Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Browsing is slow and CPU Usage is High


  • This topic is locked This topic is locked
30 replies to this topic

#1 baltimoredude1

baltimoredude1

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 29 March 2012 - 12:50 PM

Hi sorry I could not get back to last couple of days. Anyhow I used Firefox and was able to download DDS (for some reason Chrome would not download that). I also deactivated my CD drive with DeFrogger, then ran a DDS scan (at the bottom you will the txt), and ran GMER. GMER stalled as usual, then took your suggestion and unchecked the three additional boxes(Devices, Sections and Files). GMER did not find any modifications, was the end message. I am attaching the DDS scan. Should I activate the CD driver using the DeFrogger Thanks.

DDS -

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by A M Rahman at 12:11:44 on 2012-03-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1098 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\download.dll
BHO: BHOManager Class: {474264bc-9571-47c1-85b9-780f756dc9ce} - c:\windows\system32\BHOManager.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ant.com Video Downloader toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ChromeFrameHelper] "c:\documents and settings\a m rahman\local settings\application data\google\chrome\application\17.0.963.83\chrome_frame_helper.exe" --startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\download.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FD8FE01C-727B-4F6C-BE54-0EFDA064EB17} : DhcpNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\a m rahman\local settings\application data\google\chrome\application\17.0.963.83\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} -
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\a m rahman\application data\mozilla\firefox\profiles\y1ck9lhx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Reference.com - Encyclopedia
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate04092011
FF - prefs.js: network.proxy.type - 2
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Sxipper: sxipper@sxip.com - %profile%\extensions\sxipper@sxip.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\mozilla\firefox extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2003-12-9 10368]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2009-4-4 11107]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-5-16 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-5-16 185640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-28 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-2-8 16512]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-28 136176]
S3 SNDM360;Philips FunCam;c:\windows\system32\drivers\sndm360.sys [2007-5-13 229760]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
.
=============== Created Last 30 ================
.
2012-03-29 05:32:39 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6cf3784c-09ce-4319-8586-39e34319c5b7}\mpengine.dll
2012-03-17 07:55:05 -------- d-----w- c:\documents and settings\a m rahman\application data\SUPERAntiSpyware.com
2012-03-17 07:54:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-17 07:54:16 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-14 18:46:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-13 13:29:30 -------- d-s---w- C:\ComboFix
2012-03-13 12:26:44 98816 ----a-w- c:\windows\sed.exe
2012-03-13 12:26:44 518144 ----a-w- c:\windows\SWREG.exe
2012-03-13 12:26:44 256000 ----a-w- c:\windows\PEV.exe
2012-03-13 12:26:44 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-02-07 15:16:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 12:14:26.43 ===============

