Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • This topic is locked This topic is locked
14 replies to this topic

#1 simplysimply

simplysimply

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 19 May 2012 - 04:52 AM

Hi,

This topic is being created following this previous topic I posted requesting help.
http://www.bleepingcomputer.com/forums/topic453815.html/page__p__2700728__fromsearch__1#entry2700728

As per the advice I was given, I initially tried to run Combofix and DDS, neither of which would complete scanning my pc.

As per the follow up advice from Boopme, I have now run OTL and the attached logs are the product of that scan.

Thanks for taking the time to help me with this issue, please advise if there are any further steps or information that I can provide to help you in your analysis.

Cheers,

Pazz

Also please be advised that I did attempt to follow the prep guide but was unable to complete.


OTL logfile created on: 5/19/2012 7:41:48 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = H:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 88.55% Memory free
4.85 Gb Paging File | 4.74 Gb Available in Paging File | 97.91% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 931.50 Gb Total Space | 167.63 Gb Free Space | 18.00% Space Free | Partition Type: NTFS

Computer Name: J-CFA0EEF4676B4 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - H:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - H:\Program Files\WinRAR\RarExt.dll ()
MOD - H:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (PCPitstop Scheduling) -- H:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (a2AntiMalware) -- H:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (Steam Client Service) -- H:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (PCToolsFirewallPlus) -- H:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (DAUpdaterSvc) -- H:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)


========== Driver Services (SafeList) ==========

DRV - (xhiugysx) -- System32\drivers\stqky.sys File not found
DRV - (WDICA) -- File not found
DRV - (SASKUTIL) -- H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (LVUVC) Logitech Webcam 300(UVC) -- system32\DRIVERS\lvuvc.sys File not found
DRV - (LVRS) -- system32\DRIVERS\lvrs.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (GMSIPCI) -- G:\INSTALL\GMSIPCI.SYS File not found
DRV - (FsUsbExDisk) -- H:\WINDOWS\system32\FsUsbExDisk.SYS File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (ASFWHide) -- H:\Documents and Settings\Administrator\Local Settings\Temp\ASFWHide ()
DRV - (MBAMSwissArmy) -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Lbd) -- H:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- H:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Inspect) -- H:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- H:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (a2acc) -- H:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (ManyCam) -- H:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (A2DDA) -- H:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (PCTAppEvent) -- H:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (PnkBstrK) -- H:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (pctgntdi) -- H:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplfw) -- H:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- H:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (ss_mdm) -- H:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- H:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- H:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (RTL8192su) -- H:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (pctNdisMP) -- H:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (pctNdis) -- H:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (RsFx0103) -- H:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- H:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-1958367476-682003330-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1645522239-1958367476-682003330-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1645522239-1958367476-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: H:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: H:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: H:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012/03/26 16:22:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins

