10-04.02 - Moses 10/04/2013 11:28:08.3.2 - x86 MINIMALMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2570 [GMT -5:00]Running from: c:\documents and settings\Moses\desktop\combofix.exeCommand switches used :: /nombrAV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences.---- Previous Run -------.c:\documents and settings\Moses\Application Data\Iqelcy\uzme.tukc:\documents and settings\Moses\Application Data\Izuty\yrpie.exec:\documents and settings\Moses\Application Data\Moseslog.datc:\documents and settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferencesc:\documents and settings\Moses\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sysc:\documents and settings\Moses\System\win_qs8.jqxC:\install.exec:\program files\I Want This\I Want This.icoc:\program files\WinPCap\daemon_mgm.exec:\program files\WinPCap\npf_mgm.exec:\program files\WinPCap\rpcapd.exec:\windows\CoUPonprinter.ocxc:\windows\system32\Packet.dllc:\windows\system32\PowerToyReadme.htmc:\windows\system32\pthreadVC.dllc:\windows\system32\SET808.tmpc:\windows\system32\SET823.tmpc:\windows\system32\SET825.tmpc:\windows\system32\SET833.tmpc:\windows\system32\SETA73.tmpc:\windows\system32\SETA7F.tmpc:\windows\system32\WanPacket.dllc:\windows\system32\wpcap.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_NPF..((((((((((((((((((((((((( Files Created from 2013-09-04 to 2013-10-04 )))))))))))))))))))))))))))))))..2074-05-07 23:38 . 2006-11-22 01:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe2013-10-04 00:18 . 2013-10-04 01:45 -------- d-----w- C:\FRST2013-10-03 22:15 . 2013-10-03 23:46 -------- d-sh--w- c:\program files\Common Files\Windows Update Service02013-09-22 04:08 . 2011-08-01 20:56 40936 ----a-w- c:\windows\system32\drivers\point32.sys2013-09-22 04:07 . 2008-11-07 23:55 16928 ----a-w- c:\windows\system32\spmsgXP_2k3.dll2013-09-22 04:07 . 2011-08-01 20:56 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys2013-09-22 04:07 . 2011-08-01 20:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll2013-09-22 04:06 . 2013-09-22 04:06 -------- d-----w- c:\program files\Microsoft IntelliPoint2013-09-18 05:15 . 2013-09-18 05:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files2013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\MFAData2013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\Avg20142013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2013-09-18 05:09 . 2013-09-18 05:08 5402832 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe2013-09-18 05:09 . 2013-09-18 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data2013-09-18 04:29 . 2013-09-18 04:29 -------- d-----w- c:\documents and settings\Moses\Application Data\QuickScan2013-09-18 04:24 . 2013-09-18 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2013-09-17 21:17 . 2013-10-03 22:15 -------- d-sh--w- c:\program files\Common Files\Microsoft Webupdater02013-09-17 03:43 . 2013-09-18 06:03 -------- d-----w- c:\documents and settings\Moses\Application Data\tor2013-09-17 03:42 . 2013-09-18 06:20 -------- d-----w- c:\documents and settings\Moses\Application Data\Aryf2013-09-17 03:42 . 2013-09-18 04:00 -------- d-----w- c:\documents and settings\Moses\Application Data\Xiwie2013-09-15 19:46 . 2005-10-29 01:56 736129 ----a-w- c:\program files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe2013-09-15 19:46 . 2005-10-29 01:30 766832 ----a-w- c:\program files\Microsoft Games\Solitaire\Solitaire.exe2013-09-15 19:46 . 2005-10-29 01:55 705422 ----a-w- c:\program files\Microsoft Games\Shanghai\Shanghai.exe2013-09-15 19:46 . 2005-10-29 01:54 960385 ----a-w- c:\program files\Microsoft Games\Purble Place\PurblePlace.exe2013-09-15 19:45 . 2005-10-29 01:53 997774 ----a-w- c:\program files\Microsoft Games\Minesweeper\Minesweeper.exe2013-09-15 19:45 . 2005-10-29 01:56 731009 ----a-w- c:\program files\Microsoft Games\Hearts\Hearts.exe2013-09-15 19:44 . 2013-09-15 19:46 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\Microsoft Games2013-09-15 19:44 . 2005-10-29 01:52 732160 ----a-w- c:\program files\Microsoft Games\Freecell\Freecell.exe2013-09-15 19:42 . 2007-05-17 12:55 61440 ----a-w- c:\windows\system32\Vista.Emulation.dll2013-09-15 19:42 . 2013-09-15 19:42 -------- d-----w- c:\program files\Vista Games2013-09-15 18:18 . 2013-10-02 01:39 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\SySaver2013-09-14 16:19 . 