Jump to content

Infection


Recommended Posts

I get the following logs when I run DDS, Thanks for any help that can be provided.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/3/2008 5:08:24 PM
System Uptime: 10/1/2013 2:50:39 PM (1 hours ago)
.
Motherboard: Dell Inc. |  |       
Processor: Intel® Core2 Duo CPU     T7700  @ 2.40GHz | Microprocessor | 790/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 181 GiB total, 82.095 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP832: 9/11/2013 11:24:44 AM - System Checkpoint
RP833: 9/12/2013 2:17:55 PM - Restore Operation
RP834: 9/12/2013 2:19:57 PM - Restore Operation
RP835: 9/13/2013 4:58:29 PM - System Checkpoint
RP836: 9/13/2013 7:14:33 PM - Software Distribution Service 3.0
RP837: 9/14/2013 12:24:13 AM - Software Distribution Service 3.0
RP838: 9/14/2013 11:18:51 AM - Software Distribution Service 3.0
RP839: 9/15/2013 1:06:08 PM - System Checkpoint
RP840: 9/16/2013 6:17:40 PM - System Checkpoint
RP841: 9/18/2013 2:41:07 AM - Software Distribution Service 3.0
RP842: 9/19/2013 3:35:33 PM - System Checkpoint
RP843: 9/19/2013 5:01:12 PM - Removed Empire Earth III
RP844: 9/19/2013 8:42:20 PM - Removed Empire Earth - The Art of Conquest
RP845: 9/19/2013 8:48:17 PM - Removed SPORE™
RP846: 9/19/2013 8:51:02 PM - Removed Age of Empires III
RP847: 9/21/2013 1:16:39 AM - System Checkpoint
RP848: 9/21/2013 11:07:43 PM - Installed Windows XP Wdf01009.
RP849: 9/23/2013 1:37:21 PM - System Checkpoint
RP850: 9/25/2013 12:00:19 PM - System Checkpoint
RP851: 9/27/2013 4:50:11 PM - System Checkpoint
RP852: 9/28/2013 1:12:03 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP853: 9/29/2013 2:38:25 PM - System Checkpoint
RP854: 10/1/2013 11:47:50 AM - System Checkpoint
.
==== Installed Programs ======================
.
AbiWord 2.6.6
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Advanced Video FX Engine
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ArcSoft Software Suite
Avery PLP9100
BatteryBar (remove only)
Bejeweled 2 Deluxe 1.1
Bejeweled Twist 1.0
BestPractice (remove only)
BIAS SoundSoap SE 2.4
Bing Maps 3D
Broadcom Management Programs
Caere Scan Manager 5.1
Camera Window
Canon Camera WIA Driver
Canon Camera Window for ZoomBrowser EX
Canon FV M10, OPTURA20 WIA Driver
Canon PhotoRecord
Canon ScanGear Toolbox CS 2.2
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Choice Guard
CNET TechTracker
Codec Pack - All In 1 6.0.3.0
Computrace
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Crysis®
Dawn of War - Dark Crusade
Dell Driver Download Manager
Dell Support Center (Support Software)
Dell System Detect - 1 
Dell System Restore
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Deluo GPS Diagnostics
DesignPro 5.4 Limited Edition
Document Express DjVu Plug-in
Documentation & Support Launcher
EmoDio
EPSON CardMonitor
EPSON Copy Utility 3
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON SPRX620 Reference Guide
EssentialPIM
Family Tree Maker 2009
Games, Music, & Photos Launcher
Garmin City Navigator North America NT 2010.30
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GearDrvs
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
Halo 2 for Windows Vista
High Definition Audio Driver Package - KB835221
HJ-Split 2.2
Home Network Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Puzzle and Board Games Classic
Image Resizer Powertoy for Windows XP
Impulse
Inkscape 0.46
Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
IrfanView (remove only)
Java Auto Updater
Java 6 Update 31
Java 7 Update 3
Junk Mail filter update
jv16 PowerTools 2010
K-Lite Codec Pack 3.6.5 Full
Laptop Integrated Webcam Driver (1.04.01.1011)  
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Logitech Gaming LCD Software 1.04
Malwarebytes Anti-Malware version 1.75.0.1300
MediaDirect
Memeo Instant Backup
Microlife BPA 3.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 8.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2006
Microsoft USB Flash Drive Manager
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WorldWide Telescope
Microsoft WSE 3.0
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Musicmatch for Windows Media Player
Network Stumbler 0.4.0 (remove only)
News Rover -- Usenet newsreader
Norton 360 Premier Edition
NVIDIA Drivers
NVIDIA PhysX
OeyEnc
OGA Notifier 2.0.0048.0
OmniPage Pro 9.0
OpenOffice.org 3.1
Origami Craft Studio
OutlookAddinSetup
OverDrive Media Console
PhotoStitch
PowerChute Business Edition Console
Pradis Do Not Remove
Pradis: NIV Student Bible Notes, Revised
QualxServ Service Agreement
QuickSet
QuickTime
RarZilla Free Unrar
Rave-MP
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.85
Rhapsody Player Engine
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio PhotoShow
Roxio Update Manager
Roxio Video Capture USB Driver
ScanToWeb
Seagate Dashboard
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sibelius Scorch (ActiveX Only)
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Sonicfire Pro 5
Sonic Activation Module
Steam
SUPERAntiSpyware
swMSM
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Web Controls
SySaver
System Requirements Lab
Topo USA 4.0
Trailer Life Campground Navigator 2007
Ultimate Mahjongg 5
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verbose Uninstall
Warhammer 40,000: Dawn Of War - Gold Edition
Warhammer 40,000: Space Marine Demo
WeatherBug
WebFldrs XP
Webshots Desktop
Webshots Wallpaper & Screensaver version 1.1.0.78
WIDCOMM Bluetooth Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
Windows Driver Package - Prolific (ser2plms) Ports  (04/28/2004 2.0.0.18)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell 1.0
Windows XP Service Pack 3
XPS LightFX SDK
yEnc32 (remove only)
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
9/27/2013 9:21:28 PM, error: DCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {BA126AD1-2166-11D1-B1D0-00805FC1270E}  to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
9/26/2013 2:02:30 AM, error: Service Control Manager [7000]  - The Google Update Service (gupdate1ca28cac94c7e3e) service failed to start due to the following error:  The system cannot find the path specified.
9/26/2013 2:02:30 AM, error: Service Control Manager [7000]  - The AQFileRestoreSrv service failed to start due to the following error:  The system cannot find the file specified.
9/26/2013 2:02:30 AM, error: Service Control Manager [7000]  - The AG Core Services service failed to start due to the following error:  The system cannot find the file specified.
9/26/2013 10:17:00 PM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  %%2147942402
10/1/2013 2:57:58 PM, error: System Error [1003]  - Error code 1000000a, parameter1 01da1000, parameter2 0000001c, parameter3 00000000, parameter4 80616561.
10/1/2013 2:46:08 PM, error: Service Control Manager [7011]  - Timeout (120000 milliseconds) waiting for a transaction response from the rpcapd service.
.
==== End Of File ===========================
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.3.0
Run by Moses at 15:00:06 on 2013-10-01
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1985 [GMT -5:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\wrapper_inst\file_to_run.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webshots\Wallpaper\WallScreen.exe
c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Documents and Settings\Moses\Local Settings\Apps\2.0\4OJOA9GX.J51\765CYZQJ.1ZX\dell..tion_0f612f649c4a10af_0005.0002_7f12339d141e75ac\DellSystemDetect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by CenturyLink
uURLSearchHooks: agihelper.AGUtils: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - 
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - 
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\moses\local settings\application data\sysaver\temp.dat
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - LocalServer32 - <no file>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\6.4.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\6.4.1.14\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\6.4.1.14\coieplg.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\moses\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DellSystemDetect] c:\documents and settings\moses\start menu\programs\dell\Dell System Detect.appref-ms
uRun: [showBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" show
uRun: [Microsoft Webupdater] "c:\program files\common files\microsoft webupdater0\lgzovdrbn.exe"
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\LCDMon.exe"
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [instaLAN] "c:\program files\centurylink\home network manager\HomeNetworkManager.exe" startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Microsoft Webupdater] "c:\program files\common files\microsoft webupdater0\lgzovdrbn.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\docume~1\moses\startm~1\programs\startup\webshots wallpaper & screensaver.lnk - c:\program files\webshots\wallpaper\WallScreen.exe
StartupFolder: c:\docume~1\moses\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7619\Launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
IFEO: hijackthis.exe - k_.exe
IFEO: housecalllauncher.exe - d_.exe
IFEO: rstrui.exe - au_.exe
IFEO: spybotsd.exe - v_.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604010.00e\symds.sys [2013-9-14 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604010.00e\symefa.sys [2013-9-14 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20130924.001\BHDrvx86.sys [2013-9-23 1097304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys [2013-9-14 132768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys [2013-9-14 149624]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-2-23 32512]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2013-9-21 45288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-9-13 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20130928.002\IDSXpx86.sys [2013-9-30 380832]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\virusdefs\20131001.004\NAVENG.SYS [2013-10-1 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\virusdefs\20131001.004\NAVEX15.SYS [2013-10-1 1612376]
R3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [2007-12-21 117888]
S0 mweetla;mweetla;c:\windows\system32\drivers\kxhtd.sys --> c:\windows\system32\drivers\kxhtd.sys [?]
S2 AGCoreService;AG Core Services;"c:\program files\agi\core\4.2.0.10754\agcoreservice.exe" --> c:\program files\agi\core\4.2.0.10754\AGCoreService.exe [?]
S2 AQFileRestoreSrv;AQFileRestoreSrv;"c:\program files\avanquest\systemsuite\aqfilerestoresrv.exe" --> c:\program files\avanquest\systemsuite\AQFileRestoreSrv.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca28cac94c7e3e;Google Update Service (gupdate1ca28cac94c7e3e);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [2008-1-6 21016]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\aqfilerestore.sys --> c:\windows\system32\drivers\AQFileRestore.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-1 22856]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 TFilter;TFilter;\??\c:\progra~1\avanquest\systemsuite\tfilter.sys --> c:\progra~1\avanquest\systemsuite\TFilter.sys [?]
.
=============== File Associations ===============
.
ShellExec: oeyenc.eml.exe: open=c:\program files\jboschen\oeyenc\OeyEnc.exe /eml:%L
ShellExec: oeyenc.nws.exe: open=c:\program files\jboschen\oeyenc\OeyEnc.exe /nws:%L
.
=============== Created Last 30 ================
.
2074-05-07 23:38:48 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2013-09-22 04:08:09 40936 ----a-w- c:\windows\system32\drivers\point32.sys
2013-09-22 04:07:43 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-09-22 04:07:12 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2013-09-22 04:07:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2013-09-22 04:06:32 -------- d-----w- c:\program files\Microsoft IntelliPoint
2013-09-18 05:15:57 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-09-18 05:15:57 -------- d-----w- c:\documents and settings\moses\local settings\application data\MFAData
2013-09-18 05:15:57 -------- d-----w- c:\documents and settings\moses\local settings\application data\Avg2014
2013-09-18 05:15:57 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-09-18 05:09:07 5402832 ----a-w- c:\documents and settings\all users\application data\pclunst.exe
2013-09-18 05:09:06 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2013-09-18 04:29:11 -------- d-----w- c:\documents and settings\moses\application data\QuickScan
2013-09-17 21:17:32 -------- d-sh--w- c:\program files\common files\Microsoft Webupdater0
2013-09-17 03:43:43 -------- d-----w- c:\documents and settings\moses\application data\Izuty
2013-09-17 03:43:43 -------- d-----w- c:\documents and settings\moses\application data\Iqelcy
2013-09-17 03:43:02 -------- d-----w- c:\documents and settings\moses\application data\tor
2013-09-17 03:42:59 -------- d-----w- c:\documents and settings\moses\application data\Xiwie
2013-09-17 03:42:59 -------- d-----w- c:\documents and settings\moses\application data\Aryf
2013-09-15 19:46:33 736129 ----a-w- c:\program files\microsoft games\spidersolitaire\SpiderSolitaire.exe
2013-09-15 19:46:20 766832 ----a-w- c:\program files\microsoft games\solitaire\Solitaire.exe
2013-09-15 19:46:10 705422 ----a-w- c:\program files\microsoft games\shanghai\Shanghai.exe
2013-09-15 19:46:00 960385 ----a-w- c:\program files\microsoft games\purble place\PurblePlace.exe
2013-09-15 19:45:43 997774 ----a-w- c:\program files\microsoft games\minesweeper\Minesweeper.exe
2013-09-15 19:45:18 731009 ----a-w- c:\program files\microsoft games\hearts\Hearts.exe
2013-09-15 19:44:51 -------- d-----w- c:\documents and settings\moses\local settings\application data\Microsoft Games
2013-09-15 19:44:50 732160 ----a-w- c:\program files\microsoft games\freecell\Freecell.exe
2013-09-15 19:42:57 61440 ----a-w- c:\windows\system32\Vista.Emulation.dll
2013-09-15 19:42:38 -------- d-----w- c:\program files\Vista Games
2013-09-15 18:18:33 -------- d-----w- c:\documents and settings\moses\local settings\application data\SySaver
2013-09-14 19:26:53 924320 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\symefa.sys
2013-09-14 19:26:53 388216 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symtdi.sys
2013-09-14 19:26:53 345208 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symtdiv.sys
2013-09-14 19:26:53 340088 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symds.sys
2013-09-14 19:26:53 32928 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\srtspx.sys
2013-09-14 19:26:53 318584 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\symnets.sys
2013-09-14 19:26:52 574112 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\srtsp.sys
2013-09-14 19:26:52 149624 ----a-r- c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys
2013-09-14 19:26:52 132768 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys
2013-09-14 19:26:37 8942 ----a-w- c:\windows\system32\drivers\n360\0604010.00e\symvtcer.dat
2013-09-14 19:26:37 -------- d-----w- c:\windows\system32\drivers\n360\0604010.00E
2013-09-14 16:19:25 -------- d-----w- c:\windows\system32\MRT
2013-09-14 05:12:40 712264 ----a-w- c:\windows\is-JEM1A.exe
2013-09-14 04:04:45 -------- d-----w- c:\documents and settings\all users\application data\Kristanix Games
2013-09-14 03:38:50 -------- d-----w- c:\program files\Softgame Company
2013-09-14 03:29:35 -------- d-----w- c:\windows\Application Data
2013-09-14 01:13:47 -------- d-----w- c:\program files\wrapper_inst
2013-09-14 00:14:55 -------- d-----w- C:\5e6da590d1206310ac5c8b68b22f43
2013-09-14 00:07:29 -------- d-----w- c:\windows\system32\drivers\N360
2013-09-14 00:07:21 -------- d-----w- c:\program files\Norton 360 Premier Edition
2013-09-13 22:27:04 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-09-13 22:27:04 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-09-13 21:24:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-09-13 21:24:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-09-12 19:40:46 453152 ----a-w- c:\windows\system32\nvudisp.exe
2013-09-12 19:21:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-09-12 19:21:37 -------- d-----w- c:\windows\system32\wbem\Repository
2013-09-12 19:04:56 -------- d-----w- c:\windows\NV59845980.TMP
2013-09-12 18:56:12 -------- d-----w- c:\windows\nview
2013-09-12 18:56:11 -------- d-----w- c:\windows\NV27966000.TMP
2013-09-12 18:55:28 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-09-12 18:30:41 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-09-12 18:30:41 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-09-12 18:30:41 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-09-12 18:29:58 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-09-12 18:29:58 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 18:29:58 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 18:29:58 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 18:29:58 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-09-12 18:29:57 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 18:15:46 -------- d-----w- c:\program files\NVIDIA Corporation
2013-09-04 17:47:08 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-09-04 17:44:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-09-03 13:53:52 187248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-14 00:09:33 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2013-09-14 00:09:33 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ------w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 15:05:14.64 ===============
 