[2011/04/12 01:50:42 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/04/27 00:43:58 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w7fxq9xn.default\extensions
[2012/02/17 15:29:55 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2012/03/26 16:22:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- H:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/08 10:12:58 | 000,002,252 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 10:12:58 | 000,002,040 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/04/23 17:27:11 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [00PCTFW] H:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Alcmtr] H:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Ashampoo FireWall] H:\Program Files\Ashampoo\Ashampoo FireWall FREE\FireWall.exe ()
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TrojanScanner] H:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-21-1645522239-1958367476-682003330-500..\Run: [Media Finder] H:\Program Files\Media Finder\MF.exe (Media Finder)
O4 - HKU\S-1-5-21-1645522239-1958367476-682003330-500..\Run: [uTorrent] H:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1645522239-1958367476-682003330-500..\RunOnce: [FlashPlayerUpdate] H:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: H:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = H:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: H:\Documents and Settings\Maira\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = H:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1958367476-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-1958367476-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download with &Media Finder - H:\Program Files\Media Finder\hook.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1330010640109 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1330014140765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CB2CF07-AB0E-4C1E-8FC6-17ECB838EA86}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1379FBA-B6F2-496E-B5FA-82C23F91C4BE}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - H:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 22:58:27 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\Personal Finances
[2012/05/19 19:39:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/19 10:25:09 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\Development Job Op Apps
[2012/05/19 00:05:21 | 000,000,000 | RH-D | C] -- H:\Documents and Settings\Administrator\Recent
[2012/05/18 21:09:05 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe
[2012/05/18 21:09:05 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe
[2012/05/18 21:09:05 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe
[2012/05/18 21:09:05 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe
[2012/05/18 21:08:54 | 000,000,000 | --SD | C] -- H:\ComboFix
[2012/05/18 19:03:36 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\PC Health Software
[2012/05/18 17:44:12 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\MoneyManagerEX
[2012/05/18 17:44:11 | 000,000,000 | ---D | C] -- H:\Program Files\MoneyManagerEX
[2012/05/18 17:19:43 | 000,000,000 | ---D | C] -- H:\Program Files\Moffsoft FreeCalc
[2012/05/18 17:19:43 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Moffsoft FreeCalc
[2012/05/18 17:07:49 | 489,204,736 | -H-- | C] (Intuit, Inc. ) -- H:\Documents and Settings\Administrator\Desktop\QuickBooksSimpleStartFree2010.exe.dlm
[2012/05/18 17:06:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Application Data\Edraw Mind Map
[2012/05/18 17:06:45 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Application Data\Download Manager
[2012/05/18 17:06:43 | 000,000,000 | ---D | C] -- H:\Program Files\Akamai
[2012/05/18 17:06:24 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Edraw Mind Map 6.3
[2012/05/18 17:06:19 | 000,000,000 | ---D | C] -- H:\Program Files\Edraw Mind Map
[2012/05/17 22:27:09 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\My Documents\Visual Studio 2010
[2012/05/16 22:46:53 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Local Settings\Application Data\MicrosoftStore
[2012/05/16 20:12:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\sophisticated investor education
[2012/05/14 00:42:37 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\life hack
[2012/05/10 20:04:17 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\Conceptual Developments
[2012/05/08 00:30:56 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\Government Applications
[2012/05/06 22:49:42 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\Music Theory
[2012/05/06 01:11:28 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\immigration
[2012/05/05 14:14:45 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\Weekly Shopping Lists
[2012/04/21 19:21:32 | 000,000,000 | ---D | C] -- H:\Program Files\uTorrent
[2012/04/21 19:20:43 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/04/21 01:32:42 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\mm
[2012/04/19 23:38:49 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Administrator\Desktop\New Folder (2)
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 19:39:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/19 18:47:17 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012/05/19 18:10:10 | 000,000,884 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 17:17:08 | 000,000,278 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1958367476-682003330-1004.job
[2012/05/19 17:17:02 | 000,000,880 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 13:41:00 | 000,002,051 | ---- | M] () -- H:\Documents and Settings\Administrator\Desktop\Microsoft Office Download Manager_1337460060312.lnk
[2012/05/19 13:12:33 | 000,000,472 | ---- | M] () -- H:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/05/19 12:42:18 | 000,001,324 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat
[2012/05/19 12:34:55 | 000,001,595 | ---- | M] () -- H:\Documents and Settings\Administrator\Desktop\Office Professional 2010 Trial_1337456095375.lnk
[2012/05/19 12:17:03 | 000,001,595 | ---- | M] () -- H:\Documents and Settings\Administrator\Desktop\Office Professional 2010 Trial_1337455022890.lnk
[2012/05/19 10:52:47 | 000,399,390 | ---- | M] () -- H:\Documents and Settings\Administrator\Desktop\Monash BFMA May_PD_-_Administration_Officer_#500067.pdf
[2012/05/18 21:08:01 | 000,008,192 | ---- | M] () -- H:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/18 20:29:02 | 000,026,112 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\userinit.exe
[2012/05/18 20:28:56 | 000,000,064 | ---- | M] () -- H:\WINDOWS\System32\rp_stats.dat
[2012/05/18 20:28:56 | 000,000,044 | ---- | M] () -- H:\WINDOWS\System32\rp_rules.dat
[2012/05/18 17:44:12 | 000,000,786 | ---- | M] () -- H:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MoneyManagerEX.lnk
[2012/05/18 17:19:44 | 000,000,783 | ---- | M] () -- H:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Moffsoft FreeCalc.lnk
[2012/05/18 17:09:34 | 489,204,736 | -H-- | M] (Intuit, Inc. ) -- H:\Documents and Settings\Administrator\Desktop\QuickBooksSimpleStartFree2010.exe.dlm
[2012/05/17 22:45:06 | 000,001,374 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012/05/17 19:36:38 | 000,562,760 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012/05/17 19:36:38 | 000,110,208 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012/05/02 21:40:15 | 001,704,181 | ---- | M] () -- H:\Documents and Settings\Administrator\Desktop\Langan_CTMU_092902.pdf
[2012/04/26 23:02:57 | 000,602,388 | ---- | M] () -- H:\Documents and Settings\Administrator\Desktop\1335442848125.jpg
[2012/04/21 19:21:32 | 000,000,648 | ---- | M] () -- H:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/21 19:21:32 | 000,000,630 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 13:41:00 | 000,002,051 | ---- | C] () -- H:\Documents and Settings\Administrator\Desktop\Microsoft Office Download Manager_1337460060312.lnk
[2012/05/19 12:34:55 | 000,001,595 | ---- | C] () -- H:\Documents and Settings\Administrator\Desktop\Office Professional 2010 Trial_1337456095375.lnk
[2012/05/19 12:17:02 | 000,001,595 | ---- | C] () -- H:\Documents and Settings\Administrator\Desktop\Office Professional 2010 Trial_1337455022890.lnk
[2012/05/19 10:52:47 | 000,399,390 | ---- | C] () -- H:\Documents and Settings\Administrator\Desktop\Monash BFMA May_PD_-_Administration_Officer_#500067.pdf
[2012/05/18 21:09:05 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012/05/18 21:09:05 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012/05/18 21:09:05 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012/05/18 21:09:05 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012/05/18 21:09:05 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012/05/18 17:44:12 | 000,000,786 | ---- | C] () -- H:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MoneyManagerEX.lnk
[2012/05/18 17:19:44 | 000,000,783 | ---- | C] () -- H:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Moffsoft FreeCalc.lnk
[2012/05/02 21:40:15 | 001,704,181 | ---- | C] () -- H:\Documents and Settings\Administrator\Desktop\Langan_CTMU_092902.pdf
[2012/04/26 23:02:56 | 000,602,388 | ---- | C] () -- H:\Documents and Settings\Administrator\Desktop\1335442848125.jpg
[2012/04/21 19:21:32 | 000,000,648 | ---- | C] () -- H:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/21 19:21:32 | 000,000,630 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/04/08 00:43:55 | 000,178,176 | ---- | C] () -- H:\WINDOWS\System32\ztvunrar39.dll
[2012/04/08 00:43:55 | 000,162,304 | ---- | C] () -- H:\WINDOWS\System32\ztvunrar36.dll
[2012/04/08 00:43:55 | 000,153,088 | ---- | C] () -- H:\WINDOWS\System32\UNRAR3.dll
[2012/04/08 00:43:55 | 000,077,312 | ---- | C] () -- H:\WINDOWS\System32\ztvunace26.dll
[2012/04/08 00:43:55 | 000,075,264 | ---- | C] () -- H:\WINDOWS\System32\unacev2.dll
[2012/04/07 21:00:03 | 000,059,392 | R--- | C] () -- H:\WINDOWS\System32\streamhlp.dll
[2012/04/03 19:24:15 | 000,000,017 | ---- | C] () -- H:\WINDOWS\System32\shortcut_ex.dat
[2012/02/29 16:18:12 | 000,032,429 | ---- | C] () -- H:\Documents and Settings\Administrator\Application Data\KeyBlaze.dmp
[2012/02/28 08:17:26 | 000,008,192 | ---- | C] () -- H:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 19:18:59 | 000,000,064 | ---- | C] () -- H:\WINDOWS\System32\rp_stats.dat
[2012/02/27 19:18:59 | 000,000,044 | ---- | C] () -- H:\WINDOWS\System32\rp_rules.dat
[2012/02/23 02:31:47 | 000,016,432 | ---- | C] () -- H:\WINDOWS\System32\lsdelete.exe
[2012/02/22 23:51:39 | 000,003,840 | ---- | C] () -- H:\WINDOWS\System32\drivers\BANTExt.sys
[2012/02/22 23:14:24 | 000,521,783 | ---- | C] () -- H:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/02/22 23:14:05 | 000,190,150 | ---- | C] () -- H:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/02/22 19:47:59 | 000,000,036 | ---- | C] () -- H:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2012/01/07 23:17:25 | 002,130,002 | ---- | C] () -- H:\WINDOWS\System32\nvdata.data
[2012/01/07 22:55:53 | 000,749,468 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-1958367476-682003330-1003-0.dat
[2012/01/07 22:55:53 | 000,332,990 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/07 20:01:32 | 000,169,224 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/19 03:31:34 | 000,015,480 | -HS- | C] () -- H:\Documents and Settings\All Users\Application Data\058425j047f5l5r5y05a43x1p737x26ll5xlp0471y2364
[2011/12/17 23:35:46 | 000,000,016 | ---- | C] () -- H:\WINDOWS\System32\settings.dat
[2011/04/13 03:39:28 | 000,001,324 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- H:\WINDOWS\System32\xlive.dll.cat
[2011/04/04 12:34:02 | 000,285,176 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/04 12:33:59 | 000,285,176 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/04 12:33:59 | 000,000,001 | ---- | C] () -- H:\WINDOWS\System32\nvdrssel.bin
[2011/04/04 12:33:44 | 002,292,678 | ---- | C] () -- H:\WINDOWS\System32\nvdata.bin
[2011/02/10 15:17:10 | 000,139,128 | ---- | C] () -- H:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/02/10 15:16:51 | 000,215,128 | ---- | C] () -- H:\WINDOWS\System32\PnkBstrB.exe
[2011/02/10 15:16:50 | 002,434,856 | ---- | C] () -- H:\WINDOWS\System32\pbsvc_bc2.exe
[2011/02/10 15:16:50 | 000,075,064 | ---- | C] () -- H:\WINDOWS\System32\PnkBstrA.exe
[2010/11/28 21:39:58 | 000,000,008 | ---- | C] () -- H:\WINDOWS\System32\nvModes.dat
[2010/11/28 21:27:30 | 000,217,088 | ---- | C] () -- H:\WINDOWS\NVGfxOgl.dll
[2010/11/28 21:10:48 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat
[2010/11/28 21:07:37 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat
[2010/11/28 12:54:49 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2010/11/28 12:52:10 | 000,292,480 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 121 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 112 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703

< End of report >

Attached Files


Edited by Queen-Evie, 20 May 2012 - 07:32 AM.
merged posts at the request of simplysimply


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 21 May 2012 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Do you still have this Firewall from Ashampoo?
DRV - (ASFWHide) -- H:\Documents and Settings\Administrator\Local Settings\Temp\ASFWHide ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll () <--- and others...
===

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
    DRV - (xhiugysx) -- System32\drivers\stqky.sys File not found
    DRV - (SASKUTIL) -- H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found
    DRV - (SASDIFSV) -- H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    @Alternate Data Stream - 146 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 121 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
    @Alternate Data Stream - 112 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 109 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 105 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 104 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===

Remove all traces of ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

p.s.
Make sure that ComboFix is placed on your Desktop and run from there.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Post the logs and let me know what problem persists.