2013-09-14 16:29 -------- d-----w- c:\windows\system32\MRT2013-09-14 05:12 . 2013-09-14 05:12 712264 ----a-w- c:\windows\is-JEM1A.exe2013-09-14 04:04 . 2013-09-14 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kristanix Games2013-09-14 03:38 . 2013-09-14 03:38 -------- d-----w- c:\program files\Softgame Company2013-09-14 03:29 . 2013-09-14 03:30 -------- d-----w- c:\windows\Application Data2013-09-14 01:13 . 2013-09-26 20:27 -------- d-----w- c:\program files\wrapper_inst2013-09-14 00:14 . 2013-09-14 00:14 -------- d-----w- C:\5e6da590d1206310ac5c8b68b22f432013-09-14 00:07 . 2013-09-15 16:37 -------- d-----w- c:\windows\system32\drivers\N3602013-09-14 00:07 . 2013-09-14 00:07 -------- d-----w- c:\program files\Norton 360 Premier Edition2013-09-13 22:27 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys2013-09-13 22:27 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll2013-09-13 21:23 . 2013-09-13 21:24 -------- d-----w- c:\program files\QuickTime2013-09-13 21:23 . 2013-09-13 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2013-09-12 19:59 . 2013-09-12 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles2013-09-12 19:40 . 2008-10-23 07:09 453152 ----a-w- c:\windows\system32\nvudisp.exe2013-09-12 19:21 . 2013-09-12 19:21 -------- d-----w- c:\windows\system32\wbem\Repository2013-09-12 19:04 . 2013-09-12 19:14 -------- d-----w- c:\windows\NV59845980.TMP2013-09-12 18:56 . 2013-09-12 19:45 -------- d-----w- c:\windows\nview2013-09-12 18:56 . 2013-09-12 19:14 -------- d-----w- c:\windows\NV27966000.TMP2013-09-12 18:55 . 2008-10-21 04:16 453152 ----a-w- c:\windows\system32\NVUNINST.EXE2013-09-12 18:30 . 2013-09-12 18:34 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin2013-09-12 18:30 . 2013-09-12 18:34 1 ----a-w- c:\windows\system32\nvdrssel.bin2013-09-12 18:30 . 2013-09-12 18:30 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin2013-09-12 18:29 . 2013-01-31 11:22 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll2013-09-12 18:29 . 2013-01-31 11:22 5967872 ----a-w- c:\windows\system32\nvopencl.dll2013-09-12 18:29 . 2013-01-31 11:22 2581792 ----a-w- c:\windows\system32\nvcuvid.dll2013-09-12 18:29 . 2013-01-31 11:22 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll2013-09-12 18:29 . 2013-01-31 11:22 1010464 ----a-w- c:\windows\system32\nvdispco32.dll2013-09-12 18:29 . 2013-01-31 11:22 17551360 ----a-w- c:\windows\system32\nvcompiler.dll2013-09-12 18:15 . 2013-09-12 19:12 -------- d-----w- c:\program files\NVIDIA Corporation2013-09-12 18:05 . 2013-09-12 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA2013-09-04 17:48 . 2013-09-04 17:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2013-09-04 17:47 . 2013-09-04 17:47 17408 ----a-w- c:\windows\system32\rpcnetp.dll2013-09-04 17:44 . 2013-09-04 17:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-04 16:01 . 2012-04-01 15:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-04 16:01 . 2012-02-12 01:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-04 03:40 . 2009-08-18 17:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll2013-10-04 03:39 . 2009-08-18 17:24 22240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-09-14 00:09 . 2012-02-01 23:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2013-09-14 00:09 . 2012-02-01 23:43 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-08-09 01:56 . 2004-08-11 23:00 386560 ----a-w- c:\windows\system32\themeui.dll2013-08-08 06:05 . 2004-08-11 23:00 920064 ----a-w- c:\windows\system32\wininet.dll2013-08-08 06:05 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll2013-08-08 06:05 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-08-08 06:05 . 2004-08-11 23:00 18944 ----a-w- c:\windows\system32\corpol.dll2013-08-08 01:27 . 2004-08-11 23:00 1877760 ------w- c:\windows\system32\win32k.sys2013-08-08 00:02 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec2013-08-05 13:30 . 2004-08-11 23:00 1289728 ----a-w- c:\windows\system32\ole32.dll2013-08-03 19:18 . 2006-10-19 02:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll2013-07-10 10:37 . 2004-08-11 23:00 406016 ----a-w- c:\windows\system32\usp10.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808].[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}][HKEY_CLASSES_ROOT\agihelper.AGUtils].[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 90624].