Jump to content

soundhaven

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Folks - Been using MB 2.0 for a day or two now. Like the old version I have it set to do a hyper can every two hours. Unfortunately this means that every two hours my computer freezes, then runs really slow for about five minutes. The old version used to pop up to tell me it was scanning, giving me the option of hitting the cancel button (something that I did quite frequently), but now I'm prevented from working several times a day. Could there be a smarter way of automatically postponing scans when I'm busy? Maybe an 'ask me' check box (but one that times out when I'm not actually there). Or some way of detecting that I am actually in the middle of doing stuff? Just throwing this out there as an idea. PJ
  2. Bugger. Disappointed to hear that Paul. My girlfriend's machine is now also infected. Hope someone sorts this soon.
  3. Andrew / Spud This is one of three threads on the same topic - google IP addresses being blocked by malwarebytes. Can you offer any assistance / advice? Many thanks Peter
  4. We're infected with something doverbeach. A quick scan didn't pick anything up, so I'm running a full scan now. This is the second thread today about the same problem - I'm hoping this means a resolution will be forthcoming pretty quickly
  5. Suffering from the same problem. I switched to using firefox which seemed to resolve the problem... until I uninstalled chrome (my default browser). Now I'm stuffed again. Clearly whatever I'm using is smart enough to know what my default browser is. It's driving me crazy!
  6. For future ref Gringo - should this happen to a 'client' of yours in the future - this is how to fix the Windows Verification problem http://www.wikihow.com/Change-a-Windows-XP-Product-Key
  7. Thanks Gringo. That just takes me back to the same old page telling me to buy a copy of Windows 7 for $149. So that was one costly bit of malware, and if I'd waited just a few more days (until google had updated the browser - which I'd always suspected was the root of the problem), I'd have never have got myself into this mess. Hey ho. You win some, and you lose some. See ya around some time.
  8. PS. I tried restoring the machine to the state before Recovery Console was installed. Not surprisingly that didn't work.
  9. Gringo! An interesting development! The problem appears to have resolved itself (without my need to run the last two scans) Sometime ago I discovered that I could avoid a lot of malware issues by switching off chrome's java and plug-ins settings, and then selectively switching them on again for the sites I use and trust. This morning I discovered that google has recently updated chrome, switched java and plug-ins back on again, and forgotten all my previous settings. I've spent some of today rectifying that (switching java/plug-ins OFF, and selectively allowing it for trusted sites) and to my surprise, facebook, amazon, and the other big sites that were causing me a problem, no longer are. Whatever was embedded inside my browser is either gone, or can no longer get to the outside world. I'll monitor it for a day or two and keep you updated. If the problem re-occurs I will of course continue with your scans. In the meantime windows is still playing silly buggers. It clears my wallpaper every 30 minutes, generates a pop up to tell me that I'm not using genuine software, and makes me wait a few seconds before letting me log in. It is infuriating. Especially as I have my disc and my licence numbers right here and would enter them if I were given an option. My only crime, so it seems, is that I'm using XP, and they'd prefer me to upgrade. This wasn't happening before you asked me to install Recovery Console. Given the choice between my malware problem and this problem, I think I preferred the malware problem. At least Malware Bytes kept that at bay. If you have any advice as to how to get rid of this Windows Validation check I would love to hear it. Many thanks Peter
  10. Hi Gringo Thanks for your reply. I'll run these tomorrow - I'm afraid I haven't any more time today. Thanks for all your help so far. I do appreciate it. Peter
  11. Right. Well, that didn't go all that well. As expected Combo fix installed Recovery Console, and now I have a HUGE, permanent message in the bottom right hand corner of the screen, over laying the desktop wallpaper, telling me that I may be the victim of software counterfeiting (I'm not. I have my licence number right here). When I click the new 'star' item in the system tray, I get taken to a microsoft page that tells me XP isn't available any more and I should purchase Windows 7 for £150. Thank you Bill Gates. May you rot in hell for all eternity. Gringo - I don't suppose you know how to fix this new and exciting problem which is almost as irritating as the original malware alert that brought me here in the first place? Which reminds me, I wish I could tell you that at least my malware issue has gone away but.... it hasn't! I log into facebook and malware bytes steps in to block the self same IP address. Here's your latest log file. Enjoy. ----------------------- log file ------------------------ ComboFix 13-04-15.01 - Peter 15/04/2013 13:19:06.