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.7.0 [sep 30 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Moses [Admin rights]

Mode : Scan -- Date : 10/01/2013 15:55:16

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[iFEO] HKLM\[...]\hijackthis.exe : Debugger (k_.exe [x]) -> FOUND

[iFEO] HKLM\[...]\housecalllauncher.exe : Debugger (d_.exe [x]) -> FOUND

[iFEO] HKLM\[...]\rstrui.exe : Debugger (au_.exe [x]) -> FOUND

[iFEO] HKLM\[...]\spybotsd.exe : Debugger (v_.exe [x]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x87A86F70)

[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x87B44C60)

[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x87B1B910)

[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x87B16F70)

[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x87B578D0)

[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x87A86D98)

[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x87B16E20)

[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x87A94580)

[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x87A86A80)

[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x87B239A0)

[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x87AF5DA0)

[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x87A86E40)

[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x87A86ED8)

[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x87BFFC90)

[Address] SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x87AF5CE8)

[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x87A86D00)

[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x87A944F8)

[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x87B1B998)

[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x87A86BD0)

[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x87B23A28)

[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x87B16EC8)

[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x87B44CF8)

[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x87B446A0)

[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x87B44738)

[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x87A86B18)

[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x87A86C68)

[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x87B44D90)

[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x87AF6670)

[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x87B44608)

[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x87AF5C50)

[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x87B1B848)

[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87A9B218)

[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AF0E130)

[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A5789D8)

[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87ABE3C8)

[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87A966B0)

[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x87A87730)

[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x87B16998)

[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87AC0B70)

[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87B62340)

[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x87432390)

[inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x28C8C016)

[inline] EAT @explorer.exe (_environ) : MSVCR90.dll -> HOOKED (Unknown @ 0x785CA522)

[inline] EAT @explorer.exe (_environ) : MSVCR80.dll -> HOOKED (Unknown @ 0x02173216)

[inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0xEC172D35)

[inline] EAT @explorer.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)

[inline] EAT @explorer.exe (?s_pszStartingCharsLCase@CReservedWordTable@@0PBGB) : fastprox.dll -> HOOKED (Unknown @ 0x05E54A6B)

[inline] EAT @explorer.exe (_environ) : MSVCR100_CLR0400.dll -> HOOKED (Unknown @ 0x08667746)

[inline] EAT @explorer.exe (?_M_truename@?$numpunct@D@_STL@@1V?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@2@A) : stlport_vc7145.dll -> HOOKED (Unknown @ 0x4A553666)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9200420ASG +++++

--- User ---

[MBR] c2427c7aefee7f479b39d16257337868

[bSP] dfe4c0bfa859120fb83a6a1aa43abcee : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 184967 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 378973350 | Size: 2557 Mo

3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 384210540 | Size: 3176 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10012013_155516.txt >>
Link to post
Share on other sites

Please uninstall SySaver from your add/remove programs.
http://www.systemlookup.com/CLSID/77542-temp_dat.html

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

www.malwarebytes.org

 

Database version: v2013.07.26.06

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Moses :: SHUTTLE [administrator]

 

10/2/2013 7:37:27 PM

mbar-log-2013-10-02 (19-37-27).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 256728

Time elapsed: 42 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 4

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot.

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe (Security.Hijack) -> Delete on reboot.

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot.

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 3219116032, free: 1839525888

 

Downloaded database version: v2013.10.02.01

Downloaded database version: v2013.09.30.01

Initializing...

======================

------------ Kernel report ------------

     10/01/2013 21:11:01

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

iaStor.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\physX32.sys

\SystemRoot\system32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btkrnl.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\drivers\btaudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\sthda.sys

\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.004\NAVEX15.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.004\NAVENG.SYS

\SystemRoot\System32\Drivers\btwusb.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\Wdf01000.sys

\SystemRoot\system32\DRIVERS\point32.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Cdr4_xp.SYS

\SystemRoot\System32\Drivers\Cdralw2k.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_M.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20130928.002\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResM.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABMFSM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\mrxdav.sys

\??\C:\Program Files\Broadcom\BACS\BASFND.sys

\??\C:\WINDOWS\system32\drivers\btserial.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8aeb8ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xffffffff8af65030

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8aeb8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aeba908, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aeb8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8af65030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 41AB2316

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 160587

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 160650  Numsec = 378812700

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 378973350  Numsec = 5237190

 

    Partition 3 type is Other (0xdb)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 384210540  Numsec = 6506325

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Done!

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 3219116032, free: 1647173632

 

Downloaded database version: v2013.10.02.01

Downloaded database version: v2013.09.30.01

Initializing...

=======================================

------------ Kernel report ------------

     10/01/2013 22:48:58

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

iaStor.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\physX32.sys

\SystemRoot\system32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btkrnl.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\drivers\btaudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\sthda.sys

\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.017\NAVEX15.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.017\NAVENG.SYS

\SystemRoot\System32\Drivers\btwusb.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\Wdf01000.sys

\SystemRoot\system32\DRIVERS\point32.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Cdr4_xp.SYS

\SystemRoot\System32\Drivers\Cdralw2k.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_M.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResM.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABMFSM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\mrxdav.sys

\??\C:\Program Files\Broadcom\BACS\BASFND.sys

\??\C:\WINDOWS\system32\drivers\btserial.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a9c0ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xffffffff8af66030

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a9c0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8af578f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a9c0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8af66030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 41AB2316

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 160587

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 160650  Numsec = 378812700

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 378973350  Numsec = 5237190

 

    Partition 3 type is Other (0xdb)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 384210540  Numsec = 6506325

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Done!