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-18 851968]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13549568]"nwiz"="nwiz.exe" [2008-10-23 1630208]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]"SigmatelSysTrayApp"="stsystra.exe" [2007-07-17 405504]"InstaLAN"="c:\program files\CenturyLink\Home Network Manager\HomeNetworkManager.exe" [2009-10-05 1144128]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 86016]"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-17 296056]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"NVHotkey"="nvHotkey.dll" [2008-10-23 90112]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]2010-01-19 21:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"="c:\\WINDOWS\\system32\\ftp.exe"="c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"="c:\\WINDOWS\\system32\\fxsclnt.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\WINDOWS\\system32\\muzapp.exe"="c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"="c:\\Program Files\\Steam\\Steam.exe"="c:\\Program Files\\Steam\\steamapps\\common\\warhammer 40,000 space marine demo\\spacemarine.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [9/14/2013 2:26 PM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [9/14/2013 2:26 PM 924320]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [9/21/2013 11:07 PM 45288]S0 mweetla;mweetla;c:\windows\system32\drivers\kxhtd.sys --> c:\windows\system32\drivers\kxhtd.sys [?]S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [9/23/2013 11:37 PM 1097304]S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [9/14/2013 2:26 PM 132768]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [9/14/2013 2:26 PM 149624]S2 AGCoreService;AG Core Services;"c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe" --> c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [?]S2 AQFileRestoreSrv;AQFileRestoreSrv;"c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe" --> c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe [?]S2 gupdate1ca28cac94c7e3e;Google Update Service (gupdate1ca28cac94c7e3e);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [1/6/2008 8:11 PM 21016]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/14/2013 12:12 AM 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/1/2012 4:52 PM 701512]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:04 PM 25824]S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe [9/14/2013 2:26 PM 138272]S2 pcregservice;pcregservice Service;c:\program files\wrapper_inst\file_to_run.exe [9/13/2013 8:13 PM 31344]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]S3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys --> c:\windows\system32\DRIVERS\AQFileRestore.sys [?]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/13/2013 9:07 PM 108120]S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131003.001\IDSXpx86.sys [10/3/2013 5:36 PM 380832]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/1/2012 4:51 PM 22856]S3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [12/21/2007 5:25 AM 117888]S3 TFilter;TFilter;\??\c:\progra~1\Avanquest\SystemSuite\TFilter.sys --> c:\progra~1\Avanquest\SystemSuite\TFilter.sys [?].Contents of the 'Scheduled Tasks' folder.2013-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-10-04 c:\windows\Tasks\ConfigExec.job- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09].2013-10-04 c:\windows\Tasks\DataUpload.job- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09].2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005Core.job- c:\documents and settings\Moses\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 00:47].2013-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005UA.job- c:\documents and settings\Moses\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 00:47].2013-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 20:56].2013-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-110049081-3069564722-2619245935-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21].2013-09-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-110049081-3069564722-2619245935-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21].2013-10-04 c:\windows\Tasks\ReclaimerUpdateFiles_Moses.job- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53].2013-10-04 c:\windows\Tasks\ReclaimerUpdateXML_Moses.job- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53].2013-10-04 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Moses.job- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53].2013-10-04 c:\windows\Tasks\User_Feed_Synchronization-{DB70761C-307A-4237-8C57-61685BA35B49}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-SITEguard - (no file)WebBrowser-{84A6AEA7-C34B-4246-9A00-05AD7A36BF00} - (no file)HKCU-Run-Windows Update Service - c:\program files\Common Files\Windows Update Service0\wfwhhydlr.exeAddRemove-{2857dbef-0b50-361c-8690-7d505747009f} - c:\program files\AGI\core\4.2.0.10754\InstallerGUI.