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2448 [GMT 1:00] Running from: c:\documents and settings\Peter\Desktop\virus scanners\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\SplashID.ico c:\documents and settings\All Users\Application Data\TEMP c:\windows\system32\drivers\etc\hosts1 c:\windows\system32\SET1DD.tmp c:\windows\system32\SET1E2.tmp c:\windows\system32\SET1E9.tmp c:\windows\system32\SET1F2.tmp c:\windows\system32\SET1F3.tmp c:\windows\system32\SET1F4.tmp c:\windows\system32\SET1F5.tmp c:\windows\system32\SET1F7.tmp c:\windows\wininit.ini . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe . c:\windows\system32\drivers\i8042prt.sys was missing Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys . . ((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 ))))))))))))))))))))))))))))))) . . 2013-04-15 12:23 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2013-04-14 08:58 . 2013-04-14 15:33 -------- d-----w- c:\documents and settings\Peter\Application Data\nView_Wallpaper 2013-04-07 08:13 . 2013-04-07 08:13 -------- d-----w- c:\program files\LSoft Technologies 2013-03-29 08:20 . 2013-03-29 08:20 -------- d-----w- c:\program files\File Assassin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 13:50 . 2011-07-02 17:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36 . 2005-10-12 16:25 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2006-02-18 23:47 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2005-10-19 18:35 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 01:25 . 2005-11-08 22:13 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-02-27 07:56 . 2011-07-02 03:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-21 19:06 . 2006-03-02 07:28 667136 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 19:06 . 2004-08-03 21:59 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-02-21 19:06 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2013-02-21 00:38 . 2004-08-03 21:59 369664 ----a-w- c:\windows\system32\html.iec 2013-02-13 08:20 . 2013-02-13 08:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-13 08:20 . 2013-02-13 08:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-12 00:32 . 2011-07-02 11:37 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2005-10-15 15:13 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 04:03 . 2013-02-08 04:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll 2013-02-08 04:02 . 2013-02-08 04:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll 2013-02-08 04:02 . 2011-07-02 12:47 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-08 04:02 . 2013-02-08 04:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll 2013-01-26 03:55 . 2004-08-03 23:56 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-15 16:56 . 2012-04-30 06:18 477616 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-15 16:56 . 2011-07-07 13:03 473520 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-15 15:14 . 2012-04-30 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-07 17706088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-03 30192] "pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-08-25 442368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Peter\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2011-7-3 157000] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-3 113664] Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-7-2 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\Z:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2006-06-13 04:20 127036 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-07-02 14:07 136176 ----atw- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater] 2011-10-11 12:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-09-27 17:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2011-06-16 14:21 1500160 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2011-04-14 05:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ServiceLayer"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Macromedia Licensing Service"=3 (0x3) "idsvc"=3 (0x3) "WebUpdate4"=2 (0x2) "SkypeUpdate"=2 (0x2) "LBTServ"=3 (0x3) "Skype C2C Service"=2 (0x2) "iPAHelper.exe"=2 (0x2) "IDriverT"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Siber Systems\\GoodSync\\GoodSync.exe"= "c:\\Program Files\\Siber Systems\\GoodSync\\GsExplorer.exe"= "c:\\Program Files\\Siber Systems\\GoodSync\\Gs-Server.exe"= "c:\\Program Files\\SplashData\\SplashID Safe\\SplashID Safe.exe"= "c:\\Program Files\\Llamagraphics\\Life Balance\\Life Balance.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "33333:TCP"= 33333:TCP:GoodSync Server incoming connections "33338:UDP"= 33338:UDP:GoodSync Server LAN discovery . R2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [18/06/2012 23:15 3349208] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [02/07/2011 16:34 10384] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/09/2012 05:41 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2011 18:27 701512] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [02/07/2011 04:21 22016] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/07/2011 18:27 22856] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [07/02/2013 14:10 161384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02/07/2011 13:57 1691480] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/07/2011 07:02 30192] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [02/07/2011 04:21 29440] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [02/07/2011 04:21 17536] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520] S3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys [08/01/2013 14:15 27496] S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000] S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [15/09/2008 10:57 262360] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 08:20] . 