ATTACH LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2006 5:41:52 PM
System Uptime: 3/26/2012 9:08:01 AM (75 hours ago)
.
Motherboard: Dell Inc. | | 0YD479
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | Microprocessor | 795/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 45.346 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 12/31/2011 9:55:27 AM - Software Distribution Service 3.0
RP25: 1/1/2012 10:35:14 AM - Software Distribution Service 3.0
RP26: 1/1/2012 8:22:08 PM - Software Distribution Service 3.0
RP27: 1/2/2012 8:29:10 PM - System Checkpoint
RP28: 1/3/2012 9:07:03 AM - Software Distribution Service 3.0
RP29: 1/4/2012 10:13:28 AM - System Checkpoint
RP30: 1/4/2012 12:28:14 PM - Software Distribution Service 3.0
RP31: 1/5/2012 1:16:43 PM - System Checkpoint
RP32: 1/5/2012 1:54:50 PM - Software Distribution Service 3.0
RP33: 1/6/2012 6:53:17 PM - Software Distribution Service 3.0
RP34: 1/7/2012 12:59:07 PM - Software Distribution Service 3.0
RP35: 1/8/2012 1:36:27 AM - Software Distribution Service 3.0
RP36: 1/9/2012 9:12:15 AM - Software Distribution Service 3.0
RP37: 1/10/2012 7:11:59 PM - Software Distribution Service 3.0
RP38: 1/11/2012 7:47:53 PM - Software Distribution Service 3.0
RP39: 1/11/2012 7:59:34 PM - Software Distribution Service 3.0
RP40: 1/12/2012 5:53:39 PM - Installed Java™ 6 Update 30
RP41: 1/13/2012 7:41:57 AM - Software Distribution Service 3.0
RP42: 1/14/2012 10:03:58 AM - Software Distribution Service 3.0
RP43: 1/14/2012 8:26:48 PM - Software Distribution Service 3.0
RP44: 1/15/2012 8:42:38 PM - System Checkpoint
RP45: 1/15/2012 10:13:04 PM - Software Distribution Service 3.0
RP46: 1/17/2012 10:13:49 AM - Software Distribution Service 3.0
RP47: 1/17/2012 8:27:26 PM - Software Distribution Service 3.0
RP48: 1/19/2012 10:28:18 AM - Software Distribution Service 3.0
RP49: 1/20/2012 11:23:48 AM - System Checkpoint
RP50: 1/21/2012 1:26:07 AM - Software Distribution Service 3.0
RP51: 1/21/2012 8:27:28 PM - Software Distribution Service 3.0
RP52: 1/22/2012 2:20:26 AM - Software Distribution Service 3.0
RP53: 1/23/2012 3:02:48 AM - Software Distribution Service 3.0
RP54: 1/24/2012 9:48:17 AM - Software Distribution Service 3.0
RP55: 1/24/2012 10:00:20 AM - Software Distribution Service 3.0
RP56: 1/25/2012 10:23:11 AM - Software Distribution Service 3.0
RP57: 1/26/2012 2:31:43 PM - System Checkpoint
RP58: 1/26/2012 6:32:11 PM - Software Distribution Service 3.0
RP59: 1/27/2012 3:28:28 PM - Unsigned printer driver HP LaserJet 6P installed.
RP60: 1/27/2012 7:04:42 PM - Unsigned printer driver HP LaserJet 6P installed.
RP61: 1/27/2012 9:37:37 PM - Software Distribution Service 3.0
RP62: 1/28/2012 10:48:31 AM - Software Distribution Service 3.0
RP63: 1/29/2012 12:39:28 PM - System Checkpoint
RP64: 1/29/2012 8:10:32 PM - Software Distribution Service 3.0
RP65: 1/30/2012 8:50:42 PM - Software Distribution Service 3.0
RP66: 1/31/2012 9:28:09 PM - System Checkpoint
RP67: 2/1/2012 10:23:48 AM - Software Distribution Service 3.0
RP68: 2/2/2012 10:28:51 AM - Software Distribution Service 3.0
RP69: 2/3/2012 10:35:19 AM - Software Distribution Service 3.0
RP70: 2/4/2012 11:24:47 AM - Software Distribution Service 3.0
RP71: 2/5/2012 2:39:12 AM - Software Distribution Service 3.0
RP72: 2/6/2012 9:45:54 AM - Software Distribution Service 3.0
RP73: 2/7/2012 10:14:15 AM - Software Distribution Service 3.0
RP74: 2/8/2012 1:30:46 PM - System Checkpoint
RP75: 2/8/2012 6:10:21 PM - Software Distribution Service 3.0
RP76: 2/9/2012 10:47:47 AM - Software Distribution Service 3.0