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]

Scan Interrupted

Scan was aborted.

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 3219116032, free: 2126794752

 

Initializing...

======================

------------ Kernel report ------------

     10/02/2013 17:01:34

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

iaStor.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\physX32.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btkrnl.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\drivers\btaudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\sthda.sys

\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\SystemRoot\System32\Drivers\btwusb.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\Wdf01000.sys

\SystemRoot\system32\DRIVERS\point32.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Cdr4_xp.SYS

\SystemRoot\System32\Drivers\Cdralw2k.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_M.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResM.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABMFSM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\??\C:\Program Files\Broadcom\BACS\BASFND.sys

\??\C:\WINDOWS\system32\drivers\btserial.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVEX15.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVENG.SYS

\SystemRoot\system32\DRIVERS\b57xp32.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8aebd030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xffffffff8af50030

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8aebd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8af6c8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aebd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8af50030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 41AB2316

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 160587

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 160650  Numsec = 378812700

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 378973350  Numsec = 5237190

 

    Partition 3 type is Other (0xdb)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 384210540  Numsec = 6506325

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Done!

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 3219116032, free: 2232762368

 

Initializing...

======================

------------ Kernel report ------------

     10/02/2013 17:41:55

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

iaStor.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\physX32.sys

\SystemRoot\system32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btkrnl.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\drivers\btaudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\sthda.sys

\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys

\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Cdr4_xp.SYS

\SystemRoot\System32\Drivers\Cdralw2k.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_M.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\System32\Drivers\btwusb.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\Wdf01000.sys

\SystemRoot\system32\DRIVERS\point32.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResM.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABMFSM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\??\C:\Program Files\Broadcom\BACS\BASFND.sys

\??\C:\WINDOWS\system32\drivers\btserial.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8afd25a8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xffffffff8af4f030

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8afd25a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aeb3908, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8afd25a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8af4f030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 41AB2316

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 160587

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 160650  Numsec = 378812700

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 378973350  Numsec = 5237190

 

    Partition 3 type is Other (0xdb)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 384210540  Numsec = 6506325

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Done!

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack]

Scan finished

Creating System Restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 3219116032, free: 2608160768

 

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 3219116032, free: 2236424192

 

=======================================

Initializing...

------------ Kernel report ------------

     10/02/2013 18:43:29

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

\WINDOWS\system32\drivers\CLASSPNP.SYS

imofugc.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

iaStor.sys

disk.sys

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\physX32.sys

\SystemRoot\system32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btkrnl.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\drivers\btaudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\sthda.sys

\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS

\SystemRoot\System32\Drivers\btwusb.sys

\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVEX15.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVENG.SYS

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\Wdf01000.sys

\SystemRoot\system32\DRIVERS\point32.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Cdr4_xp.SYS

\SystemRoot\System32\Drivers\Cdralw2k.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_M.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResM.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABMFSM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\mrxdav.sys

\??\C:\Program Files\Broadcom\BACS\BASFND.sys

\??\C:\WINDOWS\system32\drivers\btserial.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8af61030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xffffffff8a9c1030

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8af61030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8afb8198, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8af61030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a9c1030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 41AB2316

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 160587

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 160650  Numsec = 378812700

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 378973350  Numsec = 5237190

 

    Partition 3 type is Other (0xdb)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 384210540  Numsec = 6506325

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Done!

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack]

Scan finished

Creating System Restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.395000 GHz

Memory total: 3219116032, free: 2653536256

 

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.395000 GHz

Memory total: 3219116032, free: 2185707520

 

Host not found

=======================================

Initializing...

------------ Kernel report ------------

     10/02/2013 19:37:04

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

\WINDOWS\system32\drivers\CLASSPNP.SYS

imofugc.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

iaStor.sys

disk.sys

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\physX32.sys

\SystemRoot\system32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btkrnl.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\drivers\btaudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\sthda.sys

\??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys

\SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Cdr4_xp.SYS

\SystemRoot\System32\Drivers\Cdralw2k.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_M.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\System32\Drivers\btwusb.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\Wdf01000.sys

\SystemRoot\system32\DRIVERS\point32.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResM.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABMFSM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\??\C:\Program Files\Broadcom\BACS\BASFND.sys

\??\C:\WINDOWS\system32\drivers\btserial.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8af63030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xffffffff8a9c0030

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8af63030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8af6b908, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8af63030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a9c0030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 41AB2316

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 160587

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 160650  Numsec = 378812700

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 378973350  Numsec = 5237190

 

    Partition 3 type is Other (0xdb)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 384210540  Numsec = 6506325

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Done!

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack]

Scan finished

Creating System Restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 3219116032, free: 2610515968

 

=======================================

 

Link to post
Share on other sites

Don't worry about those for now.

Run ComboFix:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I ran Combofix and it went all the way through and restarted to my normal desktop with the blue box telling me it was preparing a log and after there is still  no log. I really appreciate you taking your time to assist me. Maybe I have been doing something wrong or just a bad infection?  There was a baloon popup in the lower right corner of my tool bar saying "pev,3xe-corrupt file" and "c:\\windows\prefetch\ CCSVCHST.EXE-2237-2237FED6.PF   Corrupt and unreadable Run chkdsk utility"         Thank you, Roger

Link to post
Share on other sites

OK, lets do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system) (32bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Link to post
Share on other sites


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013

Ran by Moses (administrator) on SHUTTLE on 03-10-2013 19:18:23

Running from C:\Documents and Settings\Moses\My Documents\Downloads

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

() C:\WINDOWS\System32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Affinegy, Inc.) C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\Program Files\wrapper_inst\file_to_run.exe

(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

(SigmaTel, Inc.) C:\WINDOWS\system32\STacSV.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe

(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe

(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe

(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe

(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe

(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\Quickset.exe

(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe

(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe

(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-07-17] (Synaptics, Inc.)

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [nwiz] - nwiz.exe /installquiet

HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)

HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [775952 2007-07-17] (Logitech Inc.)

HKLM\...\Run: [sigmatelSysTrayApp] - C:\Windows\stsystra.exe [405504 2007-07-17] (SigmaTel, Inc.)

HKLM\...\Run: [instaLAN] - C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe [1144128 2009-10-05] (Affinegy, Inc.)

HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-10-09] ( )

HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [Dell QuickSet] - C:\Program Files\Dell\QuickSet\Quickset.exe [1245184 2008-02-22] (Dell Inc.)

HKLM\...\Run: [iSUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296056 2012-06-17] (RealNetworks, Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [NVHotkey] - rundll32.exe nvHotkey.dll,Start

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [Windows Update Service] - "C:\Program Files\Common Files\Windows Update Service0\wfwhhydlr.exe"

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [1343488 2006-04-07] (AWS Convergence Technologies, Inc.)

HKCU\...\Run: [showBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()

HKCU\...\Run: [Windows Update Service] - "C:\Program Files\Common Files\Windows Update Service0\wfwhhydlr.exe"

IMEO\hijackthis.exe: [Debugger] kbqiypzy_.exe

IMEO\housecalllauncher.exe: [Debugger] pghyfxdb_.exe

IMEO\rstrui.exe: [Debugger] j_.exe

IMEO\spybotsd.exe: [Debugger] sttezftc_.exe

BootExecute: autocheck autochk /r \??\C:autocheck autochk * 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)



SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}




SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis


SearchScopes: HKCU - {E38984B5-F962-4D01-8CED-5C73AA668B9F} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english

BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -  No File

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {84A6AEA7-C34B-4246-9A00-05AD7A36BF00} -  No File

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab





DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab


DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll



DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB


DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab

DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} https://www.lojackforlaptops.com/ctmweb/testoc.cab

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelgraphics.com/l2/bin/cortvrml.cab



DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab


DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB






DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} http://fdl.msn.com/public/investor/v13/ticker.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1

CHR Extension: (The Simple Life) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jjbgfbonmdidcihleedajlcaidfhffac\1_0

CHR Extension: (Norton Identity Protection) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.18.4_1

CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1

CHR Extension: (Gmail) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\Exts\Chrome.crx

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)

R2 AffinegyService; C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe [390464 2009-10-05] (Affinegy, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)

R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)

R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2008-02-22] (Dell Inc.)

R2 pcregservice; C:\Program Files\wrapper_inst\file_to_run.exe [31344 2013-09-13] ()

R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)

R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)

R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2007-07-17] (SigmaTel, Inc.)

S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)

R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)

S2 AGCoreService; "C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe" [x]

S2 AQFileRestoreSrv; "C:\Program Files\Avanquest\SystemSuite\AQFileRestoreSrv.exe" [x]

S2 gupdate1ca28cac94c7e3e; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]

S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

S2 MaxBackServiceInt; "C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [x]

S2 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 AFGSp50; C:\Windows\System32\Drivers\AFGSp50.sys [27072 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA))

R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)

R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-17] (Broadcom Corporation)

R2 BASFND; C:\Program Files\Broadcom\BACS\BASFND.sys [10480 2007-06-20] (Broadcom Corporation)

R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation)

R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-23] (Symantec Corporation)

R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [328237 2006-05-24] (Broadcom Corporation.)

S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30427 2006-05-24] (Broadcom Corporation.)

R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [851434 2006-05-24] (Broadcom Corporation.)

R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-05-24] (Broadcom Corporation.)

S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148900 2006-05-24] (Broadcom Corporation.)

S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [45683 2006-05-24] (Broadcom Corporation.)

S3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [30285 2006-05-24] (Broadcom Corporation.)

R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66488 2006-05-24] (Broadcom Corporation.)

R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)

R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9072 2009-10-20] (Sonic Solutions)

R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9200 2009-10-20] (Sonic Solutions)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-24] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-13] (Symantec Corporation)

S2 HidCom; C:\Windows\System32\DRIVERS\HidCom.sys [21016 2004-08-10] (Cypress Semiconductor)

R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131003.001\IDSxpx86.sys [380832 2013-09-13] (Symantec Corporation)

S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36736 2006-03-28] (Logitech, Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15104 2004-07-09] (Microsoft Corporation)

S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)

R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131003.009\NAVENG.SYS [93272 2013-09-24] (Symantec Corporation)

R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131003.009\NAVEX15.SYS [1612376 2013-09-24] (Symantec Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA))

R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-06-07] (Creative Technology Ltd.)

