Jump to content


Photo
- - - - -

Can not start Google Chrome

Chrome google

  • This topic is locked This topic is locked
13 replies to this topic

#1 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 23 August 2012 - 08:20 AM

Running Windows xp home edition, I have IE, Firefox, and Chrome. Starting yesterday, I can not log on using Chrome. (IE and Firefox are OK) After a while the msg says "application not responding". I googled for solution with no avail. Remove and re-install latest Chrome. Same problem. Runned Malwarebytes, no malware found.
Please help
Planoguy

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Frank Liu at 8:09:54 on 2012-08-23
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.716 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: citi.com\creditcards
Trusted Zone: itcu.org\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: yahoo.com\my
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/69.10/uploader2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28982DB9-15B5-4F68-97C1-B14F8846B433} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\frank liu\application data\mozilla\firefox\profiles\bqdxhci7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\frank liu\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R1 MpKsld3b8646b;MpKsld3b8646b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys [2012-8-23 29904]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-19 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-16 655944]
R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-16 22344]
R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009-11-21 19384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2011-7-23 1527900]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010-12-14 6400]
S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
.
=============== Created Last 30 ================
.
2012-08-23 13:03:42 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\offreg.dll
2012-08-23 12:55:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys
2012-08-23 03:54:56 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\mpengine.dll
2012-08-22 02:46:26 -------- d-----r- c:\program files\Skype
2012-08-22 02:39:48 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-22 02:39:18 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-08-22 02:39:18 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-08-22 02:39:01 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-08-22 02:36:11 465432 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-08-22 02:36:11 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2012-08-22 02:36:11 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2012-08-22 02:36:10 490008 ----a-w- c:\windows\system32\LVUI2.dll
2012-08-22 02:36:10 19344 ----a-w- c:\windows\system32\Repository.reg
2012-08-22 02:36:10 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2012-08-22 02:36:09 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2012-08-22 02:36:09 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2012-08-22 02:36:09 195096 ----a-w- c:\windows\system32\lvci1110.dll
2012-08-01 15:50:43 -------- d-----w- c:\program files\BETV
2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-22 02:30:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 02:30:42 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-10 03:46:45 60 ----a-w- c:\windows\wpd99.drv
2012-07-16 16:47:48 12562920 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
2012-06-17 14:33:44 12557904 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
2012-06-07 03:57:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-07 03:57:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2010-07-14 15:56:00 417944 ----a-w- c:\program files\common files\ZugoInstaller.exe
2010-05-09 05:14:38 5387 ----a-w- c:\program files\apply.cmd
2010-04-24 04:33:58 911800 ----a-w- c:\program files\amtlib.dll
.
============= FINISH: 8:10:31.46 ===============</local>
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2009/11/15 1:13:34 PM
System Uptime: 2012/8/23 7:52:28 AM (1 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7119
Processor: AMD Sempron™ 3000+ | Socket A | 1991/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 95.06 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 186 GiB total, 62.031 GiB free.
F: is FIXED (NTFS) - 186 GiB total, 91.883 GiB free.
J: is FIXED (NTFS) - 932 GiB total, 673.123 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP899: 2012/8/8 9:43:56 PM - System Checkpoint
RP900: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0
RP901: 2012/7/22 7:39:25 AM - System Checkpoint
RP902: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0
RP903: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0
RP904: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0
RP905: 2012/7/22 7:39:25 AM - System Checkpoint
RP906: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0
RP907: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0
RP908: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0
RP909: 2012/7/22 7:39:24 AM - System Checkpoint
RP910: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0
RP911: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0
RP912: 2012/7/22 7:40:12 AM - Installed MozyHome
RP913: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0
RP914: 2012/7/22 7:40:12 AM - System Checkpoint
RP915: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0
RP916: 2012/7/22 7:40:11 AM - System Checkpoint
RP917: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0
RP918: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0
RP919: 2012/7/22 7:40:11 AM - System Checkpoint
RP920: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0
RP921: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0
RP922: 2012/7/22 7:40:10 AM - System Checkpoint