RP77: 2/10/2012 11:48:19 AM - Software Distribution Service 3.0
RP78: 2/11/2012 7:34:37 PM - Software Distribution Service 3.0
RP79: 2/12/2012 2:45:35 AM - Software Distribution Service 3.0
RP80: 2/13/2012 10:45:01 AM - Software Distribution Service 3.0
RP81: 2/14/2012 10:49:52 AM - System Checkpoint
RP82: 2/14/2012 3:45:17 PM - Software Distribution Service 3.0
RP83: 2/15/2012 2:26:17 PM - Software Distribution Service 3.0
RP84: 2/15/2012 4:12:34 PM - Software Distribution Service 3.0
RP85: 2/16/2012 7:00:36 PM - System Checkpoint
RP86: 2/16/2012 9:18:16 PM - Software Distribution Service 3.0
RP87: 2/17/2012 9:49:40 PM - System Checkpoint
RP88: 2/18/2012 1:00:29 AM - Software Distribution Service 3.0
RP89: 2/19/2012 2:25:40 AM - Software Distribution Service 3.0
RP90: 2/20/2012 9:47:14 AM - Software Distribution Service 3.0
RP91: 2/21/2012 10:07:52 AM - System Checkpoint
RP92: 2/21/2012 6:12:10 PM - Software Distribution Service 3.0
RP93: 2/22/2012 6:16:00 PM - Software Distribution Service 3.0
RP94: 2/22/2012 6:29:28 PM - Removed Comcast Access
RP95: 2/22/2012 6:29:47 PM - Removed Comcast Desktop Software (v1.2.0.9)
RP96: 2/24/2012 12:18:56 AM - Software Distribution Service 3.0
RP97: 2/25/2012 1:10:01 AM - Software Distribution Service 3.0
RP98: 2/26/2012 11:58:34 AM - Software Distribution Service 3.0
RP99: 2/27/2012 4:48:01 PM - Software Distribution Service 3.0
RP100: 2/28/2012 5:05:10 PM - System Checkpoint
RP101: 2/28/2012 5:10:36 PM - Software Distribution Service 3.0
RP102: 2/29/2012 5:39:57 PM - System Checkpoint
RP103: 2/29/2012 11:26:44 PM - Software Distribution Service 3.0
RP104: 3/2/2012 10:11:40 AM - Software Distribution Service 3.0
RP105: 3/2/2012 4:53:29 PM - Software Distribution Service 3.0
RP106: 3/3/2012 5:33:30 PM - System Checkpoint
RP107: 3/3/2012 11:17:38 PM - Software Distribution Service 3.0
RP108: 3/4/2012 1:39:34 AM - Software Distribution Service 3.0
RP109: 3/5/2012 3:26:23 AM - Software Distribution Service 3.0
RP110: 3/5/2012 5:48:08 PM - Software Distribution Service 3.0
RP111: 3/6/2012 9:52:10 PM - Software Distribution Service 3.0
RP112: 3/8/2012 12:33:17 AM - Software Distribution Service 3.0
RP113: 3/9/2012 2:21:53 AM - Software Distribution Service 3.0
RP114: 3/10/2012 10:27:14 AM - Software Distribution Service 3.0
RP115: 3/11/2012 12:36:58 PM - System Checkpoint
RP116: 3/12/2012 12:30:08 AM - Software Distribution Service 3.0
RP117: 3/13/2012 8:01:47 AM - Software Distribution Service 3.0
RP118: 3/14/2012 11:32:01 AM - Software Distribution Service 3.0
RP119: 3/14/2012 2:36:33 PM - Software Distribution Service 3.0
RP120: 3/14/2012 2:51:56 PM - Software Distribution Service 3.0
RP121: 3/15/2012 11:56:09 AM - Software Distribution Service 3.0
RP122: 3/16/2012 2:01:27 PM - Software Distribution Service 3.0
RP123: 3/18/2012 2:15:17 AM - Software Distribution Service 3.0
RP124: 3/19/2012 8:39:15 AM - Software Distribution Service 3.0
RP125: 3/20/2012 10:01:31 AM - System Checkpoint
RP126: 3/20/2012 5:47:39 PM - Software Distribution Service 3.0
RP127: 3/21/2012 8:33:45 AM - Software Distribution Service 3.0
RP128: 3/22/2012 10:18:18 AM - Software Distribution Service 3.0
RP129: 3/23/2012 12:05:08 PM - Software Distribution Service 3.0
RP130: 3/24/2012 2:15:44 PM - System Checkpoint
RP131: 3/25/2012 1:50:19 AM - Software Distribution Service 3.0
RP132: 3/26/2012 12:26:24 AM - Software Distribution Service 3.0
RP133: 3/27/2012 10:41:30 AM - Software Distribution Service 3.0
RP134: 3/28/2012 12:26:14 AM - Software Distribution Service 3.0
RP135: 3/29/2012 1:32:34 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