S3 RT25USBAP; C:\Windows\System32\DRIVERS\rt25usbap.sys [162816 2006-04-10] (Ralink Technology Inc.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2004-07-22] (Prolific Technology Inc.)

R1 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)

R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-07-17] (SigmaTel, Inc.)

R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [141944 2013-09-13] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)

R1 SYMTDI; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDI.SYS [388216 2011-11-16] (Symantec Corporation)

S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)

S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.)

S3 AFGMp50; System32\Drivers\AFGMp50.sys [x]

S3 AQFileRestore; system32\DRIVERS\AQFileRestore.sys [x]

S3 catchme; \??\C:\DOCUME~1\Moses\LOCALS~1\Temp\catchme.sys [x]

S3 LMouKE; system32\DRIVERS\LMouKE.Sys [x]

S0 mweetla; System32\drivers\kxhtd.sys [x]

S3 neokdss; system32\Drivers\neokdss.sys [x]

S3 rt2870; system32\DRIVERS\rt2870.sys [x]

S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S3 TFilter; \??\C:\PROGRA~1\Avanquest\SystemSuite\TFilter.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\FRST

2013-10-03 17:15 - 2013-10-03 18:46 - 00000000 __SHD C:\Program Files\Common Files\Windows Update Service0

2013-10-03 17:02 - 2013-10-03 17:02 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG

2013-10-03 16:44 - 2013-10-03 17:16 - 00000000 ____D C:\ComboFix

2013-10-03 16:23 - 2013-10-03 16:24 - 05130107 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\ComboFix.exe

2013-10-03 15:27 - 2013-10-03 15:27 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MAYO.wps

2013-10-03 12:33 - 2013-10-03 12:33 - 00000000 _RSHD C:\cmdcons

2013-10-03 12:33 - 2012-02-19 23:11 - 00000211 _____ C:\Boot.bak

2013-10-03 12:33 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr

2013-10-03 12:25 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2013-10-03 12:25 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2013-10-03 12:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2013-10-03 12:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2013-10-03 12:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2013-10-03 12:25 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2013-10-03 12:25 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe

2013-10-03 12:25 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe

2013-10-03 12:25 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe

2013-10-02 22:15 - 2013-10-03 17:04 - 00000000 ____D C:\Qoobox

2013-10-02 22:13 - 2013-10-03 17:02 - 00000000 ____D C:\WINDOWS\erdnt

2013-10-02 17:24 - 2013-10-02 17:24 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-02.dmp

2013-10-02 11:22 - 2013-10-02 11:22 - 00012800 _____ C:\Documents and Settings\Moses\Desktop\Chicken-n-Slicks.wps

2013-10-02 00:11 - 2013-10-02 00:11 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp

2013-10-01 22:26 - 2013-10-01 22:26 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-02.dmp

2013-10-01 21:04 - 2013-10-02 20:33 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\mbar

2013-10-01 21:01 - 2013-10-01 21:03 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Moses\Desktop\mbar-1.07.0.1005.exe

2013-10-01 15:55 - 2013-10-01 15:55 - 00006600 _____ C:\Documents and Settings\Moses\Desktop\RKreport[0]_S_10012013_155516.txt

2013-10-01 15:50 - 2013-10-01 15:55 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RK_Quarantine

2013-10-01 15:50 - 2013-10-01 15:50 - 00948736 _____ C:\Documents and Settings\Moses\Desktop\RogueKiller.exe

2013-10-01 15:05 - 2013-10-01 15:12 - 00023133 _____ C:\Documents and Settings\Moses\Desktop\dds.txt

2013-10-01 15:05 - 2013-10-01 15:11 - 00025728 _____ C:\Documents and Settings\Moses\Desktop\attach.txt

2013-10-01 14:51 - 2013-10-01 14:51 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp

2013-10-01 14:41 - 2013-10-01 14:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\dds.com

2013-09-29 11:45 - 2013-09-29 11:45 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MALWARE.wps

2013-09-28 19:07 - 2013-09-28 19:07 - 00010240 _____ C:\Documents and Settings\Moses\Desktop\Christmas.wps

2013-09-28 01:12 - 2013-09-28 14:28 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Webshots

2013-09-28 01:11 - 2013-09-28 01:11 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\WebShots Playlist

2013-09-28 01:10 - 2013-09-28 01:22 - 62821672 _____ (Webshots                                                    ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest (1).exe

2013-09-28 00:56 - 2013-09-28 01:07 - 62821672 _____ (Webshots                                                    ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest.exe

2013-09-24 19:42 - 2013-09-25 00:41 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Smoothie and Juice

2013-09-23 15:27 - 2013-09-23 15:27 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Chili 'Pie'.wps

2013-09-21 23:08 - 2013-09-22 02:20 - 00000290 _____ C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf

2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf

2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse

2013-09-21 23:08 - 2011-08-01 15:56 - 00040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\point32.sys

2013-09-21 23:07 - 2013-09-21 23:07 - 00004259 _____ C:\WINDOWS\Wdf01009Inst.log

2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$

2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2013-09-21 23:07 - 2011-08-01 15:56 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll

2013-09-21 23:07 - 2011-08-01 15:56 - 00045288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys

2013-09-21 23:07 - 2008-11-07 18:55 - 00016928 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll

2013-09-21 23:06 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint

2013-09-19 01:15 - 2013-09-19 01:15 - 00019456 _____ C:\Documents and Settings\Moses\Desktop\Slow Cooker Beef Bourguignon.wps

2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\MFAData

2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Avg2014

2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData

2013-09-18 00:09 - 2013-09-18 00:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data

2013-09-18 00:09 - 2013-09-18 00:08 - 05402832 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe

2013-09-17 23:29 - 2013-09-17 23:29 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\QuickScan

2013-09-17 23:24 - 2013-09-17 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee

2013-09-17 16:17 - 2013-10-03 17:15 - 00000000 __SHD C:\Program Files\Common Files\Microsoft Webupdater0

2013-09-16 22:43 - 2013-09-18 01:03 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\tor

2013-09-16 22:42 - 2013-09-18 01:20 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Aryf

2013-09-16 22:42 - 2013-09-17 23:00 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Xiwie

2013-09-15 14:44 - 2013-09-15 14:46 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Vista Games

2013-09-15 14:44 - 2013-09-15 14:46 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Microsoft Games

2013-09-15 14:44 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Microsoft Games

2013-09-15 14:42 - 2013-09-15 14:42 - 00000000 ____D C:\Program Files\Vista Games

2013-09-15 14:42 - 2007-05-17 07:55 - 00061440 _____ (Rafael & ZoRoNaX) C:\WINDOWS\system32\Vista.Emulation.dll

2013-09-15 13:18 - 2013-10-01 20:39 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\SySaver

2013-09-15 01:45 - 2013-09-15 01:45 - 04663296 _____ C:\Documents and Settings\Moses\My Documents\Little Go Bipe.wps

2013-09-14 17:30 - 2013-09-14 17:30 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Dell DVD DRIVE.wps

2013-09-14 12:43 - 2013-09-14 12:43 - 00139192 _____ C:\WINDOWS\KB2870699-IE8.log

2013-09-14 12:38 - 2013-09-14 12:38 - 00132666 _____ C:\WINDOWS\KB2834886.log

2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$

2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$

2013-09-14 12:28 - 2013-09-14 12:28 - 00129216 _____ C:\WINDOWS\KB2834904-v2.log

2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$

2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$

2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$

2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$

2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$

2013-09-14 12:20 - 2013-09-14 12:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$

2013-09-14 12:13 - 2013-09-14 12:13 - 00131753 _____ C:\WINDOWS\KB2753842-v2.log

2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$

2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$

2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$

2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$

2013-09-14 12:02 - 2013-09-14 12:02 - 00130837 _____ C:\WINDOWS\KB2807986.log

2013-09-14 12:02 - 2013-09-14 12:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$

2013-09-14 12:01 - 2013-09-14 12:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$

2013-09-14 12:00 - 2013-09-14 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$

2013-09-14 11:59 - 2013-09-14 11:59 - 00130600 _____ C:\WINDOWS\KB2820197.log

2013-09-14 11:59 - 2013-09-14 11:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$

2013-09-14 11:58 - 2013-09-14 11:58 - 00127218 _____ C:\WINDOWS\KB2863058.log

2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$

2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$

2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$

2013-09-14 11:56 - 2013-09-14 11:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$

2013-09-14 11:44 - 2013-09-14 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$

2013-09-14 11:43 - 2013-09-14 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$

2013-09-14 11:19 - 2013-09-14 11:29 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-09-14 11:10 - 2013-09-14 11:10 - 00013312 _____ C:\Documents and Settings\Moses\Desktop\BofA 09-16-12.wps

2013-09-14 00:12 - 2013-09-14 00:12 - 00712264 _____ C:\WINDOWS\is-JEM1A.exe

2013-09-14 00:12 - 2013-09-14 00:12 - 00011277 _____ C:\WINDOWS\is-JEM1A.msg

2013-09-14 00:12 - 2013-09-14 00:12 - 00000418 _____ C:\WINDOWS\is-JEM1A.lst

2013-09-13 23:04 - 2013-09-13 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kristanix Games

2013-09-13 22:52 - 2013-09-13 22:52 - 00001168 _____ C:\WINDOWS\msvxdll.ini

2013-09-13 22:38 - 2013-09-13 22:38 - 00000000 ____D C:\Program Files\Softgame Company

2013-09-13 20:14 - 2013-10-02 22:17 - 00000368 _____ C:\WINDOWS\Tasks\At1.job

2013-09-13 20:14 - 2013-10-02 22:17 - 00000298 _____ C:\WINDOWS\Tasks\pcreg.job

2013-09-13 20:13 - 2013-09-26 15:27 - 00000000 ____D C:\Program Files\wrapper_inst

2013-09-13 19:14 - 2013-09-13 19:14 - 00000000 ____D C:\5e6da590d1206310ac5c8b68b22f43

2013-09-13 19:09 - 2013-09-15 11:35 - 00002004 _____ C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK

2013-09-13 19:07 - 2013-09-15 11:37 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360

2013-09-13 19:07 - 2013-09-15 11:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 Premier Edition

2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Program Files\Norton 360 Premier Edition

2013-09-13 18:53 - 2013-09-13 19:06 - 00000779 _____ C:\Documents and Settings\Moses\Desktop\Norton Installation Files.lnk