RP923: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0
RP924: 2012/7/22 7:39:26 AM - System Checkpoint
RP925: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0
RP926: 2012/7/22 7:40:10 AM - System Checkpoint
RP927: 2012/7/22 7:40:10 AM - Revo Uninstaller's restore point - Pinnacle Studio Ultimate Plugins
RP928: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Video Driver
RP929: 2012/7/22 7:40:09 AM - Removed Pinnacle Video Driver.
RP930: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14
RP931: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14
RP932: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0
RP933: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0
RP934: 2012/7/22 7:40:08 AM - System Checkpoint
RP935: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0
RP936: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0
RP937: 2012/7/22 7:40:08 AM - System Checkpoint
RP938: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0
RP939: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0
RP940: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0
RP941: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0
RP942: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0
RP943: 2012/7/22 7:40:07 AM - System Checkpoint
RP944: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0
RP945: 2012/7/22 7:40:07 AM - System Checkpoint
RP946: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0
RP947: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0
RP948: 2012/7/22 7:40:06 AM - System Checkpoint
RP949: 2012/7/22 7:40:06 AM - Software Distribution Service 3.0
RP950: 2012/7/22 7:40:06 AM - System Checkpoint
RP951: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0
RP952: 2012/7/22 7:40:05 AM - System Checkpoint
RP953: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0
RP954: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0
RP955: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0
RP956: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0
RP957: 2012/7/22 7:40:04 AM - System Checkpoint
RP958: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0
RP959: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0
RP960: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0
RP961: 2012/7/22 7:40:04 AM - System Checkpoint
RP962: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0
RP963: 2012/7/22 7:40:03 AM - System Checkpoint
RP964: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0
RP965: 2012/7/22 7:40:03 AM - System Checkpoint
RP966: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0
RP967: 2012/7/22 7:39:26 AM - System Checkpoint
RP968: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0
RP969: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0
RP970: 2012/7/22 7:40:02 AM - System Checkpoint
RP971: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0
RP972: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0
RP973: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0
RP974: 2012/7/22 7:40:01 AM - System Checkpoint
RP975: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0
RP976: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0
RP977: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0
RP978: 2012/7/22 7:40:01 AM - System Checkpoint
RP979: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0
RP980: 2012/7/22 7:40:06 AM - System Checkpoint
RP981: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Pinnacle Studio 14
RP982: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Amazon MP3 Downloader 1.0.5
RP983: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Free Audio Editor
RP984: 2012/7/22 7:40:05 AM - Revo Uninstaller's restore point - WavePad Sound Editor
RP985: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0
RP986: 2012/7/22 7:39:26 AM - System Checkpoint
RP987: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0
RP988: 2012/7/22 7:40:00 AM - System Checkpoint
RP989: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0
RP990: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0
RP991: 2012/7/22 7:40:00 AM - System Checkpoint
RP992: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0
RP993: 2012/7/22 7:39:59 AM - System Checkpoint
RP994: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0
RP995: 2012/7/22 7:39:59 AM - System Checkpoint
RP996: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0
RP997: 2012/7/22 7:39:59 AM - System Checkpoint
RP998: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0
RP999: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0
RP1000: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0
RP1001: 2012/6/1 12:07:16 PM - System Checkpoint
RP1002: 2012/6/1 3:01:18 PM - Software Distribution Service 3.0
RP1003: 2012/6/2 3:30:33 PM - System Checkpoint
RP1004: 2012/6/3 10:05:45 AM - Software Distribution Service 3.0
RP1005: 2012/6/4 10:34:06 AM - Software Distribution Service 3.0
RP1006: 2012/6/4 10:38:10 AM - Software Distribution Service 3.0
RP1007: 2012/6/5 5:53:08 PM - Software Distribution Service 3.0
RP1008: 2012/6/6 11:01:37 PM - Software Distribution Service 3.0
RP1009: 2012/6/7 11:35:53 PM - Software Distribution Service 3.0
RP1010: 2012/6/9 11:05:35 AM - Software Distribution Service 3.0
RP1011: 2012/6/10 11:42:59 AM - System Checkpoint
RP1012: 2012/6/11 8:56:06 AM - Software Distribution Service 3.0
RP1013: 2012/6/12 2:30:47 PM - Software Distribution Service 3.0
RP1014: 2012/6/12 10:00:26 PM - Software Distribution Service 3.0
RP1015: 2012/6/13 8:41:32 PM - Software Distribution Service 3.0
RP1016: 2012/6/15 10:22:21 PM - Software Distribution Service 3.0
RP1017: 2012/6/16 10:29:29 PM - Software Distribution Service 3.0
RP1018: 2012/6/17 9:48:04 AM - Software Distribution Service 3.0
RP1019: 2012/6/18 7:56:45 PM - Software Distribution Service 3.0
RP1020: 2012/6/19 11:43:26 PM - Software Distribution Service 3.0