AIO_Scan
Akamai NetSession Interface
AM-DeadLink 3.3
Ant.com IE add-on
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI Display Driver
AudioEdit Deluxe
Avant Browser (remove only)
Avery Wizard 4.0
AxCrypt (Remove Only)
BEI Payroll
Bing Bar
Bonjour
Broadcom Management Programs
BufferChm
C4380
C4380_Help
Calculator Powertoy for Windows XP
Canon CanoScan Toolbox 4.1
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CleanUp!
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
ConvertHelper 2.1
Copy
CustomerResearchQFolder
Defraggler (remove only)
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Desktop Doctor
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
Drive Manager
DVD Decrypter (Remove Only)
EAGLE 4.09r2
EasyCleaner
Electronics
ESET Online Scanner v3
eSupportQFolder
Fax
Firefox Preloader
Freecorder Toolbar
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
getPlus® for Adobe
Google Chrome
Google Chrome Frame
Google Desktop
Google Update Helper
GPBaseService
HandBrake 0.9.3
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Photosmart Essential 2.5
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Image Resizer Powertoy for Windows XP
InfraRecorder
Integre techexplorer Hypermedia Browser
ISO Recorder
iTunes
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 30
jose
Last.fm 1.3.1.1
LimeWire 5.0.11
Linksys EasyLink Advisor 1.6 (0032)
Magnifier Powertoy for Windows XP
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Script Debugger
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft WinUsb 1.0
Microsoft Works
Miro
Modem Helper
Move Media Player
Mozilla Firefox 10.0.2 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Netflix Movie Viewer
NetWaiting
Omron Health Management Software
OpenOffice.org 3.2
Opera 9.20
OutlookAddinSetup
PanoStandAlone
Philips FunCam
PowerISO
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickSet
QuickTest Add-in for Quality Center
QuickTest Professional
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recuva (remove only)
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Segoe UI
SES Driver
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SopCast 1.0.1
Speccy
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.0
Status
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TextPad 5
The Weather Channel Desktop 6
Toolbox
TrayApp
Tweak UI
Twisted Pair Computer Based Training Learn Electronics Part 1 5.03
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Verizon Download Manager
VideoToolkit01
Viewpoint Media Player
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
VLC media player 1.1.11
WD SmartWare
WebEx
WebFldrs XP
WebReg
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR archiver
WOT for Internet Explorer
Yahoo! Browser Services
Yahoo! BrowserPlus 2.9.8
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
3/24/2012 12:21:45 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/24/2012 12:20:23 AM, error: Service Control Manager [7000] - The CSS DVP service failed to start due to the following error: The system cannot find the file specified.
3/23/2012 2:45:36 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/23/2012 2:24:51 AM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 00000005, parameter3 00000001, parameter4 b9f395f7.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 04 April 2012 - 12:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448074 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 07 April 2012 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#4 baltimoredude1