#3 simplysimply

simplysimply
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 22 May 2012 - 04:24 AM

Hi Nasdaq,

Thanks for your help.

Firstly, I began following your steps as advised, however after following the 'Run Fix' and then the 'Quick Scan' in OTL as you advised, I was unable to make ashampoo firewall operate and this stopped me from accessing the internet.

I uninstalled several software: Microsoft Visual Studio that appeared to be restricting Ashampoo firewall, and Ad-Aware as this was restricting combofix. I believe I am now just relying on the Windows Security Center Firewall.

I am ready to post my logs for OTL, however because of the removal of the above software, I was unsure if I should proceed without first advising you and seeing if there is another step I should take first.

Also I have been running using Safe Mode With Networking as this is the only way that I can access the internet, should I run these scans in safe mode, or in my normal full administrator user profile?

Awaiting your reply.

Cheers,

Pazz

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 22 May 2012 - 08:40 AM

You should try to run the tools in Normal mode.

If not possible then yes do it in save mode.

p.s.
As-Aware and Ashampoo firewal may not be compatible.

Can you reinstall Ashampoo and see if you can be your internet back in normal mode.

#5 simplysimply

simplysimply
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 23 May 2012 - 12:03 AM

Hi Nasdaq,

I have run OTL as advised in Normal mode and have attached the Log file to this post.

I also attempted to run combofix, firstly in normal mode, I set it to run as i went to bed, and left it running all night, this was to test if it would complete without me becoming impatient, it did not. even though I left it for over 8 hours. I also then attempted to run in safe mode, for over an hour and a half this morning, again it failed to complete within that time.

I look forward to your advice, as how to move forward. Please be advised that my issue is not simply 'Am I Infected' it is also how to re-install my Operating system XP, so that I can either maintain my files but have a clean system, or if needs be reload and wipe to a completely new install of XP. My disc of XP does not run properly, and I do not want to buy another. See my original post here for details.

I appreciate that you are busy helping lots of people, but I thought it best to point out what my actual aim for asking for your help is.

http://www.bleepingcomputer.com/forums/topic453815.html

Cheers,

Pazz

Attached Files

  • Attached File  OTL.Txt   55.51KB   1 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 23 May 2012 - 10:11 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

===

Step 1. Delete your current version of the TDSSKiller.exe and download a fresh copy.
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Step 2. Place TDSSKiller.exe in Malwarebytes Chameleon folder.
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o <- include the quotes.

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4. Execute TDSSKiller.exe by doubleclicking on it.
On a Windows Vista or 7 Right click the .exe and run as an Administrator.
Press Start Scan
If Malicious objects are found, ensure Cure is selected (it should be by default)
Click Continue then click Reboot now
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.version_date_time_log.txt
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Attach that logs, please.

===

#7 simplysimply

simplysimply
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 24 May 2012 - 02:52 AM

Hi Nasdaq,

I have followed the steps you have outlined above, whilst booted into normal mode.

The Following are the 3 Logs created:
1)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: J-CFA0EEF4676B4 [administrator]

5/24/2012 12:35:57
mbam-log-2012-05-24 (12-35-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243036
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
H:\Documents and Settings\Administrator\My Documents\Downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
H:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_trojan-remover.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
H:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_diehard-trojan-cleaner.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
H:\Documents and Settings\Owner\My Documents\Downloads\SetupCasino_414435.exe (PUP.Casino) -> Quarantined and deleted successfully.

(end)