RP1021: 2012/6/21 11:29:28 PM - Software Distribution Service 3.0
RP1022: 2012/6/23 8:44:29 AM - Software Distribution Service 3.0
RP1023: 2012/6/24 9:18:13 AM - Software Distribution Service 3.0
RP1024: 2012/6/25 10:10:19 AM - Software Distribution Service 3.0
RP1025: 2012/6/26 10:31:18 AM - System Checkpoint
RP1026: 2012/6/26 10:16:26 PM - Software Distribution Service 3.0
RP1027: 2012/6/27 10:39:56 PM - Software Distribution Service 3.0
RP1028: 2012/6/28 11:56:16 PM - Software Distribution Service 3.0
RP1029: 2012/6/30 10:31:29 AM - Software Distribution Service 3.0
RP1030: 2012/7/1 10:16:02 PM - Software Distribution Service 3.0
RP1031: 2012/7/2 10:21:32 PM - System Checkpoint
RP1032: 2012/7/3 10:11:48 PM - Software Distribution Service 3.0
RP1033: 2012/7/6 10:04:41 AM - Software Distribution Service 3.0
RP1034: 2012/7/7 11:05:57 AM - System Checkpoint
RP1035: 2012/7/7 11:20:56 PM - Software Distribution Service 3.0
RP1036: 2012/7/8 11:27:09 PM - Software Distribution Service 3.0
RP1037: 2012/7/10 8:45:37 AM - Software Distribution Service 3.0
RP1038: 2012/7/10 10:00:33 PM - Software Distribution Service 3.0
RP1039: 2012/7/12 8:19:35 AM - Software Distribution Service 3.0
RP1040: 2012/7/13 9:48:47 PM - Software Distribution Service 3.0
RP1041: 2012/7/13 9:58:57 AM - System Checkpoint
RP1042: 2012/7/15 10:10:22 PM - Software Distribution Service 3.0
RP1043: 2012/7/17 8:45:05 AM - Software Distribution Service 3.0
RP1044: 2012/7/18 10:29:56 AM - Software Distribution Service 3.0
RP1045: 2012/7/19 10:15:57 PM - Software Distribution Service 3.0
RP1046: 2012/7/20 10:54:17 PM - Software Distribution Service 3.0
RP1047: 2012/7/21 11:11:18 PM - System Checkpoint
RP1048: 2012/7/22 7:32:51 AM - Software Distribution Service 3.0
RP1049: 2012/7/24 8:17:47 AM - Software Distribution Service 3.0
RP1050: 2012/7/26 8:25:46 AM - Software Distribution Service 3.0
RP1051: 2012/7/27 11:23:59 PM - Software Distribution Service 3.0
RP1052: 2012/7/31 7:02:36 AM - Software Distribution Service 3.0
RP1053: 2012/8/1 10:27:09 AM - Software Distribution Service 3.0
RP1054: 2012/8/2 12:52:08 PM - Software Distribution Service 3.0
RP1055: 2012/8/3 2:14:01 PM - System Checkpoint
RP1056: 2012/8/4 8:52:33 AM - Software Distribution Service 3.0
RP1057: 2000/8/4 11:42:05 AM - System Checkpoint
RP1058: 2012/8/5 9:38:39 AM - System Checkpoint
RP1059: 2012/8/5 9:48:24 AM - Software Distribution Service 3.0
RP1060: 2012/8/6 11:36:10 AM - Software Distribution Service 3.0
RP1061: 2012/8/7 11:55:40 AM - System Checkpoint
RP1062: 2012/8/8 8:33:31 AM - Software Distribution Service 3.0
RP1063: 2012/8/9 9:19:46 AM - Software Distribution Service 3.0
RP1064: 2012/8/10 11:10:37 AM - System Checkpoint
RP1065: 2012/8/11 9:44:02 AM - Software Distribution Service 3.0
RP1066: 2012/8/12 3:13:17 PM - Software Distribution Service 3.0
RP1067: 2012/8/13 4:51:43 PM - System Checkpoint
RP1068: 2012/8/14 9:12:22 AM - Software Distribution Service 3.0
RP1069: 2012/8/15 9:21:49 AM - Software Distribution Service 3.0
RP1070: 2012/8/15 9:43:22 AM - Software Distribution Service 3.0
RP1071: 2012/8/17 10:01:06 AM - Software Distribution Service 3.0
RP1072: 2012/8/18 10:06:02 AM - System Checkpoint
RP1073: 2012/8/19 7:05:51 PM - Software Distribution Service 3.0
RP1074: 2012/8/21 9:37:07 PM - Logitech Camera Driver Install
RP1075: 2012/8/22 10:54:39 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
"Nero SoundTrax Help
1Click DVD Copy 5.0.2.9
7-Zip 4.65
ACDSee 8
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advertising Center
Any Video Converter 3.3.4
Audacity 1.2.6
Auslogics Duplicate File Finder
BETV 1.6.0.7
Canon Easy-PhotoPrint EX
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
CCleaner
Chinese (Traditional) Language Support
Compatibility Pack for the 2007 Office system
Cookienator
CopyToDVD
DolbyFiles
DVD43 v4.6.0
eReg
ffdshow
Firebird SQL Server - MAGIX Edition (US)
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
InCD Help
Intel® PRO Network Adapters and Drivers
Iomega QuikProtect
Java Auto Updater
Java™ 6 Update 29
Knoll Light Factory EZ Studio
Logitech QuickCam
Logitech SetPoint 6.15
Logitech® Camera ÅX°Êµ{¦¡
Malwarebytes Anti-Malware version 1.62.0.1300
Menu Templates - Starter Kit
Meritline EZ Label Xpress 3.5 Lite
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chinese Date & Time
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Movie Templates - Starter Kit
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MozyHome
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NCH Toolbox
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
NVIDIA Drivers
Office Tab Free Edition 8.00
Pdf995
Penpower Jr.
Picasa 3
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.92
SanDiskSecureAccess_Manager.exe
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype? 5.10
Sony DVD Architect Studio 4.5
SoundTrax
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vegas Movie Studio 9.0
VLC media player 1.1.11
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
XP Codec Pack
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2012/8/22 5:52:07 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
2012/8/19 9:01:04 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DELLFROMYC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{28982DB9-15B5-4F6. The master browser is stopping or an election is being forced.
2012/8/19 7:14:24 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DELLFROMYC.
2012/8/19 6:53:44 PM, error: NetBT [4321] - The name "CHAPTER 8 :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.4 did not allow the name to be claimed by this machine.
2012/8/18 11:15:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Nero BackItUp Scheduler 4.0 with arguments "-Service" in order to run the server: {35212119-C615-4CD0-8DA5-7D7F19FBA1B8}
.
==== End Of File ===========================