2013-09-13 17:41 - 2013-09-14 12:39 - 00146067 _____ C:\WINDOWS\KB2758857.log

2013-09-13 17:36 - 2013-09-14 12:28 - 00144768 _____ C:\WINDOWS\KB2802968.log

2013-09-13 17:34 - 2013-09-14 12:27 - 00144909 _____ C:\WINDOWS\KB2780091.log

2013-09-13 17:34 - 2013-09-14 12:27 - 00142115 _____ C:\WINDOWS\KB2845187.log

2013-09-13 17:34 - 2013-09-14 12:25 - 00143548 _____ C:\WINDOWS\KB2876315.log

2013-09-13 17:34 - 2013-09-14 12:25 - 00142066 _____ C:\WINDOWS\KB2876217.log

2013-09-13 17:30 - 2013-09-14 12:21 - 00141543 _____ C:\WINDOWS\KB2864063.log

2013-09-13 17:29 - 2013-09-14 12:13 - 00141584 _____ C:\WINDOWS\KB2850869.log

2013-09-13 17:27 - 2013-09-14 12:03 - 00142715 _____ C:\WINDOWS\KB2859537.log

2013-09-13 17:27 - 2013-02-11 19:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys

2013-09-13 17:27 - 2013-02-11 19:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys

2013-09-13 17:26 - 2013-09-14 12:01 - 00142899 _____ C:\WINDOWS\KB2820917.log

2013-09-13 17:26 - 2013-09-14 12:00 - 00142080 _____ C:\WINDOWS\KB2757638.log

2013-09-13 17:26 - 2013-09-14 11:59 - 00142372 _____ C:\WINDOWS\KB2749655.log

2013-09-13 17:25 - 2013-09-14 11:56 - 00140492 _____ C:\WINDOWS\KB2727528.log

2013-09-13 17:24 - 2013-09-14 11:44 - 00141302 _____ C:\WINDOWS\KB2661254-v2.log

2013-09-13 17:23 - 2013-09-14 11:43 - 00143370 _____ C:\WINDOWS\KB2813345.log

2013-09-13 16:23 - 2013-09-13 16:24 - 00000000 ____D C:\Program Files\QuickTime

2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2013-09-13 15:39 - 2013-09-25 00:59 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RECIPIES

2013-09-12 14:40 - 2013-10-03 18:45 - 00185449 _____ C:\WINDOWS\system32\nvapps.xml

2013-09-12 14:40 - 2008-10-23 02:09 - 00453152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvudisp.exe

2013-09-12 14:12 - 2013-09-20 09:24 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Dell

2013-09-12 14:04 - 2013-09-12 14:14 - 00000000 ____D C:\WINDOWS\NV59845980.TMP

2013-09-12 13:56 - 2013-09-12 14:45 - 00000000 ____D C:\WINDOWS\nview

2013-09-12 13:56 - 2013-09-12 14:14 - 00000000 ____D C:\WINDOWS\NV27966000.TMP

2013-09-12 13:56 - 2008-10-23 02:09 - 00018477 _____ C:\WINDOWS\system32\nvdisp.nvu

2013-09-12 13:55 - 2008-10-20 23:16 - 00453152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE

2013-09-12 13:33 - 2013-01-31 06:22 - 00015449 _____ C:\WINDOWS\system32\nvinfo.pb

2013-09-12 13:30 - 2013-09-12 13:34 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin

2013-09-12 13:30 - 2013-09-12 13:34 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin

2013-09-12 13:30 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin

2013-09-12 13:30 - 2013-09-12 13:30 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk

2013-09-12 13:29 - 2013-01-31 06:22 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2013-09-12 13:29 - 2013-01-31 06:22 - 05967872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2013-09-12 13:29 - 2013-01-31 06:22 - 02816504 _____ C:\WINDOWS\system32\nvdata.data

2013-09-12 13:29 - 2013-01-31 06:22 - 02581792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2013-09-12 13:29 - 2013-01-31 06:22 - 01869088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll

2013-09-12 13:29 - 2013-01-31 06:22 - 01010464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll

2013-09-12 13:29 - 2013-01-31 06:22 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll

2013-09-12 13:15 - 2013-09-12 14:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-09-12 13:05 - 2013-09-12 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA

2013-09-12 11:36 - 2013-09-12 11:37 - 00008628 ____H C:\WINDOWS\system32\SafeGuard20.GID

2013-09-12 11:18 - 2013-09-12 11:18 - 00000000 _____ C:\WINDOWS\SafeGuard20.INI

2013-09-11 09:16 - 2013-10-03 18:45 - 00000412 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Moses.job

2013-09-11 09:11 - 2013-10-02 09:19 - 00000406 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Moses.job

2013-09-11 09:11 - 2013-10-02 09:19 - 00000402 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_Moses.job

2013-09-04 12:48 - 2013-09-04 12:48 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache

2013-09-04 12:47 - 2013-09-04 12:47 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll

2013-09-04 12:44 - 2013-09-04 12:44 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe

 

==================== One Month Modified Files and Folders =======

 

2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\FRST

2013-10-03 19:17 - 2008-04-07 16:10 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB70761C-307A-4237-8C57-61685BA35B49}.job

2013-10-03 18:53 - 2012-05-03 19:47 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005UA.job

2013-10-03 18:46 - 2013-10-03 17:15 - 00000000 __SHD C:\Program Files\Common Files\Windows Update Service0

2013-10-03 18:45 - 2013-09-12 14:40 - 00185449 _____ C:\WINDOWS\system32\nvapps.xml

2013-10-03 18:45 - 2013-09-11 09:16 - 00000412 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Moses.job

2013-10-03 18:45 - 2007-12-21 05:35 - 00027839 _____ C:\WINDOWS\system32\nvModes.001

2013-10-03 18:45 - 2004-08-11 18:13 - 01564097 _____ C:\WINDOWS\WindowsUpdate.log

2013-10-03 18:45 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-10-03 18:44 - 2004-08-11 18:09 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-10-03 18:44 - 2004-08-11 18:09 - 00000049 _____ C:\WINDOWS\wiaservc.log

2013-10-03 18:42 - 2012-01-13 22:21 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job

2013-10-03 18:42 - 2010-11-18 11:05 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110049081-3069564722-2619245935-1005.job

2013-10-03 18:42 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-10-03 18:40 - 2004-08-11 18:20 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt

2013-10-03 17:21 - 2012-01-13 22:21 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job

2013-10-03 17:16 - 2013-10-03 16:44 - 00000000 ____D C:\ComboFix

2013-10-03 17:15 - 2013-09-17 16:17 - 00000000 __SHD C:\Program Files\Common Files\Microsoft Webupdater0

2013-10-03 17:07 - 2004-08-11 18:00 - 00000242 _____ C:\WINDOWS\system.ini

2013-10-03 17:04 - 2013-10-02 22:15 - 00000000 ____D C:\Qoobox

2013-10-03 17:02 - 2013-10-03 17:02 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG

2013-10-03 17:02 - 2013-10-02 22:13 - 00000000 ____D C:\WINDOWS\erdnt

2013-10-03 17:02 - 2008-01-03 18:09 - 00000178 ___SH C:\Documents and Settings\Moses\ntuser.ini

2013-10-03 17:02 - 2004-08-11 12:06 - 53477376 _____ C:\WINDOWS\system32\config\SOFTWARE.bak

2013-10-03 17:02 - 2004-08-11 12:06 - 08912896 _____ C:\WINDOWS\system32\config\SYSTEM.bak

2013-10-03 17:02 - 2004-08-11 12:06 - 00786432 _____ C:\WINDOWS\system32\config\DEFAULT.bak

2013-10-03 17:02 - 2004-08-11 12:06 - 00073728 _____ C:\WINDOWS\system32\config\SECURITY.bak

2013-10-03 17:02 - 2004-08-11 12:06 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak

2013-10-03 16:58 - 2008-01-03 18:09 - 00000000 ____D C:\Documents and Settings\Moses

2013-10-03 16:24 - 2013-10-03 16:23 - 05130107 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\ComboFix.exe

2013-10-03 15:27 - 2013-10-03 15:27 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MAYO.wps

2013-10-03 15:27 - 2008-01-05 01:07 - 00039802 _____ C:\Documents and Settings\Moses\Application Data\wklnhst.dat

2013-10-03 15:27 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

2013-10-03 12:33 - 2013-10-03 12:33 - 00000000 _RSHD C:\cmdcons

2013-10-03 12:33 - 2004-08-11 18:00 - 00000327 __RSH C:\boot.ini

2013-10-02 22:17 - 2013-09-13 20:14 - 00000368 _____ C:\WINDOWS\Tasks\At1.job

2013-10-02 22:17 - 2013-09-13 20:14 - 00000298 _____ C:\WINDOWS\Tasks\pcreg.job

2013-10-02 20:42 - 2010-01-15 15:19 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Deployment

2013-10-02 20:34 - 2008-01-04 00:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB920872$

2013-10-02 20:33 - 2013-10-01 21:04 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\mbar

2013-10-02 17:34 - 2008-01-03 23:36 - 00000000 __SHD C:\WINDOWS\CSC

2013-10-02 17:24 - 2013-10-02 17:24 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-02.dmp

2013-10-02 17:24 - 2008-10-16 13:59 - 00000000 ____D C:\WINDOWS\Minidump

2013-10-02 15:53 - 2012-05-03 19:47 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005Core.job

2013-10-02 15:44 - 2011-03-08 22:10 - 00522696 _____ C:\WINDOWS\setupapi.log

2013-10-02 11:22 - 2013-10-02 11:22 - 00012800 _____ C:\Documents and Settings\Moses\Desktop\Chicken-n-Slicks.wps

2013-10-02 09:19 - 2013-09-11 09:11 - 00000406 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Moses.job

2013-10-02 09:19 - 2013-09-11 09:11 - 00000402 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_Moses.job

2013-10-02 00:11 - 2013-10-02 00:11 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp

2013-10-01 22:26 - 2013-10-01 22:26 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-02.dmp

2013-10-01 21:03 - 2013-10-01 21:01 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Moses\Desktop\mbar-1.07.0.1005.exe

2013-10-01 20:39 - 2013-09-15 13:18 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\SySaver

2013-10-01 15:55 - 2013-10-01 15:55 - 00006600 _____ C:\Documents and Settings\Moses\Desktop\RKreport[0]_S_10012013_155516.txt

2013-10-01 15:55 - 2013-10-01 15:50 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RK_Quarantine

2013-10-01 15:50 - 2013-10-01 15:50 - 00948736 _____ C:\Documents and Settings\Moses\Desktop\RogueKiller.exe

2013-10-01 15:12 - 2013-10-01 15:05 - 00023133 _____ C:\Documents and Settings\Moses\Desktop\dds.txt