2)
16:16:40.0125 0292 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
16:16:40.0781 0292 ============================================================
16:16:40.0781 0292 Current date / time: 2012/05/24 16:16:40.0781
16:16:40.0781 0292 SystemInfo:
16:16:40.0781 0292
16:16:40.0781 0292 OS Version: 5.1.2600 ServicePack: 3.0
16:16:40.0781 0292 Product type: Workstation
16:16:40.0781 0292 ComputerName: J-CFA0EEF4676B4
16:16:40.0781 0292 Windows directory: H:\WINDOWS
16:16:40.0781 0292 System windows directory: H:\WINDOWS
16:16:40.0781 0292 Processor architecture: Intel x86
16:16:40.0781 0292 Number of processors: 4
16:16:40.0781 0292 Page size: 0x1000
16:16:40.0781 0292 Boot type: Normal boot
16:16:40.0781 0292 ============================================================
16:16:41.0890 0292 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:16:41.0906 0292 ============================================================
16:16:41.0906 0292 \Device\Harddisk0\DR0:
16:16:41.0906 0292 MBR partitions:
16:16:41.0906 0292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
16:16:41.0906 0292 ============================================================
16:16:41.0921 0292 H: <-> \Device\Harddisk0\DR0\Partition0
16:16:41.0937 0292 ============================================================
16:16:41.0937 0292 Initialize success
16:16:41.0937 0292 ============================================================
16:16:47.0453 2280 ============================================================
16:16:47.0453 2280 Scan started
16:16:47.0453 2280 Mode: Manual;
16:16:47.0453 2280 ============================================================
16:16:47.0671 2280 a2acc (05dac43a484272de87eac038814a7840) H:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
16:16:47.0671 2280 a2acc - ok
16:16:47.0828 2280 a2AntiMalware (5a65a77f7a4a091e896c21db4ef18e1f) H:\Program Files\Emsisoft Anti-Malware\a2service.exe
16:16:47.0843 2280 a2AntiMalware - ok
16:16:47.0875 2280 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) H:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
16:16:47.0875 2280 A2DDA - ok
16:16:47.0937 2280 Abiosdsk - ok
16:16:47.0937 2280 abp480n5 - ok
16:16:47.0968 2280 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys
16:16:47.0968 2280 ACPI - ok
16:16:48.0000 2280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys
16:16:48.0000 2280 ACPIEC - ok
16:16:48.0000 2280 adpu160m - ok
16:16:48.0015 2280 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
16:16:48.0015 2280 aec - ok
16:16:48.0031 2280 AFD (7e775010ef291da96ad17ca4b17137d7) H:\WINDOWS\System32\drivers\afd.sys
16:16:48.0031 2280 AFD - ok
16:16:48.0031 2280 Aha154x - ok
16:16:48.0031 2280 aic78u2 - ok
16:16:48.0046 2280 aic78xx - ok
16:16:48.0062 2280 Alerter (a9a3daa780ca6c9671a19d52456705b4) H:\WINDOWS\system32\alrsvc.dll
16:16:48.0062 2280 Alerter - ok
16:16:48.0078 2280 ALG (8c515081584a38aa007909cd02020b3d) H:\WINDOWS\System32\alg.exe
16:16:48.0078 2280 ALG - ok
16:16:48.0078 2280 AliIde - ok
16:16:48.0093 2280 amsint - ok
16:16:48.0093 2280 AppMgmt - ok
16:16:48.0093 2280 asc - ok
16:16:48.0093 2280 asc3350p - ok
16:16:48.0093 2280 asc3550 - ok
16:16:48.0218 2280 ASFWHide (f8c718dc4299002d495a9da30a7c6ef1) H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide
16:16:48.0218 2280 Suspicious file (NoAccess): H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide. md5: f8c718dc4299002d495a9da30a7c6ef1
16:16:48.0218 2280 ASFWHide ( LockedFile.Multi.Generic ) - warning
16:16:48.0218 2280 ASFWHide - detected LockedFile.Multi.Generic (1)
16:16:48.0250 2280 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:16:48.0312 2280 aspnet_state - ok
16:16:48.0312 2280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:16:48.0312 2280 AsyncMac - ok
16:16:48.0328 2280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
16:16:48.0328 2280 atapi - ok
16:16:48.0328 2280 Atdisk - ok
16:16:48.0343 2280 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:16:48.0343 2280 Atmarpc - ok
16:16:48.0343 2280 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) H:\WINDOWS\System32\audiosrv.dll
16:16:48.0343 2280 AudioSrv - ok
16:16:48.0375 2280 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
16:16:48.0375 2280 audstub - ok
16:16:48.0406 2280 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
16:16:48.0406 2280 Beep - ok
16:16:48.0453 2280 BITS (574738f61fca2935f5265dc4e5691314) H:\WINDOWS\system32\qmgr.dll
16:16:48.0578 2280 BITS - ok
16:16:48.0593 2280 Browser (a06ce3399d16db864f55faeb1f1927a9) H:\WINDOWS\System32\browser.dll
16:16:48.0593 2280 Browser - ok
16:16:48.0625 2280 catchme - ok
16:16:48.0656 2280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
16:16:48.0656 2280 cbidf2k - ok
16:16:48.0656 2280 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:16:48.0656 2280 CCDECODE - ok
16:16:48.0656 2280 cd20xrnt - ok
16:16:48.0671 2280 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
16:16:48.0671 2280 Cdaudio - ok
16:16:48.0671 2280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
16:16:48.0671 2280 Cdfs - ok
16:16:48.0687 2280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
16:16:48.0703 2280 Cdrom - ok
16:16:48.0703 2280 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) H:\WINDOWS\system32\cisvc.exe
16:16:48.0703 2280 CiSvc - ok
16:16:48.0703 2280 ClipSrv (34cbe729f38138217f9c80212a2a0c82) H:\WINDOWS\system32\clipsrv.exe
16:16:48.0703 2280 ClipSrv - ok
16:16:48.0796 2280 CLPSLS (be465a17fda2e79ed49053cbec7e9335) H:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
16:16:48.0796 2280 CLPSLS - ok
16:16:48.0828 2280 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:48.0843 2280 clr_optimization_v2.0.50727_32 - ok
16:16:48.0906 2280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:16:48.0968 2280 clr_optimization_v4.0.30319_32 - ok
16:16:49.0015 2280 cmdHlp (a736f2263310fee1799de88cb50c1023) H:\WINDOWS\system32\DRIVERS\cmdhlp.sys
16:16:49.0031 2280 cmdHlp - ok
16:16:49.0031 2280 CmdIde - ok
16:16:49.0031 2280 COMSysApp - ok
16:16:49.0031 2280 Cpqarray - ok
16:16:49.0062 2280 CryptSvc (3d4e199942e29207970e04315d02ad3b) H:\WINDOWS\System32\cryptsvc.dll
16:16:49.0062 2280 CryptSvc - ok
16:16:49.0062 2280 dac2w2k - ok
16:16:49.0062 2280 dac960nt - ok
16:16:49.0125 2280 DAUpdaterSvc (80861969541971176e005d2c09dae851) H:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
16:16:49.0125 2280 DAUpdaterSvc - ok
16:16:49.0171 2280 DcomLaunch (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll
16:16:49.0171 2280 DcomLaunch - ok
16:16:49.0187 2280 Dhcp (5e38d7684a49cacfb752b046357e0589) H:\WINDOWS\System32\dhcpcsvc.dll
16:16:49.0187 2280 Dhcp - ok
16:16:49.0203 2280 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
16:16:49.0203 2280 Disk - ok
16:16:49.0203 2280 dmadmin - ok
16:16:49.0250 2280 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys
16:16:49.0250 2280 dmboot - ok
16:16:49.0281 2280 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys
16:16:49.0281 2280 dmio - ok
16:16:49.0281 2280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
16:16:49.0281 2280 dmload - ok
16:16:49.0296 2280 dmserver (57edec2e5f59f0335e92f35184bc8631) H:\WINDOWS\System32\dmserver.dll
16:16:49.0312 2280 dmserver - ok
16:16:49.0328 2280 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
16:16:49.0328 2280 DMusic - ok
16:16:49.0328 2280 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) H:\WINDOWS\System32\dnsrslvr.dll
16:16:49.0328 2280 Dnscache - ok
16:16:49.0343 2280 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) H:\WINDOWS\System32\dot3svc.dll
16:16:49.0343 2280 Dot3svc - ok
16:16:49.0343 2280 dpti2o - ok
16:16:49.0343 2280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
16:16:49.0343 2280 drmkaud - ok
16:16:49.0359 2280 EapHost (2187855a7703adef0cef9ee4285182cc) H:\WINDOWS\System32\eapsvc.dll
16:16:49.0359 2280 EapHost - ok
16:16:49.0375 2280 ERSvc (bc93b4a066477954555966d77fec9ecb) H:\WINDOWS\System32\ersvc.dll
16:16:49.0375 2280 ERSvc - ok
16:16:49.0421 2280 Eventlog (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe
16:16:49.0421 2280 Eventlog - ok
16:16:49.0453 2280 EventSystem (d4991d98f2db73c60d042f1aef79efae) H:\WINDOWS\system32\es.dll
16:16:49.0453 2280 EventSystem - ok
16:16:49.0453 2280 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
16:16:49.0453 2280 Fastfat - ok