Edited by Maurice Naggar, 23 August 2012 - 09:41 AM.


#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 August 2012 - 09:29 AM

Hello planoguy,

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.


Step 7
RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.
Use separate replies as needed if logs do not fit into one reply box.


Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 23 August 2012 - 11:01 AM

Hi Maurice
Thanks for your help. Run thru 7 steps and here are the reports

Logfile of random's system information tool 1.09 (written by random/random)
Run by Frank Liu at 2012-08-23 10:01:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 97 GB (64%) free of 153 GB
Total RAM: 1471 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:23 AM, on 2012/8/23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Frank Liu\Desktop\RSIT.exe
C:\Program Files\trend micro\Frank Liu.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - Trusted Zone: http://my.yahoo.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.goo...0/uploader2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnime...veX_Control.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnime...veX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...985/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 7626 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default
prefs.js - "browser.startup.homepage" - "http://my.yahoo.com/"

Edited by Maurice Naggar, 23 August 2012 - 11:15 AM.


#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 August 2012 - 11:19 AM

@Planoguy
The RSIT log looks short.
I cannot tell if you ran the other steps that I outlined. Tell me which you completed.
and
I doubt you had the time yet to complete the BitDefender scan.

BE AWARE:
Use only NOTEPAD to Copy ALL Lines of report(s) and then to Paste all into each reply.
In NOTEPAD make sure you have turned off Word wrap.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 23 August 2012 - 02:42 PM

Thanks for your quick reponse.
I run first 4 steps with three reports log.txt, info.txt and checkup.txt as follows. Will now run step 5 and attach additional reports in next reply.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Frank Liu at 2012-08-23 14:21:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 97 GB (64%) free of 153 GB
Total RAM: 1471 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:21:09 PM, on 2012/8/23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frank Liu\Desktop\chrome\RSIT.exe
C:\Program Files\trend micro\Frank Liu.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - Trusted Zone: http://my.yahoo.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.goo...0/uploader2.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnime...veX_Control.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnime...veX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...985/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 7731 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default
prefs.js - "browser.startup.homepage" - "http://my.yahoo.com/"<p>"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"

#6 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 23 August 2012 - 02:53 PM

Here is the start of step 5 thru 7


QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Thu Aug 23 14:44:58 2012
Machine ID: 5C71CD09

No infection found.
-------------------

Processes
---------
Microsoft® Windows® Operating System 9640 C:\WINDOWS\system32\notepad.exe
(verified) Google Update 568 C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Java™ Platform SE 6 U29 560 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Logitech QuickCam 616 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(verified) Logitech QuickCam 2908 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(verified) Logitech QuickCam 1616 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(verified) Malwarebytes Anti-Malware 348 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(verified) Microsoft Malware Protection 1100 C:\Program Files\Microsoft Security Client\MsMpEng.exe
(verified) Microsoft Security Client 148 C:\Program Files\Microsoft Security Client\msseces.exe
(verified) Microsoft® Windows® Operating System 1684 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1764 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\system32\conime.exe
(verified) Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1712 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 400 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 232 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 464 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1232 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 9712 C:\WINDOWS\system32\wscntfy.exe
(verified) MozyHome 672 C:\Program Files\MozyHome\mozybackup.exe
(verified) NVIDIA Driver Helper Service, Version 7 688 C:\WINDOWS\system32\nvsvc32.exe