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-10-04 11:41Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-110049081-3069564722-2619245935-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:97,21,e3,41,95,5a,56,1e,b4,71,58,2a,c4,8a,f1,5e,d5,08,2f,7c,6c,44,d8, 2a,cd,65,75,f6,bd,c9,18,ee,6a,2b,a1,58,c1,70,98,b4,b7,c9,d4,33,1f,12,ff,c1,\"??"=hex:a8,0a,85,e3,4a,c1,ca,14,f4,4b,cf,5c,5b,9e,80,82.[HKEY_USERS\S-1-5-21-110049081-3069564722-2619245935-1005\Software\SecuROM\License information*]"datasecu"=hex:6e,d3,5f,06,03,7a,fb,d8,87,52,47,f6,1f,0c,13,08,38,e5,05,4b,8c, f6,e7,18,32,6c,b7,0f,84,27,e4,55,3f,c1,69,0e,d4,f2,bd,de,d5,42,d2,02,67,6b,\"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@DACL=(02 0010)@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@DACL=(02 0010)@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@DACL=(02 0010)@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(308)c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dllc:\windows\System32\BCMLogon.dll.Completion time: 2013-10-04 11:43:48ComboFix-quarantined-files.txt 2013-10-04 16:43.Pre-Run: 91,203,444,736 bytes freePost-Run: 91,171,299,328 bytes free.- - End Of File - - 8D2A620FA4BD24573F5EAA76D94E10CA5CB90281D1A59B251F6603134774EEC3 Link to post Share on other sites More sharing options...
MrCharlie Posted October 4, 2013 ID:737779 Share Posted October 4, 2013 Delete these folders if found:You may have to enable hidden files to see them:http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/c:\documents and settings\Moses\Application Data\Iqelcyc:\documents and settings\Moses\Application Data\Izutyc:\documents and settings\Moses\Local Settings\Application Data\SySaver-------------------------------------------------------Then.........Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737804 Share Posted October 4, 2013 Adwcleaner came out clear and the log is as follows. # AdwCleaner v3.006 - Report created 04/10/2013 at 12:51:13# Updated 01/10/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Moses - SHUTTLE# Running from : C:\Documents and Settings\Moses\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Documents and Settings\All Users\Application Data\AGIFolder Found C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain AdvisorFolder Found C:\Documents and Settings\All Users\Application Data\BabylonFolder Found C:\Documents and Settings\All Users\Application Data\blekko toolbarsFolder Found C:\Documents and Settings\All Users\Application Data\ParetoLogicFolder Found C:\Documents and Settings\All Users\Application Data\TrymediaFolder Found C:\Documents and Settings\LocalService\Application Data\AGIFolder Found C:\Documents and Settings\Moses\Application Data\AGIFolder Found C:\Documents and Settings\Moses\Application Data\DriverCureFolder Found C:\Documents and Settings\Moses\Application Data\ParetoLogicFolder Found C:\Documents and Settings\Moses\Application Data\Uniblue\SpeedUpMyPCFolder Found C:\Documents and Settings\Moses\Local Settings\Application Data\BabylonFolder Found C:\Documents and Settings\Moses\Local Settings\Application Data\ConduitFolder Found C:\Program Files\AGI ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AGIKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKCU\Software\ParetoLogicKey Found : HKCU\Software\SoftonicKey Found : HKCU\Software\Uniblue\SpeedUpMyPCKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\Software\AGIKey Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\agihelper.AGUtilsKey Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\Software\ConduitKey Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain AdvisorKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want ThisKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain AdvisorKey Found : HKLM\Software\ParetoLogicValue Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4198 