16:16:49.0484 2280 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll
16:16:49.0484 2280 FastUserSwitchingCompatibility - ok
16:16:49.0500 2280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\DRIVERS\fdc.sys
16:16:49.0500 2280 Fdc - ok
16:16:49.0500 2280 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys
16:16:49.0500 2280 Fips - ok
16:16:49.0515 2280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:16:49.0515 2280 Flpydisk - ok
16:16:49.0531 2280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
16:16:49.0531 2280 FltMgr - ok
16:16:49.0625 2280 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:16:49.0625 2280 FontCache3.0.0.0 - ok
16:16:49.0625 2280 FsUsbExDisk - ok
16:16:49.0625 2280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
16:16:49.0625 2280 Fs_Rec - ok
16:16:49.0640 2280 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:16:49.0640 2280 Ftdisk - ok
16:16:49.0640 2280 GMSIPCI - ok
16:16:49.0656 2280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
16:16:49.0656 2280 Gpc - ok
16:16:49.0703 2280 gupdate (f02a533f517eb38333cb12a9e8963773) H:\Program Files\Google\Update\GoogleUpdate.exe
16:16:49.0703 2280 gupdate - ok
16:16:49.0703 2280 gupdatem (f02a533f517eb38333cb12a9e8963773) H:\Program Files\Google\Update\GoogleUpdate.exe
16:16:49.0703 2280 gupdatem - ok
16:16:49.0718 2280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:16:49.0718 2280 HDAudBus - ok
16:16:49.0734 2280 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:16:49.0734 2280 helpsvc - ok
16:16:49.0734 2280 HidServ - ok
16:16:49.0750 2280 hkmsvc (8878bd685e490239777bfe51320b88e9) H:\WINDOWS\System32\kmsvc.dll
16:16:49.0765 2280 hkmsvc - ok
16:16:49.0765 2280 hpn - ok
16:16:49.0796 2280 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
16:16:49.0796 2280 HTTP - ok
16:16:49.0812 2280 HTTPFilter (6100a808600f44d999cebdef8841c7a3) H:\WINDOWS\System32\w3ssl.dll
16:16:49.0843 2280 HTTPFilter - ok
16:16:49.0843 2280 i2omp - ok
16:16:49.0859 2280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:16:49.0859 2280 i8042prt - ok
16:16:49.0921 2280 idsvc (c01ac32dc5c03076cfb852cb5da5229c) H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:16:49.0937 2280 idsvc - ok
16:16:49.0937 2280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
16:16:49.0937 2280 Imapi - ok
16:16:49.0968 2280 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) H:\WINDOWS\system32\imapi.exe
16:16:49.0968 2280 ImapiService - ok
16:16:49.0968 2280 ini910u - ok
16:16:49.0984 2280 Inspect (456003490faa4a2361ceacbfb6409172) H:\WINDOWS\system32\DRIVERS\inspect.sys
16:16:49.0984 2280 Inspect - ok
16:16:50.0265 2280 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) H:\WINDOWS\system32\drivers\RtkHDAud.sys
16:16:50.0281 2280 IntcAzAudAddService - ok
16:16:50.0328 2280 IntelIde - ok
16:16:50.0328 2280 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys
16:16:50.0328 2280 intelppm - ok
16:16:50.0359 2280 ip6fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
16:16:50.0359 2280 ip6fw - ok
16:16:50.0375 2280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:16:50.0375 2280 IpFilterDriver - ok
16:16:50.0375 2280 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
16:16:50.0375 2280 IpInIp - ok
16:16:50.0390 2280 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
16:16:50.0390 2280 IpNat - ok
16:16:50.0390 2280 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
16:16:50.0390 2280 IPSec - ok
16:16:50.0406 2280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
16:16:50.0406 2280 IRENUM - ok
16:16:50.0421 2280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys
16:16:50.0421 2280 isapnp - ok
16:16:50.0546 2280 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) H:\Program Files\Java\jre6\bin\jqs.exe
16:16:50.0546 2280 JavaQuickStarterService - ok
16:16:50.0578 2280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:16:50.0578 2280 Kbdclass - ok
16:16:50.0609 2280 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
16:16:50.0609 2280 kmixer - ok
16:16:50.0640 2280 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
16:16:50.0640 2280 KSecDD - ok
16:16:50.0656 2280 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) H:\WINDOWS\System32\srvsvc.dll
16:16:50.0656 2280 LanmanServer - ok
16:16:50.0718 2280 lanmanworkstation (a8888a5327621856c0cec4e385f69309) H:\WINDOWS\System32\wkssvc.dll
16:16:50.0718 2280 lanmanworkstation - ok
16:16:50.0734 2280 LmHosts (a7db739ae99a796d91580147e919cc59) H:\WINDOWS\System32\lmhsvc.dll
16:16:50.0734 2280 LmHosts - ok
16:16:50.0734 2280 LVRS - ok
16:16:50.0750 2280 LVUVC - ok
16:16:50.0750 2280 ManyCam (c6d085c7045200143528136a43a65fde) H:\WINDOWS\system32\DRIVERS\ManyCam.sys
16:16:50.0750 2280 ManyCam - ok
16:16:50.0781 2280 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) H:\WINDOWS\system32\drivers\mbamchameleon.sys
16:16:50.0781 2280 mbamchameleon - ok
16:16:50.0796 2280 Messenger (986b1ff5814366d71e0ac5755c88f2d3) H:\WINDOWS\System32\msgsvc.dll
16:16:50.0812 2280 Messenger - ok
16:16:50.0828 2280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
16:16:50.0828 2280 mnmdd - ok
16:16:50.0828 2280 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) H:\WINDOWS\system32\mnmsrvc.exe
16:16:50.0828 2280 mnmsrvc - ok
16:16:50.0843 2280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys
16:16:50.0843 2280 Modem - ok
16:16:50.0843 2280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys
16:16:50.0843 2280 Mouclass - ok
16:16:50.0859 2280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
16:16:50.0859 2280 MountMgr - ok
16:16:50.0859 2280 mraid35x - ok
16:16:50.0859 2280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:16:50.0859 2280 MRxDAV - ok
16:16:50.0906 2280 MRxSmb (f3aefb11abc521122b67095044169e98) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:16:50.0906 2280 MRxSmb - ok
16:16:50.0921 2280 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) H:\WINDOWS\system32\msdtc.exe
16:16:50.0921 2280 MSDTC - ok
16:16:50.0921 2280 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
16:16:50.0921 2280 Msfs - ok
16:16:50.0937 2280 MSIServer - ok
16:16:50.0937 2280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
16:16:50.0937 2280 MSKSSRV - ok
16:16:50.0953 2280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:16:50.0953 2280 MSPCLOCK - ok
16:16:50.0953 2280 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
16:16:50.0953 2280 MSPQM - ok
16:16:50.0953 2280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:16:50.0968 2280 mssmbios - ok
16:16:50.0968 2280 MSSQL$SQLEXPRESS - ok
16:16:50.0984 2280 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) h:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
16:16:50.0984 2280 MSSQLServerADHelper100 - ok
16:16:51.0000 2280 Mup (2f625d11385b1a94360bfc70aaefdee1) H:\WINDOWS\system32\drivers\Mup.sys
16:16:51.0000 2280 Mup - ok
16:16:51.0015 2280 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:16:51.0015 2280 NABTSFEC - ok
16:16:51.0046 2280 napagent (0102140028fad045756796e1c685d695) H:\WINDOWS\System32\qagentrt.dll
16:16:51.0046 2280 napagent - ok
16:16:51.0062 2280 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
16:16:51.0062 2280 NDIS - ok
16:16:51.0062 2280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:16:51.0062 2280 NdisTapi - ok
16:16:51.0078 2280 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:16:51.0078 2280 Ndisuio - ok
16:16:51.0093 2280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:16:51.0093 2280 NdisWan - ok
16:16:51.0093 2280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
16:16:51.0093 2280 NDProxy - ok
16:16:51.0093 2280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
16:16:51.0093 2280 NetBIOS - ok
16:16:51.0109 2280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
16:16:51.0109 2280 NetBT - ok
16:16:51.0125 2280 NetDDE (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe
16:16:51.0125 2280 NetDDE - ok
16:16:51.0125 2280 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe
16:16:51.0125 2280 NetDDEdsdm - ok
16:16:51.0125 2280 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
16:16:51.0125 2280 Netlogon - ok
16:16:51.0140 2280 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) H:\WINDOWS\System32\netman.dll
16:16:51.0140 2280 Netman - ok
16:16:51.0187 2280 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:51.0203 2280 NetTcpPortSharing - ok