(verified) Quik Protect (x32) 1804 C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
(verified) QuikProtect 7364 C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
(verified) RealPlayer (32-bit) 160 C:\Program Files\real\realplayer\Update\realsched.exe
(verified) Skype 636 C:\Program Files\Skype\Phone\Skype.exe
(verified) Windows® Internet Explorer 3520 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 6252 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 8360 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process Skype.exe (636) connected on port 40008 --> 157.55.130.162
Process Skype.exe (636) connected on port 443 (HTTP over SSL) --> 64.4.44.29
Process Skype.exe (636) connected on port 12350 --> 78.141.179.15
Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.41
Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.45
Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.49
Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.57
Process Skype.exe (636) listens on ports: 80 (HTTP), 62825
Process svchost.exe (1000) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
(verified) Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Microsoft Malware Protection C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
(verified) RealPlayer (32-bit) C:\Program Files\real\realplayer\Update\realsched.exe
(verified) RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
(verified) Skype C:\Program Files\Skype\Phone\Skype.exe
(verified) startQuikProtect C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
(unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
(unsigned) RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
(unsigned) RealNetworks™ Chrome Background Exte C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
(unsigned) RealPlayer™ HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
(verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
(verified) CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
(verified) Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
(verified) Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
(verified) NPSWF32_11_3_300_257.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
(verified) Photo Uploader C:\WINDOWS\Downloaded Program Files\UploaderX.dll
(verified) PhotoCenter Active X control C:\WINDOWS\Downloaded Program Files\Photochannel.dll
(verified) Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
(verified) RealPlayer Download and Record Plugin C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
(verified) RealPlayer Download Plugin C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
(verified) RealPlayer Download Plugin c:\program files\real\realplayer\Netscape6\nprpplugin.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
(verified) Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll

Scan
----
MD5: e670ce1a52782d364156056ed28d2161 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
MD5: 10737b44923217bc0e67d26a9fc1f0aa C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 2645990c521342dcd08963d2df6cd0d2 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 167d24a045499ebef438f231976158df C:\MAGIX\Common\Database\bin\fbserver.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: ca6f7021f560fc9ee7b7471795aa628f C:\Program Files\MozyHome\LIBEAY32.dll
MD5: a14a07c8e27e4e4c13f251d76b65e98e C:\Program Files\MozyHome\SSLEAY32.dll
MD5: 90492e00ee4c916123bec5d267894e8c c:\program files\real\realplayer\Netscape6\nprjplug.dll
MD5: f835d707a2756f3ac756331dc2e5fde2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MD5: 2f0539bff032d35ba47c341a988be1ff C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MD5: dec7885b2ef0966ea285c9a40e7afba4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MD5: 1d52bcaf65ec439c735ed109431d1c09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MD5: c05a4d494c3096782f80cfdf7f4aefa8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MD5: 397d3ef4842d6454fa68218438165a5d C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MD5: b7a48556eb302cd02a725d2d425f2d0c C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MD5: a7e9d45b18a13dc18e3c0311d1cf620f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MD5: 8563f5a4f6342ba64e7c398f7efcc350 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MD5: 72cadf7ee0722dae4a6b98eefeac06bc C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: bb8dc530b88f47dd2a37915480aa6cd2 C:\WINDOWS\system32\dshowext.ax
MD5: f1941197a42f9f373cc70042fc82c950 C:\WINDOWS\system32\ksproxy.ax
MD5: c9ef69b25dfa1c0e7932cb02fb8a7e91 C:\WINDOWS\system32\kswdmcap.ax
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exe
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL
MD5: 94ba90c6af5c50ff5f7a6392514c4642 C:\WINDOWS\system32\vidcap.ax
MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dll
MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL

No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.14 KB recvd
Scanned 628 files and modules - 127 seconds
==============================================================================

Step 6
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Frank Liu [Admin rights]
Mode: Scan -- Date: 08/23/2012 14:51:12
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SP1604N +++++
--- User ---
[MBR] 62f07d074c1ea5a4720fffc1fdfa7219
[BSP] 709a9d4529d10caafc13093f815046ab : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!
+++++ PhysicalDrive1: ST3400620A +++++
--- User ---
[MBR] da750aa383971399d9e72eebdb803397
[BSP] ab891c45853e9ceb9a74972a00a05374 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1008 | Size: 190720 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 390595968 | Size: 190831 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!
+++++ PhysicalDrive2: SAMSUNG HD103SI USB Device +++++
--- User ---
[MBR] 7435b395373533bcd39085cd12602a0e
[BSP] 3a263ec662f61a27d74cd7a536bc3337 : TestDisk MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

Should have all txt files as you mentioned. Please kindly let me know if anything needed. Thank you again for your help.
Planoguy

#7 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 24 August 2012 - 06:21 AM

These steps are for planoguy only. If you are a casual viewer, do NOT try this on your system!
If you are not planoguy and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!


You will want to print out or copy these instructions to Notepad for Safe offline reference!

Let's have you do the following:
Step 1
Disable CD-ROM Emulation Software:
Please download the following tool DeFogger to your desktop.
◦Double click DeFogger to run the tool.
◦The application window will appear
◦Click the Disable button to disable your CD Emulation drivers.
◦Click Yes to continue
◦A 'Finished!' message will appear
◦Click OK
◦DeFogger will now ask to reboot the machine - click OK
◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
◦Do not re-enable these drivers until otherwise instructed.

Step 2
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 3
Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe Posted Image accept the EULA & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & attach the C:\Combofix.txt log and tell me, How is the system now :excl:

RE-Enable your AntiVirus and AntiSpyware applications.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#8 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 24 August 2012 - 10:59 AM