octets] - [04/10/2013 12:51:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4258 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted October 4, 2013 ID:737809 Share Posted October 4, 2013 Did you have AdwCleaner "Clean" all of that? MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737834 Share Posted October 4, 2013 # AdwCleaner v3.006 - Report created 04/10/2013 at 12:51:13# Updated 01/10/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Moses - SHUTTLE# Running from : C:\Documents and Settings\Moses\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Documents and Settings\All Users\Application Data\AGIFolder Found C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain AdvisorFolder Found C:\Documents and Settings\All Users\Application Data\BabylonFolder Found C:\Documents and Settings\All Users\Application Data\blekko toolbarsFolder Found C:\Documents and Settings\All Users\Application Data\ParetoLogicFolder Found C:\Documents and Settings\All Users\Application Data\TrymediaFolder Found C:\Documents and Settings\LocalService\Application Data\AGIFolder Found C:\Documents and Settings\Moses\Application Data\AGIFolder Found C:\Documents and Settings\Moses\Application Data\DriverCureFolder Found C:\Documents and Settings\Moses\Application Data\ParetoLogicFolder Found C:\Documents and Settings\Moses\Application Data\Uniblue\SpeedUpMyPCFolder Found C:\Documents and Settings\Moses\Local Settings\Application Data\BabylonFolder Found C:\Documents and Settings\Moses\Local Settings\Application Data\ConduitFolder Found C:\Program Files\AGI ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AGIKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKCU\Software\ParetoLogicKey Found : HKCU\Software\SoftonicKey Found : HKCU\Software\Uniblue\SpeedUpMyPCKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\Software\AGIKey Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\agihelper.AGUtilsKey Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\Software\ConduitKey Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain AdvisorKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want ThisKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain AdvisorKey Found : HKLM\Software\ParetoLogicValue Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4198 octets] - [04/10/2013 12:51:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4258 octets] ########## Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737835 Share Posted October 4, 2013 Adwcleaner cleaned it all. Link to post Share on other sites More sharing options...
MrCharlie Posted October 4, 2013 ID:737844 Share Posted October 4, 2013 OK, did you run Malwarebytes? Is there a log and how's the computer?? MrC Link to post Share on other sites More sharing options...
ibeenthere Posted October 4, 2013 Author ID:737848 Share Posted October 4, 2013 Malware showed only one problem Rookit.Agent.WU and here is the log. Computer seems to be running fairly well. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.25.01 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Moses :: SHUTTLE [administrator] Protection: Enabled 9/26/2013 10:55:48 AMmbam-log-2013-09-26 (10-55-48).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 396898Time elapsed: 4 hour(s), 11 minute(s), 46 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 5HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pcreg (PUP.Optional.Chatzum) -> Data: C:\Program Files\wrapper_inst\service.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:\Documents and Settings\Moses\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. Files Detected: 7C:\Program Files\WRAPPER_INST\service.exe (PUP.Optional.Chatzum) -> Quarantined and deleted successfully.C:\Documents and Settings\Moses\My Documents\Downloads\SoftonicDownloader_for_123-free-solitaire.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp840\a0270333.exe (Trojan.Agent.DF) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP840\A0271441.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP848\A0275804.exe (Trojan.VB) -> Quarantined and deleted successfully.C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.C:\Documents and Settings\Moses\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. (end) Link to post Share on other sites More sharing options...
Recommended Posts