16:16:51.0234 2280 Nla (832e4dd8964ab7acc880b2837cb1ed20) H:\WINDOWS\System32\mswsock.dll
16:16:51.0234 2280 Nla - ok
16:16:51.0234 2280 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
16:16:51.0234 2280 Npfs - ok
16:16:51.0265 2280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
16:16:51.0265 2280 Ntfs - ok
16:16:51.0281 2280 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
16:16:51.0281 2280 NtLmSsp - ok
16:16:51.0312 2280 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) H:\WINDOWS\system32\ntmssvc.dll
16:16:51.0312 2280 NtmsSvc - ok
16:16:51.0343 2280 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
16:16:51.0343 2280 Null - ok
16:16:51.0953 2280 nv (4b54dcd6adee535df80f07c59ddd8f14) H:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:16:52.0062 2280 nv - ok
16:16:52.0140 2280 NVSvc (0573c75a2895d973ea6ef2495620ba49) H:\WINDOWS\system32\nvsvc32.exe
16:16:52.0140 2280 NVSvc - ok
16:16:52.0281 2280 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:16:52.0296 2280 nvUpdatusService - ok
16:16:52.0343 2280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:16:52.0343 2280 NwlnkFlt - ok
16:16:52.0343 2280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:16:52.0343 2280 NwlnkFwd - ok
16:16:52.0359 2280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\DRIVERS\parport.sys
16:16:52.0359 2280 Parport - ok
16:16:52.0375 2280 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
16:16:52.0375 2280 PartMgr - ok
16:16:52.0390 2280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys
16:16:52.0390 2280 ParVdm - ok
16:16:52.0406 2280 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys
16:16:52.0406 2280 PCI - ok
16:16:52.0406 2280 PCIDump - ok
16:16:52.0406 2280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys
16:16:52.0406 2280 PCIIde - ok
16:16:52.0437 2280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys
16:16:52.0437 2280 Pcmcia - ok
16:16:52.0500 2280 PCPitstop Scheduling (65a66eb40254df662e32e89bbba55e89) H:\Program Files\PCPitstop\PCPitstopScheduleService.exe
16:16:52.0500 2280 PCPitstop Scheduling - ok
16:16:52.0515 2280 PCTAppEvent (7ea0ebd6e5aa687e116eb185a7cfb667) H:\WINDOWS\system32\drivers\PCTAppEvent.sys
16:16:52.0531 2280 PCTAppEvent - ok
16:16:52.0546 2280 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) H:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
16:16:52.0546 2280 PCTFW-PacketFilter - ok
16:16:52.0578 2280 pctgntdi (5be722c8c9bba995693c8cd524d83b27) H:\WINDOWS\system32\drivers\pctgntdi.sys
16:16:52.0593 2280 pctgntdi - ok
16:16:52.0609 2280 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) H:\WINDOWS\system32\DRIVERS\pctNdis.sys
16:16:52.0609 2280 pctNdis - ok
16:16:52.0609 2280 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) H:\WINDOWS\system32\DRIVERS\pctNdis.sys
16:16:52.0609 2280 pctNdisMP - ok
16:16:52.0640 2280 PCToolsFirewallPlus (86d511370a217b554916e3a45d091042) H:\Program Files\PC Tools Firewall Plus\FWService.exe
16:16:52.0640 2280 PCToolsFirewallPlus - ok
16:16:52.0656 2280 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) H:\WINDOWS\system32\drivers\pctplfw.sys
16:16:52.0656 2280 pctplfw - ok
16:16:52.0656 2280 perc2 - ok
16:16:52.0656 2280 perc2hib - ok
16:16:52.0703 2280 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) H:\ComboFix\pev.3XE
16:16:52.0718 2280 PEVSystemStart - ok
16:16:52.0750 2280 PlugPlay (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe
16:16:52.0750 2280 PlugPlay - ok
16:16:52.0781 2280 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) H:\WINDOWS\system32\PnkBstrA.exe
16:16:52.0781 2280 PnkBstrA - ok
16:16:52.0781 2280 PnkBstrB (9a386ec60a166df66205343ca12c6b86) H:\WINDOWS\system32\PnkBstrB.exe
16:16:52.0781 2280 PnkBstrB - ok
16:16:52.0812 2280 PnkBstrK (10be25c04613b70d8ce1f412e14d9454) H:\WINDOWS\system32\drivers\PnkBstrK.sys
16:16:52.0812 2280 PnkBstrK - ok
16:16:52.0812 2280 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
16:16:52.0828 2280 PolicyAgent - ok
16:16:52.0843 2280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
16:16:52.0843 2280 PptpMiniport - ok
16:16:52.0843 2280 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
16:16:52.0843 2280 ProtectedStorage - ok
16:16:52.0843 2280 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
16:16:52.0843 2280 PSched - ok
16:16:52.0843 2280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
16:16:52.0843 2280 Ptilink - ok
16:16:52.0859 2280 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) H:\WINDOWS\system32\Drivers\PxHelp20.sys
16:16:52.0859 2280 PxHelp20 - ok
16:16:52.0875 2280 ql1080 - ok
16:16:52.0875 2280 Ql10wnt - ok
16:16:52.0875 2280 ql12160 - ok
16:16:52.0875 2280 ql1240 - ok
16:16:52.0875 2280 ql1280 - ok
16:16:52.0890 2280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
16:16:52.0890 2280 RasAcd - ok
16:16:52.0921 2280 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) H:\WINDOWS\System32\rasauto.dll
16:16:52.0921 2280 RasAuto - ok
16:16:52.0937 2280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:16:52.0937 2280 Rasl2tp - ok
16:16:52.0968 2280 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) H:\WINDOWS\System32\rasmans.dll
16:16:52.0968 2280 RasMan - ok
16:16:52.0968 2280 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:16:52.0968 2280 RasPppoe - ok
16:16:52.0968 2280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
16:16:52.0984 2280 Raspti - ok
16:16:53.0000 2280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
16:16:53.0000 2280 Rdbss - ok
16:16:53.0000 2280 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:16:53.0000 2280 RDPCDD - ok
16:16:53.0031 2280 RDPWD (6728e45b66f93c08f11de2e316fc70dd) H:\WINDOWS\system32\drivers\RDPWD.sys
16:16:53.0046 2280 RDPWD - ok
16:16:53.0062 2280 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) H:\WINDOWS\system32\sessmgr.exe
16:16:53.0062 2280 RDSessMgr - ok
16:16:53.0062 2280 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys
16:16:53.0078 2280 redbook - ok
16:16:53.0093 2280 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) H:\WINDOWS\System32\mprdim.dll
16:16:53.0093 2280 RemoteAccess - ok
16:16:53.0093 2280 RpcLocator (aaed593f84afa419bbae8572af87cf6a) H:\WINDOWS\system32\locator.exe
16:16:53.0093 2280 RpcLocator - ok
16:16:53.0140 2280 RpcSs (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll
16:16:53.0140 2280 RpcSs - ok
16:16:53.0187 2280 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) H:\WINDOWS\system32\DRIVERS\RsFx0103.sys
16:16:53.0187 2280 RsFx0103 - ok
16:16:53.0203 2280 RSVP (471b3f9741d762abe75e9deea4787e47) H:\WINDOWS\system32\rsvp.exe
16:16:53.0203 2280 RSVP - ok
16:16:53.0265 2280 RTL8192su (7fd98e91896cad23169a84874f145250) H:\WINDOWS\system32\DRIVERS\RTL8192su.sys
16:16:53.0265 2280 RTL8192su - ok
16:16:53.0296 2280 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
16:16:53.0312 2280 SamSs - ok
16:16:53.0312 2280 SCardSvr (86d007e7a654b9a71d1d7d856b104353) H:\WINDOWS\System32\SCardSvr.exe
16:16:53.0312 2280 SCardSvr - ok
16:16:53.0359 2280 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) H:\WINDOWS\system32\schedsvc.dll
16:16:53.0359 2280 Schedule - ok
16:16:53.0375 2280 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
16:16:53.0375 2280 Secdrv - ok
16:16:53.0406 2280 seclogon (cbe612e2bb6a10e3563336191eda1250) H:\WINDOWS\System32\seclogon.dll
16:16:53.0406 2280 seclogon - ok
16:16:53.0406 2280 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) H:\WINDOWS\system32\sens.dll
16:16:53.0406 2280 SENS - ok
16:16:53.0421 2280 serenum (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys
16:16:53.0421 2280 serenum - ok
16:16:53.0421 2280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\DRIVERS\serial.sys
16:16:53.0421 2280 Serial - ok
16:16:53.0437 2280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
16:16:53.0437 2280 Sfloppy - ok
16:16:53.0484 2280 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) H:\WINDOWS\System32\ipnathlp.dll
16:16:53.0484 2280 SharedAccess - ok
16:16:53.0515 2280 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll
16:16:53.0515 2280 ShellHWDetection - ok
16:16:53.0515 2280 Simbad - ok
16:16:53.0562 2280 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
16:16:53.0562 2280 SLIP - ok
16:16:53.0562 2280 Sparrow - ok
16:16:53.0593 2280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