2013-04-09 c:\windows\Tasks\Anti-Twin.job - c:\progra~1\AntiTwin\AntiTwin.exe [2012-06-23 06:34] . 2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2013-04-15 c:\windows\Tasks\check reviews.job - J:\check reviews.txt [2011-12-01 07:09] . 2013-04-14 c:\windows\Tasks\GoodSync eve.job - c:\progra~1\SIBERS~1\GoodSync\GoodSync.exe [2012-06-18 22:15] . 2013-04-15 c:\windows\Tasks\GoodSync.job - c:\progra~1\SIBERS~1\GoodSync\GoodSync.exe [2012-06-18 22:15] . 2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-725345543-1005Core.job - c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 14:07] . 2013-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-725345543-1005UA.job - c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 14:07] . 2013-04-11 c:\windows\Tasks\SplashID iPhone.job - c:\program files\SplashData\SplashID Safe\SplashID Safe.exe [2012-07-04 02:46] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe HKLM-Run-BrowserPlugInHelper - c:\program files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe AddRemove-Coupon Companion Plugin - c:\program files\Coupon Companion Plugin\Uninstall.exe AddRemove-SplashID iPhone Desktop - c:\program files\SplashData\SplashID for iPhone\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-15 13:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3250410AS rev.4.AAA -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-682003330-1214440339-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j*s* \OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1004) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(3524) c:\program files\NVIDIA Corporation\nView\nview.dll c:\program files\NVIDIA Corporation\nView\NVWRSENG.DLL c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\WgaTray.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\progra~1\Webshots\Webshots.scr c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2013-04-15 13:32:18 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-15 12:31 . Pre-Run: 128,372,973,568 bytes free Post-Run: 132,876,886,016 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - D190449A139F4A8DFD06ECAEE2F8FBC5
  12. Back again! RogueKiller generated two logs. Both are below. Again - very interesting. Surprised it found anything - I thought that's what malware was supposed to do (not that I'm knocking MB - it's got me out of many a sticky situation) Sadly though, none of these scans appear to have fixed the problem. I opened facebook. Went on. And after a minute or so MB told me that it had blocked an attempt to contact 217.41.223.104 What next my friend? ----------------- log 1 --------------------------- RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Peter [Admin rights] Mode : Scan -- Date : 04/15/2013 08:37:39 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 mpa.one.microsoft.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250410AS +++++ --- User --- [MBR] dd8b266d68fbeec20b31d53d9b1a5239 [bSP] 2cfeb7dd3203af1b2889a7e4ce39ff78 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 238474 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST3250410AS +++++ --- User --- [MBR] df003239c6939a813f4d115903d6009a [bSP] 34de2c932d0d512337592ea8b33dafd8 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD740HLFS-01G6U0 +++++ --- User --- [MBR] 0984cac43d64797081256af1a7913d49 [bSP] a973d33d641225222a80caa392cfc093 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 70910 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04152013_02d0837.txt >> RKreport[1]_S_04152013_02d0837.txt ------------------------------ log 2 --------------------------------- RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Peter [Admin rights] Mode : Remove -- Date : 04/15/2013 08:38:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 mpa.one.microsoft.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250410AS +++++ --- User --- [MBR] dd8b266d68fbeec20b31d53d9b1a5239 [bSP] 2cfeb7dd3203af1b2889a7e4ce39ff78 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 238474 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST3250410AS +++++ --- User --- [MBR] df003239c6939a813f4d115903d6009a [bSP] 34de2c932d0d512337592ea8b33dafd8 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD740HLFS-01G6U0 +++++ --- User --- [MBR] 0984cac43d64797081256af1a7913d49 [bSP] a973d33d641225222a80caa392cfc093 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 70910 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04152013_02d0838.txt >> RKreport[1]_S_04152013_02d0837.txt ; RKreport[2]_D_04152013_02d0838.txt