baltimoredude1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 08 April 2012 - 12:00 PM

When I was running combofix, pev3.exe error message came. However I ran combofix successfully. What is pev3.exe? here are the logs.

ComboFix 12-04-07.04 - A M Rahman 04/08/2012 12:24:55.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1329 [GMT -4:00]
Running from: c:\documents and settings\A M Rahman\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 05:54 . 2012-04-08 05:54 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{207FEBC1-4D65-465D-A521-0D4E764DD5C5}\offreg.dll
2012-04-08 05:54 . 2012-04-08 05:54 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{207FEBC1-4D65-465D-A521-0D4E764DD5C5}\MpKsl4b2de1de.sys
2012-04-08 05:48 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{207FEBC1-4D65-465D-A521-0D4E764DD5C5}\mpengine.dll
2012-03-29 20:15 . 2012-03-29 20:15 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-29 20:15 . 2012-03-29 20:15 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-29 16:40 . 2012-03-29 16:40 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-17 07:55 . 2012-03-17 07:55 -------- d-----w- c:\documents and settings\A M Rahman\Application Data\SUPERAntiSpyware.com
2012-03-17 07:54 . 2012-03-17 07:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-17 07:54 . 2012-03-17 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-14 18:46 . 2012-03-14 18:46 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 16:40 . 2011-08-22 16:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-12-16 02:43 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-05-28 01:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 15:13 3072 ------w- c:\windows\system32\iacenc.dll
2011-09-15 15:33 . 2010-07-29 15:02 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-09-15 15:33 . 2010-07-29 15:02 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-07-29 15:02 . 2010-07-29 15:02 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-07-29 15:02 . 2010-07-29 15:02 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-29 20:15 . 2011-05-08 14:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_12.46.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 01:43 . 2012-04-08 01:43 16384 c:\windows\temp\Perflib_Perfdata_460.dat
+ 2012-03-21 03:09 . 2012-03-21 03:09 22016 c:\windows\Installer\84f3f45.msi
+ 2009-09-27 15:16 . 2012-03-14 18:38 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-03-29 16:40 . 2012-03-29 16:40 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-03-29 16:40 . 2012-03-29 16:40 253600 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2004-08-10 18:57 . 2012-03-14 19:05 338648 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 18:57 . 2012-02-15 21:01 338648 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 19:01 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2011-08-10 10:47 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2009-09-27 15:16 . 2012-03-14 18:38 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-03-29 16:40 . 2012-03-29 16:40 8797344 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
+ 2009-08-14 13:21 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2012-03-01 03:45 . 2012-03-01 03:45 4989440 c:\windows\Installer\65d3430.msp
- 2009-09-27 15:16 . 2012-02-15 19:28 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-27 15:16 . 2012-02-15 19:28 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-09-27 15:16 . 2012-03-14 18:38 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-02-04 22:08 . 2012-03-14 18:53 54215544 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-07-31 21:33 1391640 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2007-07-31 1391640]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2007-07-31 1391640]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChromeFrameHelper"="c:\documents and settings\A M Rahman\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome_frame_helper.exe" [2012-04-04 96752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 206120]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-01-27 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Firefox Preloader.lnk - c:\program files\FirefoxPreloader\FirefoxPreloader.exe [2011-1-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2007-12-12 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^A M Rahman^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\A M Rahman\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firefox Preloader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Firefox Preloader.lnk
backup=c:\windows\pss\Firefox Preloader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-07 03:43 3305248 ----a-w- c:\documents and settings\A M Rahman\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2009-02-11 12:35 801904 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 23:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-12-26 02:52 236544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 05:48 136176 ----atw- c:\documents and settings\A M Rahman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 17:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-01-04 07:47 6497592 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-08-22 21:32 184320 -c----w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-04-09 12:23 200704 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealUpgradeHelper]
2010-03-20 14:36 136744 ----a-w- c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-25 05:30 282624 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-07 21:27 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-01-27 15:52 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 18:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"Basics Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14342:TCP"= 14342:TCP:Limewire
"135:TCP"= 135:TCP:DCOM
"1114:TCP"= 1114:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [12/9/2003 11:04 AM 10368]
R1 MpKsl4b2de1de;MpKsl4b2de1de;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{207FEBC1-4D65-465D-A521-0D4E764DD5C5}\MpKsl4b2de1de.sys [4/8/2012 1:54 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [6/29/2011 2:26 PM 520216]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [4/4/2009 8:18 PM 11107]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [5/16/2011 1:36 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [5/16/2011 1:36 AM 185640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 1:11 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 12:40 PM 253600]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2/8/2009 5:53 PM 16512]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 1:11 PM 136176]
S3 SNDM360;Philips FunCam;c:\windows\system32\drivers\sndm360.sys [5/13/2007 1:08 AM 229760]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL4B2DE1DE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:40]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 05:48]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 05:48]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007Core.job
- c:\documents and settings\A M Rahman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-25 05:48]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007UA.job
- c:\documents and settings\A M Rahman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-25 05:48]
.
2012-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-04-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3146927349-1717951873-3320083228-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2012-04-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3146927349-1717951873-3320083228-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2012-04-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 15:25]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\download.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Reference.com - Encyclopedia
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate04092011
FF - prefs.js: network.proxy.type - 2
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Sxipper: sxipper@sxip.com - %profile%\extensions\sxipper@sxip.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 12:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1888)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5944)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-08 12:47:32
ComboFix-quarantined-files.txt 2012-04-08 16:47
ComboFix2.txt 2012-03-13 13:27
ComboFix3.txt 2012-03-13 12:53
ComboFix4.txt 2011-12-11 21:11
.
Pre-Run: 47,908,261,888 bytes free
Post-Run: 47,871,606,784 bytes free
.
- - End Of File - - F66DEB42664971357B977D27CF0B784A