16:16:53.0593 2280 splitter - ok
16:16:53.0625 2280 Spooler (60784f891563fb1b767f70117fc2428f) H:\WINDOWS\system32\spoolsv.exe
16:16:53.0625 2280 Spooler - ok
16:16:53.0718 2280 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) h:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
16:16:53.0718 2280 SQLAgent$SQLEXPRESS - ok
16:16:53.0781 2280 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) h:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:16:53.0781 2280 SQLBrowser - ok
16:16:53.0812 2280 SQLWriter (637a0f23f9012358e92e6f99835494d1) h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:16:53.0812 2280 SQLWriter - ok
16:16:53.0828 2280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys
16:16:53.0828 2280 sr - ok
16:16:53.0843 2280 srservice (3805df0ac4296a34ba4bf93b346cc378) H:\WINDOWS\system32\srsvc.dll
16:16:53.0843 2280 srservice - ok
16:16:53.0875 2280 Srv (0f6aefad3641a657e18081f52d0c15af) H:\WINDOWS\system32\DRIVERS\srv.sys
16:16:53.0875 2280 Srv - ok
16:16:53.0890 2280 SSDPSRV (0a5679b3714edab99e357057ee88fca6) H:\WINDOWS\System32\ssdpsrv.dll
16:16:53.0890 2280 SSDPSRV - ok
16:16:53.0953 2280 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) H:\WINDOWS\system32\DRIVERS\ss_bus.sys
16:16:53.0953 2280 ss_bus - ok
16:16:53.0953 2280 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) H:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
16:16:53.0953 2280 ss_mdfl - ok
16:16:53.0968 2280 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) H:\WINDOWS\system32\DRIVERS\ss_mdm.sys
16:16:53.0968 2280 ss_mdm - ok
16:16:53.0984 2280 Steam Client Service - ok
16:16:54.0015 2280 stisvc (8bad69cbac032d4bbacfce0306174c30) H:\WINDOWS\system32\wiaservc.dll
16:16:54.0015 2280 stisvc - ok
16:16:54.0046 2280 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:16:54.0046 2280 streamip - ok
16:16:54.0062 2280 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
16:16:54.0062 2280 swenum - ok
16:16:54.0078 2280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
16:16:54.0078 2280 swmidi - ok
16:16:54.0078 2280 SwPrv - ok
16:16:54.0078 2280 symc810 - ok
16:16:54.0078 2280 symc8xx - ok
16:16:54.0093 2280 sym_hi - ok
16:16:54.0093 2280 sym_u3 - ok
16:16:54.0109 2280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
16:16:54.0109 2280 sysaudio - ok
16:16:54.0109 2280 SysmonLog (c7abbc59b43274b1109df6b24d617051) H:\WINDOWS\system32\smlogsvc.exe
16:16:54.0125 2280 SysmonLog - ok
16:16:54.0140 2280 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) H:\WINDOWS\System32\tapisrv.dll
16:16:54.0140 2280 TapiSrv - ok
16:16:54.0171 2280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
16:16:54.0187 2280 Tcpip - ok
16:16:54.0218 2280 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
16:16:54.0218 2280 TDPIPE - ok
16:16:54.0234 2280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
16:16:54.0234 2280 TDTCP - ok
16:16:54.0250 2280 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
16:16:54.0250 2280 TermDD - ok
16:16:54.0281 2280 TermService (ff3477c03be7201c294c35f684b3479f) H:\WINDOWS\System32\termsrv.dll
16:16:54.0281 2280 TermService - ok
16:16:54.0312 2280 Themes (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll
16:16:54.0312 2280 Themes - ok
16:16:54.0312 2280 TosIde - ok
16:16:54.0343 2280 TrkWks (55bca12f7f523d35ca3cb833c725f54e) H:\WINDOWS\system32\trkwks.dll
16:16:54.0343 2280 TrkWks - ok
16:16:54.0359 2280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
16:16:54.0359 2280 Udfs - ok
16:16:54.0359 2280 ultra - ok
16:16:54.0390 2280 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
16:16:54.0390 2280 Update - ok
16:16:54.0421 2280 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) H:\WINDOWS\System32\upnphost.dll
16:16:54.0421 2280 upnphost - ok
16:16:54.0421 2280 UPS (05365fb38fca1e98f7a566aaaf5d1815) H:\WINDOWS\System32\ups.exe
16:16:54.0421 2280 UPS - ok
16:16:54.0468 2280 usbaudio (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
16:16:54.0484 2280 usbaudio - ok
16:16:54.0500 2280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:16:54.0500 2280 usbccgp - ok
16:16:54.0515 2280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
16:16:54.0515 2280 usbehci - ok
16:16:54.0531 2280 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
16:16:54.0531 2280 usbhub - ok
16:16:54.0546 2280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
16:16:54.0546 2280 usbscan - ok
16:16:54.0578 2280 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:16:54.0578 2280 usbstor - ok
16:16:54.0578 2280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) H:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:16:54.0593 2280 usbuhci - ok
16:16:54.0593 2280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
16:16:54.0593 2280 VgaSave - ok
16:16:54.0593 2280 ViaIde - ok
16:16:54.0656 2280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys
16:16:54.0656 2280 VolSnap - ok
16:16:54.0671 2280 VSS (7a9db3a67c333bf0bd42e42b8596854b) H:\WINDOWS\System32\vssvc.exe
16:16:54.0687 2280 VSS - ok
16:16:54.0703 2280 W32Time (54af4b1d5459500ef0937f6d33b1914f) H:\WINDOWS\system32\w32time.dll
16:16:54.0703 2280 W32Time - ok
16:16:54.0718 2280 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
16:16:54.0718 2280 Wanarp - ok
16:16:54.0750 2280 Wdf01000 (d918617b46457b9ac28027722e30f647) H:\WINDOWS\system32\Drivers\wdf01000.sys
16:16:54.0765 2280 Wdf01000 - ok
16:16:54.0765 2280 WDICA - ok
16:16:54.0781 2280 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
16:16:54.0781 2280 wdmaud - ok
16:16:54.0812 2280 WebClient (77a354e28153ad2d5e120a5a8687bc06) H:\WINDOWS\System32\webclnt.dll
16:16:54.0812 2280 WebClient - ok
16:16:54.0859 2280 winmgmt (2d0e4ed081963804ccc196a0929275b5) H:\WINDOWS\system32\wbem\WMIsvc.dll
16:16:54.0859 2280 winmgmt - ok
16:16:54.0906 2280 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) H:\WINDOWS\system32\mspmsnsv.dll
16:16:54.0906 2280 WmdmPmSN - ok
16:16:54.0906 2280 WmiApSrv (e0673f1106e62a68d2257e376079f821) H:\WINDOWS\system32\wbem\wmiapsrv.exe
16:16:54.0921 2280 WmiApSrv - ok
16:16:55.0046 2280 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:16:55.0046 2280 WPFFontCache_v0400 - ok
16:16:55.0046 2280 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) H:\WINDOWS\System32\drivers\ws2ifsl.sys
16:16:55.0046 2280 WS2IFSL - ok
16:16:55.0046 2280 wscsvc (7c278e6408d1dce642230c0585a854d5) H:\WINDOWS\system32\wscsvc.dll
16:16:55.0062 2280 wscsvc - ok
16:16:55.0109 2280 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:16:55.0109 2280 WSTCODEC - ok
16:16:55.0109 2280 wuauserv - ok
16:16:55.0140 2280 WudfPf (f15feafffbb3644ccc80c5da584e6311) H:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:16:55.0140 2280 WudfPf - ok
16:16:55.0140 2280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) H:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:16:55.0156 2280 WudfRd - ok
16:16:55.0156 2280 WudfSvc (05231c04253c5bc30b26cbaae680ed89) H:\WINDOWS\System32\WUDFSvc.dll
16:16:55.0171 2280 WudfSvc - ok
16:16:55.0203 2280 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) H:\WINDOWS\System32\wzcsvc.dll
16:16:55.0281 2280 WZCSVC - ok
16:16:55.0500 2280 xmlprov (295d21f14c335b53cb8154e5b1f892b9) H:\WINDOWS\System32\xmlprov.dll
16:16:55.0546 2280 xmlprov - ok
16:16:55.0562 2280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:16:55.0875 2280 \Device\Harddisk0\DR0 - ok
16:16:55.0875 2280 Boot (0x1200) (9490259d5c6458ccb874c3a09ad58226) \Device\Harddisk0\DR0\Partition0
16:16:55.0890 2280 \Device\Harddisk0\DR0\Partition0 - ok
16:16:55.0890 2280 ============================================================
16:16:55.0890 2280 Scan finished
16:16:55.0890 2280 ============================================================
16:16:55.0906 1700 Detected object count: 1
16:16:55.0906 1700 Actual detected object count: 1
16:17:10.0421 1700 H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide - copied to quarantine
16:17:10.0453 1700 HKLM\SYSTEM\ControlSet001\services\ASFWHide - will be deleted on reboot
16:17:10.0453 1700 HKLM\SYSTEM\ControlSet003\services\ASFWHide - will be deleted on reboot
16:17:10.0468 1700 H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide - will be deleted on reboot
16:17:10.0468 1700 ASFWHide ( LockedFile.Multi.Generic ) - User select action: Delete
16:17:16.0906 2684 Deinitialize success