2013-10-01 15:11 - 2013-10-01 15:05 - 00025728 _____ C:\Documents and Settings\Moses\Desktop\attach.txt

2013-10-01 14:51 - 2013-10-01 14:51 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp

2013-10-01 14:41 - 2013-10-01 14:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\dds.com

2013-09-29 14:17 - 2009-03-18 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton

2013-09-29 14:14 - 2010-03-10 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Norton

2013-09-29 11:52 - 2007-12-21 05:35 - 00027839 _____ C:\WINDOWS\system32\nvModes.dat

2013-09-29 11:50 - 2009-05-29 14:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-09-29 11:45 - 2013-09-29 11:45 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MALWARE.wps

2013-09-28 19:07 - 2013-09-28 19:07 - 00010240 _____ C:\Documents and Settings\Moses\Desktop\Christmas.wps

2013-09-28 14:28 - 2013-09-28 01:12 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Webshots

2013-09-28 11:48 - 2009-05-18 21:29 - 00000000 ____D C:\Program Files\Common Files\Logishrd

2013-09-28 02:24 - 2009-12-25 16:40 - 00196608 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

2013-09-28 01:22 - 2013-09-28 01:10 - 62821672 _____ (Webshots                                                    ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest (1).exe

2013-09-28 01:11 - 2013-09-28 01:11 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\WebShots Playlist

2013-09-28 01:11 - 2008-01-16 01:20 - 00000000 ____D C:\Program Files\Webshots

2013-09-28 01:07 - 2013-09-28 00:56 - 62821672 _____ (Webshots                                                    ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest.exe

2013-09-28 01:06 - 2009-05-18 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogiShrd

2013-09-28 01:06 - 2007-12-21 06:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech

2013-09-28 01:06 - 2007-12-21 06:14 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-09-28 01:05 - 2011-07-19 23:03 - 00014715 _____ C:\WINDOWS\LDPINST.LOG

2013-09-27 15:58 - 2008-04-26 15:35 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2013-09-26 15:29 - 2011-04-12 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2511455$

2013-09-26 15:27 - 2013-09-13 20:13 - 00000000 ____D C:\Program Files\wrapper_inst

2013-09-26 14:17 - 2010-11-18 11:05 - 00000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110049081-3069564722-2619245935-1005.job

2013-09-25 23:54 - 2011-02-14 00:01 - 00105386 _____ C:\WINDOWS\wmsetup.log

2013-09-25 00:59 - 2013-09-13 15:39 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RECIPIES

2013-09-25 00:41 - 2013-09-24 19:42 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Smoothie and Juice

2013-09-23 21:37 - 2009-04-20 03:08 - 00000703 _____ C:\WINDOWS\NewsRover.INI

2013-09-23 21:29 - 2009-03-22 00:40 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\New Folder

2013-09-23 15:27 - 2013-09-23 15:27 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Chili 'Pie'.wps

2013-09-22 17:04 - 2008-01-05 00:16 - 00073728 _____ C:\Documents and Settings\Moses\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-09-22 10:09 - 2007-12-21 06:38 - 00122984 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-09-22 10:09 - 2004-08-11 18:06 - 00415064 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-09-22 02:20 - 2013-09-21 23:08 - 00000290 _____ C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf

2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf

2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse

2013-09-21 23:08 - 2011-03-01 10:45 - 00005356 _____ C:\WINDOWS\setupact.log

2013-09-21 23:08 - 2007-12-21 05:33 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups

2013-09-21 23:07 - 2013-09-21 23:07 - 00004259 _____ C:\WINDOWS\Wdf01009Inst.log

2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$

2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2013-09-21 23:07 - 2011-03-01 10:45 - 00803126 _____ C:\WINDOWS\iis6.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00739094 _____ C:\WINDOWS\FaxSetup.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00354720 _____ C:\WINDOWS\ocgen.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00338535 _____ C:\WINDOWS\tsoc.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00247818 _____ C:\WINDOWS\comsetup.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00226918 _____ C:\WINDOWS\msmqinst.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00150043 _____ C:\WINDOWS\ntdtcsetup.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00129960 _____ C:\WINDOWS\netfxocm.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00051000 _____ C:\WINDOWS\MedCtrOC.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00041040 _____ C:\WINDOWS\ocmsn.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00037320 _____ C:\WINDOWS\tabletoc.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00037080 _____ C:\WINDOWS\msgsocm.log

2013-09-21 23:07 - 2011-03-01 10:45 - 00001374 _____ C:\WINDOWS\imsins.log

2013-09-21 23:06 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint

2013-09-21 15:58 - 2008-01-28 17:47 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Folders

2013-09-20 22:20 - 2012-03-10 16:32 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Hoyle Puzzle and Board Games

2013-09-20 09:24 - 2013-09-12 14:12 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Dell

2013-09-19 23:18 - 2010-11-28 22:04 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment

2013-09-19 20:59 - 2009-04-28 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games

2013-09-19 20:48 - 2008-04-15 00:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts

2013-09-19 20:45 - 2008-04-05 14:26 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Microsoft Games

2013-09-19 20:45 - 2008-01-06 16:53 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\My Games

2013-09-19 20:44 - 2008-02-20 22:43 - 00000000 ____D C:\Program Files\Microsoft Games

2013-09-19 20:42 - 2008-01-04 21:13 - 00000316 ____C C:\WINDOWS\SIERRA.INI

2013-09-19 20:42 - 2008-01-04 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sierra

2013-09-19 20:42 - 2007-12-21 06:14 - 00000000 ____D C:\Program Files\Common Files\InstallShield

2013-09-19 13:11 - 2008-01-15 00:29 - 00000000 ____D C:\Program Files\yEnc32

2013-09-19 01:15 - 2013-09-19 01:15 - 00019456 _____ C:\Documents and Settings\Moses\Desktop\Slow Cooker Beef Bourguignon.wps

2013-09-18 03:43 - 2004-08-11 18:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-09-18 01:21 - 2008-01-04 00:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB936357$

2013-09-18 01:20 - 2013-09-16 22:42 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Aryf

2013-09-18 01:10 - 2008-12-30 03:53 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

2013-09-18 01:03 - 2013-09-16 22:43 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\tor

2013-09-18 00:34 - 2013-09-18 00:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data

2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\MFAData

2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Avg2014

2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData

2013-09-18 00:08 - 2013-09-18 00:09 - 05402832 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe

2013-09-17 23:29 - 2013-09-17 23:29 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\QuickScan

2013-09-17 23:24 - 2013-09-17 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee

2013-09-17 23:00 - 2013-09-16 22:42 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Xiwie

2013-09-15 23:37 - 2008-01-04 06:45 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\WeatherBug

2013-09-15 14:46 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Vista Games

2013-09-15 14:46 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Microsoft Games

2013-09-15 14:44 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Microsoft Games

2013-09-15 14:42 - 2013-09-15 14:42 - 00000000 ____D C:\Program Files\Vista Games

2013-09-15 11:37 - 2013-09-13 19:07 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360

2013-09-15 11:35 - 2013-09-13 19:09 - 00002004 _____ C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK

2013-09-15 11:35 - 2013-09-13 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 Premier Edition

2013-09-15 01:45 - 2013-09-15 01:45 - 04663296 _____ C:\Documents and Settings\Moses\My Documents\Little Go Bipe.wps

2013-09-14 17:30 - 2013-09-14 17:30 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Dell DVD DRIVE.wps

2013-09-14 14:01 - 2008-04-11 21:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-09-14 13:58 - 2009-12-10 03:40 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\BatteryBar

2013-09-14 12:55 - 2004-08-11 18:07 - 00604440 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-09-14 12:43 - 2013-09-14 12:43 - 00139192 _____ C:\WINDOWS\KB2870699-IE8.log

2013-09-14 12:43 - 2011-03-01 10:45 - 00131654 _____ C:\WINDOWS\updspapi.log

2013-09-14 12:43 - 2011-03-01 10:45 - 00001374 _____ C:\WINDOWS\imsins.BAK

2013-09-14 12:39 - 2013-09-13 17:41 - 00146067 _____ C:\WINDOWS\KB2758857.log

2013-09-14 12:38 - 2013-09-14 12:38 - 00132666 _____ C:\WINDOWS\KB2834886.log

2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$

2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$

2013-09-14 12:28 - 2013-09-14 12:28 - 00129216 _____ C:\WINDOWS\KB2834904-v2.log

2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$

2013-09-14 12:28 - 2013-09-13 17:36 - 00144768 _____ C:\WINDOWS\KB2802968.log

2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$

2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$

2013-09-14 12:27 - 2013-09-13 17:34 - 00144909 _____ C:\WINDOWS\KB2780091.log

2013-09-14 12:27 - 2013-09-13 17:34 - 00142115 _____ C:\WINDOWS\KB2845187.log

2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$

2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$

2013-09-14 12:25 - 2013-09-13 17:34 - 00143548 _____ C:\WINDOWS\KB2876315.log

2013-09-14 12:25 - 2013-09-13 17:34 - 00142066 _____ C:\WINDOWS\KB2876217.log

2013-09-14 12:21 - 2013-09-13 17:30 - 00141543 _____ C:\WINDOWS\KB2864063.log

2013-09-14 12:20 - 2013-09-14 12:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$

2013-09-14 12:13 - 2013-09-14 12:13 - 00131753 _____ C:\WINDOWS\KB2753842-v2.log

2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$

2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$

2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$

2013-09-14 12:13 - 2013-09-13 17:29 - 00141584 _____ C:\WINDOWS\KB2850869.log

2013-09-14 12:13 - 2007-12-21 06:04 - 00000000 ___HD C:\WINDOWS\$hf_mig$

2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$

2013-09-14 12:03 - 2013-09-13 17:27 - 00142715 _____ C:\WINDOWS\KB2859537.log

2013-09-14 12:02 - 2013-09-14 12:02 - 00130837 _____ C:\WINDOWS\KB2807986.log

2013-09-14 12:02 - 2013-09-14 12:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$

2013-09-14 12:01 - 2013-09-14 12:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$

2013-09-14 12:01 - 2013-09-13 17:26 - 00142899 _____ C:\WINDOWS\KB2820917.log

2013-09-14 12:00 - 2013-09-14 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$

2013-09-14 12:00 - 2013-09-13 17:26 - 00142080 _____ C:\WINDOWS\KB2757638.log

2013-09-14 11:59 - 2013-09-14 11:59 - 00130600 _____ C:\WINDOWS\KB2820197.log

2013-09-14 11:59 - 2013-09-14 11:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$