Security Check log -

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.0
Spybot - Search & Destroy
SUPERAntiSpyware
Windows Defender
HijackThis 2.0.2
CCleaner
EasyCleaner
Java™ 6 Update 18
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 11.2.202.228
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 09 April 2012 - 08:11 AM

Nothing suspicious was found on your last log.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 18
Java™ 6 Update 30


Remove also the HijackThis 2.0.2 program. It's outdated and must forum now will ask to see a DDS log.

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.
If interested in security I would download the tool and run it.
<<<>>>

Please let me know what problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 15 April 2012 - 07:40 AM

Are you still with me?

#7 baltimoredude1

baltimoredude1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 15 April 2012 - 08:42 AM

yeah sorry due to my extensive work load, I could not get back. you're saying my system is clean, right? why do I still web pages loading slow? another thing I have noticed my hibernation is not working. do you think my computer is old and time to get a new one?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 15 April 2012 - 10:05 AM

yeah sorry due to my extensive work load, I could not get back. you're saying my system is clean, right? why do I still web pages loading slow? another thing I have noticed my hibernation is not working


As far as I'm concerned yes your system is clean. That does mean that there is not some hidden processes that I do not see.

Try this scan.

Please download DrWeb-CureIt and save it to your Desktop.

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Hope this will help.
How to troubleshoot hibernation and standby issues in Windows XP
http://support.microsoft.com/kb/907477

#9 baltimoredude1

baltimoredude1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 19 April 2012 - 11:26 PM

I ran the first stage of the testing, I had to stop the second stage of the scanning cause it was taking too long. I will redo it tonight.

#10 baltimoredude1

baltimoredude1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 20 April 2012 - 03:50 PM

I finished the scan and it did find something and deleted it. What else is there that needs to be done? thanks

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 21 April 2012 - 07:52 AM

If still no change with the issues there could be come corrupted files or drivers.
Check it out.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

#12 baltimoredude1

baltimoredude1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 21 April 2012 - 10:30 PM

Ok that is done. Thanks

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 22 April 2012 - 08:23 AM

Any remaining issues?

#14 baltimoredude1

baltimoredude1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 April 2012 - 10:34 AM

Well my browsing is still a bit slow. I am using Google Chrome over Firefox. When I play games, the graphics flickers.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 22 April 2012 - 12:30 PM

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users