  13. And we're back. Well then - that was interesting!!! Google chrome bitched a bit when I re-started it, but it seems ok now. Log file below. Maybe I ought to run this thing more frequently, or re-install adaware or something. Anyway... on with the final check... # AdwCleaner v2.200 - Logfile created 04/15/2013 at 08:17:14 # Updated 02/04/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Peter - LEOPOLD # Boot Mode : Normal # Running from : C:\Documents and Settings\Peter\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\DOCUME~1\Peter\LOCALS~1\Temp\TempDir Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask Folder Deleted : C:\Documents and Settings\Julie\Local Settings\Application Data\AskToolbar Folder Deleted : C:\Documents and Settings\Peter\Desktop\Inbox Folder Deleted : C:\Documents and Settings\Peter\Local Settings\Application Data\APN Folder Deleted : C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Coupon Companion Plugin Folder Deleted : C:\Program Files\Iminent Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Crossrider Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\PIP Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\Software\PIP Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\Julie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [332 octets] - [15/04/2013 08:16:16] AdwCleaner[s2].txt - [13721 octets] - [15/04/2013 08:17:14] ########## EOF - C:\AdwCleaner[s2].txt - [13782 octets] ##########
  14. Hi Gringo! Nice to hear from you. Apologies for taking a while to respond. The information from the Security check sweep is below, I'm going to run the next two programs now, but obviously I've got to close this browser to do so. BRB. Peter ----------------- security check data --------------------------------- Results of screen317's Security Check version 0.99.62 Windows XP Service Pack 3 x86 Internet Explorer 6 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 39 Java version out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 39% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  15. Folks - DDS scan logs as requested - looking forward to your reply attach.txtdds.txt Peter ---------------- logs pasted below for ease ------------------------- DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 6.0.2900.5512 Run by Peter at 6:10:03 on 2013-04-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2306 [GMT 1:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Documents and Settings\Peter\Local Settings\Application Data\Updater21804\Updater21804.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\Webshots\Webshots.scr C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Natara\Bonsai\Bonsai.exe C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [Google Update] "c:\documents and settings\peter\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [updater21804.exe] c:\documents and settings\peter\local settings\application data\updater21804\Updater21804.exe /extensionid=21804 /extensionname='Coupon Companion Plugin' /chromeid=jneaojaoiajhnemidnjhoempalnidbhj /stayidle /delay=300 uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [pdfFactory Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe mRun: [browserPlugInHelper] c:\program files\aimersoft\video converter ultimate\BrowserPlugInHelper.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\peter\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{31DE50F2-1E02-46E0-A587-A996B0D923C3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9F078023-0E73-44CB-BF3F-351B3DF037CF} : DHCPNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 mpa.one.microsoft.com . ============= SERVICES / DRIVERS =============== . R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-6-18 3349208] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-7-2 10384] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-2 701512] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2011-7-2 22016] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-2 22856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-7-2 1691480] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-7-3 30192] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2011-7-2 29440] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2011-7-2 17536] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys [2013-1-8 27496] S4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000] S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2008-9-15 262360] . =============== File Associations =============== . FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx 2004\Dreamweaver.exe" "%1" . =============== Created Last 30 ================ . 2013-04-07 08:13:47 -------- d-----w- c:\program files\LSoft Technologies 2013-03-29 08:20:20 -------- d-----w- c:\program files\File Assassin . ==================== Find3M ==================== . 2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-21 19:06:26 667136 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 19:06:26 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-02-21 19:06:25 81920 ----a-w- c:\windows\system32\ieencode.dll 2013-02-21 00:38:17 369664 ----a-w- c:\windows\system32\html.iec 2013-02-13 08:20:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-13 08:20:01 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-15 16:56:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-15 16:56:07 473520 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-15 15:14:01 73728 ----a-w- c:\windows\system32\javacpl.cpl . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3250410AS rev.4.AAA -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 1 ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Harddisk1\DR1[0x8AC4EAB8] 3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\00000070[0x8AC5C968] 5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Ide\IdeDeviceP2T0L0-29[0x8AC52D98] kernel: MBR read successfully _asm { ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; } user != kernel MBR !!! . ============= FINISH: 6:10:36.65 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 02/07/2011 04:06:42 System Uptime: 11/04/2013 03:10:02 (75 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | EP45T-DS3R Processor: Intel Pentium III Xeon processor | Socket 775 | 2833/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 233 GiB total, 118.08 GiB free. D: is CDROM () E: is CDROM () J: is NetworkDisk (NTFS) - 1397 GiB total, 670.588 GiB free. M: is NetworkDisk (NTFS) - 1397 GiB total, 670.588 GiB free. P: is NetworkDisk (NTFS) - 1397 GiB total, 670.588 GiB free. S: is NetworkDisk (NTFS) - 1397 GiB total, 670.588 GiB free. V: is FIXED (FAT32) - 233 GiB total, 232.828 GiB free. W: is NetworkDisk (NTFS) - 1397 GiB total, 670.588 GiB free. X: is NetworkDisk (NTFS) - 1397 GiB total, 670.588 GiB free. Y: is FIXED (FAT32) - 69 GiB total, 69.229 GiB free. Z: is FIXED (NTFS) - 1397 GiB total, 670.588 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP549: 09/03/2013 08:30:16 - System Checkpoint RP550: 09/03/2013 11:17:44 - System Checkpoint RP551: 11/03/2013 09:45:23 - System Checkpoint RP552: 12/03/2013 16:34:29 - System Checkpoint RP553: 14/03/2013 03:00:42 - Software Distribution Service 3.0 RP554: 15/03/2013 03:00:19 - Software Distribution Service 3.0 RP555: 16/03/2013 07:15:22 - System Checkpoint RP556: 17/03/2013 20:12:40 - System Checkpoint RP557: 19/03/2013 09:30:24 - System Checkpoint RP558: 20/03/2013 13:19:24 - System Checkpoint RP559: 23/03/2013 07:58:38 - System Checkpoint RP560: 24/03/2013 12:11:56 - System Checkpoint RP561: 25/03/2013 13:02:53 - System Checkpoint RP562: 26/03/2013 13:06:33 - System Checkpoint RP563: 27/03/2013 14:11:46 - System Checkpoint RP564: 28/03/2013 14:43:20 - System Checkpoint RP565: 29/03/2013 17:51:29 - System Checkpoint RP566: 31/03/2013 12:26:22 - System Checkpoint RP567: 02/04/2013 12:37:10 - System Checkpoint RP568: 04/04/2013 00:24:54 - System Checkpoint RP569: 06/04/2013 07:40:47 - System Checkpoint RP570: 07/04/2013 12:38:44 - System Checkpoint RP571: 08/04/2013 12:58:43 - System Checkpoint RP572: 09/04/2013 13:00:14 - System Checkpoint RP573: 11/04/2013 03:00:40 - Software Distribution Service 3.0 RP574: 12/04/2013 08:30:21 - System Checkpoint RP575: 13/04/2013 15:49:31 - System Checkpoint . ==== Installed Programs ====================== . Active@ KillDisk 7.1 Adobe Flash Player 11 ActiveX Adobe Photoshop 7.0 Adobe Reader X (10.1.6) Amazon Kindle Amazon MP3 Downloader 1.0.17 Anti-Twin (Installation 23/06/2012) Apple Application Support Apple Mobile Device Support Apple Software Update Applian FLV and Media Player 3.1.1.12 Ask Toolbar Ask Toolbar Updater Audacity 1.2.6 Audible Download Manager Bonjour Bonsai BrainsBreaker 4.9(209) CDDRV_Installer Compatibility Pack for the 2007 Office system Coupon Companion Plugin Diagnostic Utility EasyDuplicateFinder v4.3 erLT FlashFXP v3 FLV to AVI WMV MPEG Free Converter 3.2.60 Google Chrome Google Desktop GSpot Codec Information Appliance High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) HP Deskjet 2050 J510 series Basic Device Software HP Deskjet 2050 J510 series Help HP Update InstallIQ Updater iPod Access for Windows v4.4.1 iTunes Java Auto Updater Java 6 Update 39 join.me KeePass Password Safe 1.21 KhalInstallWrapper Knoll Light Factory EZ Studio Life Balance Logitech SetPoint Macromedia Dreamweaver MX 2004 Macromedia Extension Manager Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 8.2 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2000 Premium Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office File Validation Add-In Microsoft Office Outlook 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard Edition 2003 Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Mobipocket Creator 4.2 MSVC80_x86 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Nero 6 Nokia Connectivity Cable Driver Nokia PC Suite NVIDIA Control Panel 275.33 NVIDIA Graphics Driver 275.33 NVIDIA Install Application NVIDIA nView 135.85 NVIDIA nView Desktop Manager NVIDIA Update 1.3.5 NVIDIA Update Components Palm Desktop by ACCESS PC Connectivity Solution pdfFactory Pinnacle Studio 14 Pinnacle Studio Ultimate Plugins Pinnacle Video Driver Primo QuickTime Radio Downloader REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Red Giant ToonIt Studio Runtime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2675157) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2699988) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2722913) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2744842) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2761465) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2792100) Security Update for Windows XP (KB2797052) Security Update for Windows XP (KB2799329) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2809289) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2817183) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Segoe UI SereneScreen Aquarium Skype Click to Call Skype™ 6.2 Smart Pix Manager Software Update for Web Folders Sonic UDF Reader Sony Picture Utility SplashID iPhone Desktop 5.2 ThumbsPlus version 4.10-R Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Webshots Desktop Windows Driver Package - Nokia Modem (02/25/2011 4.7) Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinHTTrack Website Copier 3.43-9 xat.com Image Optimizer . ==== Event Viewer Messages From Past Week ======== . 08/04/2013 23:46:05, error: Srv [2020] - The server was unable to allocate from the system paged pool because the pool was empty. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.