2013-09-14 11:59 - 2013-09-13 17:26 - 00142372 _____ C:\WINDOWS\KB2749655.log

2013-09-14 11:58 - 2013-09-14 11:58 - 00127218 _____ C:\WINDOWS\KB2863058.log

2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$

2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$

2013-09-14 11:58 - 2007-12-21 06:07 - 00875266 _____ C:\WINDOWS\system32\TZLog.log

2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$

2013-09-14 11:56 - 2013-09-14 11:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$

2013-09-14 11:56 - 2013-09-13 17:25 - 00140492 _____ C:\WINDOWS\KB2727528.log

2013-09-14 11:44 - 2013-09-14 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$

2013-09-14 11:44 - 2013-09-13 17:24 - 00141302 _____ C:\WINDOWS\KB2661254-v2.log

2013-09-14 11:43 - 2013-09-14 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$

2013-09-14 11:43 - 2013-09-13 17:23 - 00143370 _____ C:\WINDOWS\KB2813345.log

2013-09-14 11:41 - 2010-06-03 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

2013-09-14 11:31 - 2009-08-08 18:26 - 00000000 ____D C:\WINDOWS\system32\XPSViewer

2013-09-14 11:29 - 2013-09-14 11:19 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-09-14 11:10 - 2013-09-14 11:10 - 00013312 _____ C:\Documents and Settings\Moses\Desktop\BofA 09-16-12.wps

2013-09-14 10:36 - 2012-07-01 16:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-09-14 00:24 - 2008-01-03 18:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared

2013-09-14 00:12 - 2013-09-14 00:12 - 00712264 _____ C:\WINDOWS\is-JEM1A.exe

2013-09-14 00:12 - 2013-09-14 00:12 - 00011277 _____ C:\WINDOWS\is-JEM1A.msg

2013-09-14 00:12 - 2013-09-14 00:12 - 00000418 _____ C:\WINDOWS\is-JEM1A.lst

2013-09-14 00:12 - 2012-07-01 16:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-09-13 23:04 - 2013-09-13 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kristanix Games

2013-09-13 22:52 - 2013-09-13 22:52 - 00001168 _____ C:\WINDOWS\msvxdll.ini

2013-09-13 22:38 - 2013-09-13 22:38 - 00000000 ____D C:\Program Files\Softgame Company

2013-09-13 22:20 - 2004-08-11 18:00 - 00000580 _____ C:\WINDOWS\win.ini

2013-09-13 19:14 - 2013-09-13 19:14 - 00000000 ____D C:\5e6da590d1206310ac5c8b68b22f43

2013-09-13 19:11 - 2010-03-10 20:41 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Norton

2013-09-13 19:09 - 2012-02-01 18:43 - 00141944 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2013-09-13 19:09 - 2012-02-01 18:43 - 00060872 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL

2013-09-13 19:09 - 2012-02-01 18:43 - 00007468 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT

2013-09-13 19:09 - 2012-02-01 18:43 - 00000000 ____D C:\Program Files\Symantec

2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Program Files\Norton 360 Premier Edition

2013-09-13 19:06 - 2013-09-13 18:53 - 00000779 _____ C:\Documents and Settings\Moses\Desktop\Norton Installation Files.lnk

2013-09-13 18:39 - 2009-12-10 03:40 - 00000000 ____D C:\Program Files\BatteryBar

2013-09-13 16:24 - 2013-09-13 16:23 - 00000000 ____D C:\Program Files\QuickTime

2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2013-09-13 15:36 - 2011-06-16 16:02 - 00002377 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

2013-09-13 15:36 - 2007-12-21 06:30 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-09-12 14:50 - 2008-01-06 22:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard

2013-09-12 14:45 - 2013-09-12 13:56 - 00000000 ____D C:\WINDOWS\nview

2013-09-12 14:45 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\Help

2013-09-12 14:22 - 2004-08-11 18:20 - 00000000 ____D C:\Documents and Settings\Administrator

2013-09-12 14:21 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\NetworkService

2013-09-12 14:21 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\LocalService

2013-09-12 14:21 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\Registration

2013-09-12 14:14 - 2013-09-12 14:04 - 00000000 ____D C:\WINDOWS\NV59845980.TMP

2013-09-12 14:14 - 2013-09-12 13:56 - 00000000 ____D C:\WINDOWS\NV27966000.TMP

2013-09-12 14:12 - 2013-09-12 13:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-09-12 13:34 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin

2013-09-12 13:34 - 2013-09-12 13:30 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin

2013-09-12 13:30 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin

2013-09-12 13:30 - 2013-09-12 13:30 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk

2013-09-12 13:14 - 2009-01-06 03:30 - 00000000 ____D C:\NVIDIA

2013-09-12 13:05 - 2013-09-12 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA

2013-09-12 11:37 - 2013-09-12 11:36 - 00008628 ____H C:\WINDOWS\system32\SafeGuard20.GID

2013-09-12 11:18 - 2013-09-12 11:18 - 00000000 _____ C:\WINDOWS\SafeGuard20.INI

2013-09-10 15:57 - 2012-05-03 19:54 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Google Chrome

2013-09-04 12:48 - 2013-09-04 12:48 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache

2013-09-04 12:47 - 2013-09-04 12:47 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll

2013-09-04 12:44 - 2013-09-04 12:44 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Please run a free online scan with the ESET Online Scanner (it may take a while to run)
Note: You will need to use Internet Explorer for this scan.
First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013

Ran by Moses at 2013-10-03 20:49:22 Run:1

Running from C:\FRST\Logs

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

IMEO\hijackthis.exe: [Debugger] kbqiypzy_.exe

IMEO\housecalllauncher.exe: [Debugger] pghyfxdb_.exe

IMEO\rstrui.exe: [Debugger] j_.exe

IMEO\spybotsd.exe: [Debugger] sttezftc_.exe

*****************

 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Try running ComboFix now:

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

  ComboFix 13-10-04.02 - Moses 10/04/2013  11:28:08.3.2 - x86 MINIMAL

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2570 [GMT -5:00]
Running from: c:\documents and settings\Moses\desktop\combofix.exe
Command switches used :: /nombr
AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
.
---- Previous Run -------
.
c:\documents and settings\Moses\Application Data\Iqelcy\uzme.tuk
c:\documents and settings\Moses\Application Data\Izuty\yrpie.exe
c:\documents and settings\Moses\Application Data\Moseslog.dat
c:\documents and settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\Moses\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sys
c:\documents and settings\Moses\System\win_qs8.jqx
C:\install.exe
c:\program files\I Want This\I Want This.ico
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\CoUPonprinter.ocx
c:\windows\system32\Packet.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET808.tmp
c:\windows\system32\SET823.tmp
c:\windows\system32\SET825.tmp
c:\windows\system32\SET833.tmp
c:\windows\system32\SETA73.tmp
c:\windows\system32\SETA7F.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-04 to 2013-10-04  )))))))))))))))))))))))))))))))
.
.
2074-05-07 23:38 . 2006-11-22 01:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2013-10-04 00:18 . 2013-10-04 01:45 -------- d-----w- C:\FRST
2013-10-03 22:15 . 2013-10-03 23:46 -------- d-sh--w- c:\program files\Common Files\Windows Update Service0
2013-09-22 04:08 . 2011-08-01 20:56 40936 ----a-w- c:\windows\system32\drivers\point32.sys
2013-09-22 04:07 . 2008-11-07 23:55 16928 ----a-w- c:\windows\system32\spmsgXP_2k3.dll
2013-09-22 04:07 . 2011-08-01 20:56 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2013-09-22 04:07 . 2011-08-01 20:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2013-09-22 04:06 . 2013-09-22 04:06 -------- d-----w- c:\program files\Microsoft IntelliPoint
2013-09-18 05:15 . 2013-09-18 05:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\MFAData
2013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\Avg2014
2013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-09-18 05:09 . 2013-09-18 05:08 5402832 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe
2013-09-18 05:09 . 2013-09-18 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2013-09-18 04:29 . 2013-09-18 04:29 -------- d-----w- c:\documents and settings\Moses\Application Data\QuickScan
2013-09-18 04:24 . 2013-09-18 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-09-17 21:17 . 2013-10-03 22:15 -------- d-sh--w- c:\program files\Common Files\Microsoft Webupdater0
2013-09-17 03:43 . 2013-09-18 06:03 -------- d-----w- c:\documents and settings\Moses\Application Data\tor
2013-09-17 03:42 . 2013-09-18 06:20 -------- d-----w- c:\documents and settings\Moses\Application Data\Aryf
2013-09-17 03:42 . 2013-09-18 04:00 -------- d-----w- c:\documents and settings\Moses\Application Data\Xiwie
2013-09-15 19:46 . 2005-10-29 01:56 736129 ----a-w- c:\program files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
2013-09-15 19:46 . 2005-10-29 01:30 766832 ----a-w- c:\program files\Microsoft Games\Solitaire\Solitaire.exe
2013-09-15 19:46 . 2005-10-29 01:55 705422 ----a-w- c:\program files\Microsoft Games\Shanghai\Shanghai.exe
2013-09-15 19:46 . 2005-10-29 01:54 960385 ----a-w- c:\program files\Microsoft Games\Purble Place\PurblePlace.exe
2013-09-15 19:45 . 2005-10-29 01:53 997774 ----a-w- c:\program files\Microsoft Games\Minesweeper\Minesweeper.exe
2013-09-15 19:45 . 2005-10-29 01:56 731009 ----a-w- c:\program files\Microsoft Games\Hearts\Hearts.exe
2013-09-15 19:44 . 2013-09-15 19:46 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\Microsoft Games
2013-09-15 19:44 . 2005-10-29 01:52 732160 ----a-w- c:\program files\Microsoft Games\Freecell\Freecell.exe
2013-09-15 19:42 . 2007-05-17 12:55 61440 ----a-w- c:\windows\system32\Vista.Emulation.dll
2013-09-15 19:42 . 2013-09-15 19:42 -------- d-----w- c:\program files\Vista Games
2013-09-15 18:18 . 2013-10-02 01:39 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\SySaver
2013-09-14 16:19 . 2013-09-14 16:29 -------- d-----w- c:\windows\system32\MRT
2013-09-14 05:12 . 2013-09-14 05:12 712264 ----a-w- c:\windows\is-JEM1A.exe
2013-09-14 04:04 . 2013-09-14 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kristanix Games
2013-09-14 03:38 . 2013-09-14 03:38 -------- d-----w- c:\program files\Softgame Company
2013-09-14 03:29 . 2013-09-14 03:30 -------- d-----w- c:\windows\Application Data
2013-09-14 01:13 . 2013-09-26 20:27 -------- d-----w- c:\program files\wrapper_inst
2013-09-14 00:14 . 2013-09-14 00:14 -------- d-----w- C:\5e6da590d1206310ac5c8b68b22f43
2013-09-14 00:07 . 2013-09-15 16:37 -------- d-----w- c:\windows\system32\drivers\N360
2013-09-14 00:07 . 2013-09-14 00:07 -------- d-----w- c:\program files\Norton 360 Premier Edition
2013-09-13 22:27 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-09-13 22:27 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-09-13 21:23 . 2013-09-13 21:24 -------- d-----w- c:\program files\QuickTime
2013-09-13 21:23 . 2013-09-13 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-09-12 19:59 . 2013-09-12 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2013-09-12 19:40 . 2008-10-23 07:09 453152 ----a-w- c:\windows\system32\nvudisp.exe
2013-09-12 19:21 . 2013-09-12 19:21 -------- d-----w- c:\windows\system32\wbem\Repository
2013-09-12 19:04 . 2013-09-12 19:14 -------- d-----w- c:\windows\NV59845980.TMP
2013-09-12 18:56 . 2013-09-12 19:45 -------- d-----w- c:\windows\nview
2013-09-12 18:56 . 2013-09-12 19:14 -------- d-----w- c:\windows\NV27966000.TMP
2013-09-12 18:55 . 2008-10-21 04:16 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-09-12 18:30 . 2013-09-12 18:34 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-09-12 18:30 . 2013-09-12 18:34 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-09-12 18:30 . 2013-09-12 18:30 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-09-12 18:29 . 2013-01-31 11:22 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-09-12 18:29 . 2013-01-31 11:22 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 18:29 . 2013-01-31 11:22 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 18:29 . 2013-01-31 11:22 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 18:29 . 2013-01-31 11:22 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-09-12 18:29 . 2013-01-31 11:22 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 18:15 . 2013-09-12 19:12 -------- d-----w- c:\program files\NVIDIA Corporation
2013-09-12 18:05 . 2013-09-12 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2013-09-04 17:48 . 2013-09-04 17:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-09-04 17:47 . 2013-09-04 17:47 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-09-04 17:44 . 2013-09-04 17:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-04 16:01 . 2012-04-01 15:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-04 16:01 . 2012-02-12 01:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-04 03:40 . 2009-08-18 17:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2013-10-04 03:39 . 2009-08-18 17:24 22240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-14 00:09 . 2012-02-01 23:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2013-09-14 00:09 . 2012-02-01 23:43 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-08-09 01:56 . 2004-08-11 23:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2004-08-11 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-11 23:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2004-08-11 23:00 1877760 ------w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-08-11 23:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 02:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2004-08-11 23:00 406016 ----a-w- c:\windows\system32\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-18 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13549568]
"nwiz"="nwiz.exe" [2008-10-23 1630208]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-17 405504]
"InstaLAN"="c:\program files\CenturyLink\Home Network Manager\HomeNetworkManager.exe" [2009-10-05 1144128]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-17 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NVHotkey"="nvHotkey.dll" [2008-10-23 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-19 21:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\warhammer 40,000 space marine demo\\spacemarine.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [9/14/2013 2:26 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [9/14/2013 2:26 PM 924320]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [9/21/2013 11:07 PM 45288]
S0 mweetla;mweetla;c:\windows\system32\drivers\kxhtd.sys --> c:\windows\system32\drivers\kxhtd.sys [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [9/23/2013 11:37 PM 1097304]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [9/14/2013 2:26 PM 132768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [9/14/2013 2:26 PM 149624]
S2 AGCoreService;AG Core Services;"c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe" --> c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [?]
S2 AQFileRestoreSrv;AQFileRestoreSrv;"c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe" --> c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe [?]
S2 gupdate1ca28cac94c7e3e;Google Update Service (gupdate1ca28cac94c7e3e);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [1/6/2008 8:11 PM 21016]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/14/2013 12:12 AM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/1/2012 4:52 PM 701512]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:04 PM 25824]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe [9/14/2013 2:26 PM 138272]
S2 pcregservice;pcregservice Service;c:\program files\wrapper_inst\file_to_run.exe [9/13/2013 8:13 PM 31344]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys --> c:\windows\system32\DRIVERS\AQFileRestore.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/13/2013 9:07 PM 108120]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131003.001\IDSXpx86.sys [10/3/2013 5:36 PM 380832]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/1/2012 4:51 PM 22856]
S3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [12/21/2007 5:25 AM 117888]
S3 TFilter;TFilter;\??\c:\progra~1\Avanquest\SystemSuite\TFilter.sys --> c:\progra~1\Avanquest\SystemSuite\TFilter.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-10-04 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2013-10-04 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005Core.job
- c:\documents and settings\Moses\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 00:47]
.
2013-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005UA.job
- c:\documents and settings\Moses\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 00:47]
.
2013-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 20:56]
.
2013-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-110049081-3069564722-2619245935-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
2013-09-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-110049081-3069564722-2619245935-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
2013-10-04 c:\windows\Tasks\ReclaimerUpdateFiles_Moses.job
- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53]
.
2013-10-04 c:\windows\Tasks\ReclaimerUpdateXML_Moses.job
- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53]
.
2013-10-04 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Moses.job
- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53]
.
2013-10-04 c:\windows\Tasks\User_Feed_Synchronization-{DB70761C-307A-4237-8C57-61685BA35B49}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
WebBrowser-{84A6AEA7-C34B-4246-9A00-05AD7A36BF00} - (no file)
HKCU-Run-Windows Update Service - c:\program files\Common Files\Windows Update Service0\wfwhhydlr.exe
AddRemove-{2857dbef-0b50-361c-8690-7d505747009f} - c:\program files\AGI\core\4.2.0.10754\InstallerGUI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-04 11:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-110049081-3069564722-2619245935-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:97,21,e3,41,95,5a,56,1e,b4,71,58,2a,c4,8a,f1,5e,d5,08,2f,7c,6c,44,d8,
   2a,cd,65,75,f6,bd,c9,18,ee,6a,2b,a1,58,c1,70,98,b4,b7,c9,d4,33,1f,12,ff,c1,\
"??"=hex:a8,0a,85,e3,4a,c1,ca,14,f4,4b,cf,5c,5b,9e,80,82
.
[HKEY_USERS\S-1-5-21-110049081-3069564722-2619245935-1005\Software\SecuROM\License information*]
"datasecu"=hex:6e,d3,5f,06,03,7a,fb,d8,87,52,47,f6,1f,0c,13,08,38,e5,05,4b,8c,
   f6,e7,18,32,6c,b7,0f,84,27,e4,55,3f,c1,69,0e,d4,f2,bd,de,d5,42,d2,02,67,6b,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(308)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-10-04  11:43:48
ComboFix-quarantined-files.txt  2013-10-04 16:43
.
Pre-Run: 91,203,444,736 bytes free
Post-Run: 91,171,299,328 bytes free
.
- - End Of File - - 8D2A620FA4BD24573F5EAA76D94E10CA
5CB90281D1A59B251F6603134774EEC3
Link to post
Share on other sites

Delete these folders if found:
You may have to enable hidden files to see them:
http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/

c:\documents and settings\Moses\Application Data\Iqelcy
c:\documents and settings\Moses\Application Data\Izuty
c:\documents and settings\Moses\Local Settings\Application Data\SySaver

-------------------------------------------------------

Then.........

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Adwcleaner came out clear and the log is as follows.

 

# AdwCleaner v3.006 - Report created 04/10/2013 at 12:51:13
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Moses - SHUTTLE
# Running from : C:\Documents and Settings\Moses\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Documents and Settings\All Users\Application Data\AGI
Folder Found C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Found C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found C:\Documents and Settings\LocalService\Application Data\AGI
Folder Found C:\Documents and Settings\Moses\Application Data\AGI
Folder Found C:\Documents and Settings\Moses\Application Data\DriverCure
Folder Found C:\Documents and Settings\Moses\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\Moses\Application Data\Uniblue\SpeedUpMyPC
Folder Found C:\Documents and Settings\Moses\Local Settings\Application Data\Babylon
Folder Found C:\Documents and Settings\Moses\Local Settings\Application Data\Conduit
Folder Found C:\Program Files\AGI
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AGI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Uniblue\SpeedUpMyPC
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AGI
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\Software\ParetoLogic
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4198 octets] - [04/10/2013 12:51:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4258 octets] ##########
Link to post
Share on other sites

# AdwCleaner v3.006 - Report created 04/10/2013 at 12:51:13

# Updated 01/10/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Moses - SHUTTLE

# Running from : C:\Documents and Settings\Moses\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Documents and Settings\All Users\Application Data\AGI

Folder Found C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor

Folder Found C:\Documents and Settings\All Users\Application Data\Babylon

Folder Found C:\Documents and Settings\All Users\Application Data\blekko toolbars

Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic

Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Found C:\Documents and Settings\LocalService\Application Data\AGI

Folder Found C:\Documents and Settings\Moses\Application Data\AGI

Folder Found C:\Documents and Settings\Moses\Application Data\DriverCure

Folder Found C:\Documents and Settings\Moses\Application Data\ParetoLogic

Folder Found C:\Documents and Settings\Moses\Application Data\Uniblue\SpeedUpMyPC

Folder Found C:\Documents and Settings\Moses\Local Settings\Application Data\Babylon

Folder Found C:\Documents and Settings\Moses\Local Settings\Application Data\Conduit

Folder Found C:\Program Files\AGI

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AGI

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Found : HKCU\Software\ParetoLogic

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Uniblue\SpeedUpMyPC

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\Software\AGI

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils

Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Found : HKLM\Software\ParetoLogic

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Google Chrome v

 

[ File : C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [4198 octets] - [04/10/2013 12:51:13]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4258 octets] ##########
Link to post
Share on other sites

Malware showed only one problem Rookit.Agent.WU and here is the log. Computer seems to be running fairly well.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.25.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Moses :: SHUTTLE [administrator]
 
Protection: Enabled
 
9/26/2013 10:55:48 AM
mbam-log-2013-09-26 (10-55-48).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 396898
Time elapsed: 4 hour(s), 11 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pcreg (PUP.Optional.Chatzum) -> Data: C:\Program Files\wrapper_inst\service.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Documents and Settings\Moses\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
 
Files Detected: 7
C:\Program Files\WRAPPER_INST\service.exe (PUP.Optional.Chatzum) -> Quarantined and deleted successfully.
C:\Documents and Settings\Moses\My Documents\Downloads\SoftonicDownloader_for_123-free-solitaire.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp840\a0270333.exe (Trojan.Agent.DF) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP840\A0271441.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP848\A0275804.exe (Trojan.VB) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Documents and Settings\Moses\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.