3)

Farbar Service Scanner Version: 17-05-2012
Ran by Owner (administrator) on 24-05-2012 at 16:24:45
Running from "H:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
H:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
H:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
H:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
H:\WINDOWS\system32\netman.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\srsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
H:\WINDOWS\system32\wscsvc.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\wuauserv.dll => MD5 is legit
H:\WINDOWS\system32\qmgr.dll => MD5 is legit
H:\WINDOWS\system32\es.dll => MD5 is legit
H:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
H:\WINDOWS\system32\svchost.exe => MD5 is legit
H:\WINDOWS\system32\rpcss.dll => MD5 is legit
H:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
cmdHlp(9) Gpc(3) IPSec(5) NetBT(6) pctgntdi(10) pctNdisMP(8) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

After running Malwarebytes, I followed your instructions and competed the removal of the found infections and swiftly rebooted my PC.

Thank you once again for your time and continued support, I look forward to your advice.

Cheers,

Pazz

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 24 May 2012 - 10:57 AM

Please download XP.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
ipsec.reg
netbt.reg
wscsvc.reg
wuauserv.reg

legacy_afd.reg
legacy_ipsec.reg
legacy_netbt.reg
legacy_wscsvc.reg
legacy_wuauserv.reg

start_services.bat


Double-click each one of the following files wuauserv.reg, and legacy_wuauserv.reg in turn and click Yes to add it to the Registry
Allow registry merge.
When the 2 file have been executed.
Restart computer .

Please run the Farbar Service Scanner
  • Make sure the following option is checked:
  • Windows Update
[*]Press "Scan".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.
[/list]
Attach that logs, please.

Let me know what problem persists.

#9 simplysimply

simplysimply
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 25 May 2012 - 05:52 AM

Hi Nasdaq,

I have followed the previous steps that you have advised, unfortunately I am still unable to access the internet in normal boot profiles ( I tried my own as well as my partners). My USB modem shows connectivity as does my taskbar which works as expected with maximum signal, however when I open a browser, whilst it says 'connecting too..' it doesnt actually complete the connection, and I have ADSL2+ so it should not be tooo slow.

Other issues seem to be that Ashampoo firewall runs into a fatal error when loaded in my personal normal profile, but not in my partners personal normal boot, or safe mode.

I must admit that I was tempted to merge ALL of the registry items, but I didnt, I just want to be able to use the internet with sound so BADLY!!

I have attached the FSS log as requested.

Would it be easier just to reinstall XP over the top of my current version, keeping my files? as it seems I dont have any major malware to be concerned about, and I really want to get the full use out of my pc again, its been over a month since I have had to boot into safe mode to get online!!

Sorry just a little drunk at the moment and want to watch some new episodes of south park..

Thanks again for your help,

Awaiting your reply.

Pazz

BTW for this scan I have inserted my USB modem to allow for the online connectivity that this scanner scans for.


Farbar Service Scanner Version: 17-05-2012
Ran by Owner (administrator) on 25-05-2012 at 20:25:30
Running from "H:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
H:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
H:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
H:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
H:\WINDOWS\system32\netman.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\srsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
H:\WINDOWS\system32\wscsvc.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\wuauserv.dll => MD5 is legit
H:\WINDOWS\system32\qmgr.dll => MD5 is legit
H:\WINDOWS\system32\es.dll => MD5 is legit
H:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
H:\WINDOWS\system32\svchost.exe => MD5 is legit
H:\WINDOWS\system32\rpcss.dll => MD5 is legit
H:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
cmdHlp(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 25 May 2012 - 09:59 AM

Start, Run, type CMD, OK to open a command prompt.

Copy and paste the command in bold at the DOS prompt.

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log

Restart the computer normally.

Other issues seem to be that Ashampoo firewall runs into a fatal error when loaded in my personal normal profile, but not in my partners personal normal boot, or safe mode.


Can your partner connect to the internet?

If yes then your profile may be corrupted.
Create a new one in your name.
===

What are the issues in this new profile.

#11 simplysimply

simplysimply
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 28 May 2012 - 08:33 AM

Hi Nasdaq,

I have followed the steps as you advised, and Im sorry to say that there is still no change to my ability to browse the internet whilst booted into ANY profile, including a new personal profile, in normal boot mode.

I have tried the above steps several times, whilst loaded in to several profiles in safe and normal mode, unfortunately there has been no change to my browser not connecting/working properly.

I attempted to use my XP cd to reinstall my operating system several times and unfortunately that has not worked either, when booting from the CD, it fails to run till completion, sometimes crashing during the loading of disc, but never managing to 'load windows'. i know you didnt ask me to do this, but I thought that I would try.

I look forward to hearing from you as to what we can try next to see what solution we can try next.

Cheers,

Pazz

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 28 May 2012 - 10:09 AM

Remove Ashampoo

How is it now?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 03 June 2012 - 08:13 AM

Are you still with me?

#14 simplysimply

simplysimply
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 04 June 2012 - 07:04 AM

Hi Nasdaq,

Yes I am still here, just busy as sin.

I have tried taking ashampoo off of my pc, but that is not resolving my apparent connectivity issues.

It doesnt appear to be anything wrong with my firewall, the problem initially started when I was clearing 'infected files' and I believe I deleted something out of my registery/system32 file that has caused my issue.

I am happy to just start with a clean reinstall, and I tried to do so with my XP disc, but even though I tried about 20 times, the boot from disc setup kept crashing/blue screening at random times, and if it did get all the way through to 'loading windows' it just bluescreens there.

How else could I reinstall my operating system if my Disc isnt working properly?

Cheers,

Pazz

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:45 AM

Posted 04 June 2012 - 08:17 AM

How else could I reinstall my operating system if my Disc isnt working properly?


Contact the Manufacturer of the Computer they should be able to provide you with a good copy at a reasonable price.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users