Hi Maurice
I run through all the steps but the problem is still there. Google Chrome can not be started. I tried to attach Combofix log but got an error msg saying that the file is too long. I will send you the log file in four separate posts.
First one
ComboFix 12-08-24.01 - Frank Liu /08/24 Fri 9:34.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.917 [GMT -5:00]
執行位置: c:\documents and settings\Frank Liu\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Deleted Files )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
c:\documents and settings\Frank Liu\GoToAssistDownloadHelper.exe
c:\documents and settings\Frank Liu\My Documents\~WRL0003.tmp
c:\documents and settings\Frank Liu\WINDOWS
c:\windows\system32\OLD3E1.tmp
c:\windows\system32\OLD3E4.tmp
c:\windows\system32\OLD411.tmp
c:\windows\system32\OLD41C.tmp
c:\windows\system32\OLD5A3.tmp
c:\windows\system32\OLD63F.tmp
c:\windows\system32\OLD642.tmp
c:\windows\system32\OLD7A4.tmp
c:\windows\system32\OLD7A7.tmp
c:\windows\system32\OLD7AA.tmp
c:\windows\system32\OLD7AD.tmp
c:\windows\system32\OLD7B0.tmp
c:\windows\system32\OLD7B3.tmp
c:\windows\system32\OLD7BA.tmp
c:\windows\system32\OLD83B.tmp
c:\windows\system32\OLD88D.tmp
c:\windows\system32\OLD890.tmp
c:\windows\system32\OLD893.tmp
c:\windows\system32\OLD896.tmp
c:\windows\system32\OLD89C.tmp
c:\windows\system32\OLD8A1.tmp
c:\windows\system32\OLD8AA.tmp
c:\windows\system32\OLD942.tmp
c:\windows\system32\OLDAA4.tmp
c:\windows\system32\OLDB38.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A3.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDA.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE6.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF6.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFB.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\SETFF.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( 2012-07-24 to 2012-08-24 New Files )))))))))))))))))))))))))))))))
.
.
2012-08-24 13:55 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC52919-918D-4E35-847D-C3EDE77D7E1B}\mpengine.dll
2012-08-23 19:54 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-23 19:21 . 2012-08-23 19:21 -------- d-----w- C:\rsit
2012-08-23 15:16 . 2012-08-23 19:44 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\QuickScan
2012-08-23 14:59 . 2012-08-23 19:21 -------- d-----w- c:\program files\trend micro
2012-08-23 14:55 . 2012-08-23 14:55 -------- d-----w- c:\program files\ERUNT
2012-08-22 02:46 . 2012-08-24 14:27 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\Skype
2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\program files\Common Files\Skype
2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----r- c:\program files\Skype
2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-08-22 02:39 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-08-22 02:39 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-08-22 02:39 . 2008-04-13 23:12 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-08-22 02:36 . 2007-07-19 00:44 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2012-08-22 02:36 . 2007-07-19 00:44 465432 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-08-22 02:36 . 2007-07-19 00:40 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2012-08-22 02:36 . 2007-07-19 00:43 490008 ----a-w- c:\windows\system32\LVUI2.dll
2012-08-22 02:36 . 2007-07-19 00:42 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2012-08-22 02:36 . 2007-07-18 23:55 19344 ----a-w- c:\windows\system32\Repository.reg
2012-08-22 02:36 . 2007-07-19 00:44 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2012-08-22 02:36 . 2007-07-19 00:44 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2012-08-22 02:36 . 2007-07-19 00:40 195096 ----a-w- c:\windows\system32\lvci1110.dll
2012-08-22 02:35 . 2012-08-22 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2012-08-01 15:50 . 2012-08-12 20:59 -------- d-----w- c:\program files\BETV
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Modified Files in Three Months ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 02:30 . 2012-04-03 16:10 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 02:30 . 2011-05-20 12:23 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2009-11-15 18:50 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-11-15 18:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46 . 2010-03-16 22:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2005-05-20 00:14 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-05-20 00:14 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2009-11-15 18:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2009-11-15 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2009-11-15 18:51 385024 ------w- c:\windows\system32\html.iec
2012-06-17 14:33 . 2012-06-17 14:33 12557904 ----a-w- c:\documents and settings\All Users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
2012-06-07 03:57 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-07 03:57 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2009-11-15 18:52 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-04 04:32 . 2009-11-15 18:53 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-11-15 18:54 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-11-15 18:54 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-11-15 18:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-11-15 18:54 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2009-11-15 18:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-11-15 18:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-11-15 18:54 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-11-15 18:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2010-02-15 09:10 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2010-02-15 09:10 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2010-02-15 09:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25 . 2009-12-14 16:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2009-11-15 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2010-07-14 15:56 . 2010-09-18 11:53 417944 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2010-05-09 05:14 . 2010-12-14 14:28 5387 ----a-w- c:\program files\apply.cmd
2010-04-24 04:33 . 2010-12-14 14:28 911800 ----a-w- c:\program files\amtlib.dll
2000-08-04 23:59 . 2012-06-16 03:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-03 19:36 . 2010-08-18 03:23 13696 -c--a-w- c:\program files\mozilla firefox\components\CntvSpeedup.dll
.
.

#9 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 24 August 2012 - 11:09 AM

Part 3 (last one)

.
-- 快照技術重新設置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-07 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^清?紫光全能王手???系?.lnk]
backup=c:\windows\pss\清?紫光全能王手???系?.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank Liu^Start Menu^Programs^Startup^startQuikProtect.exe.lnk]
backup=c:\windows\pss\startQuikProtect.exe.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 01:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 15:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cookienator]
2009-10-19 06:29 1333472 -c--a-w- c:\program files\Cookienator\cookienator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-06-26 00:15 1311312 -c--a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-28 03:28 116648 ----atw- c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 21:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 21:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]
2011-11-26 00:11 27306624 ----a-w- c:\documents and settings\Frank Liu\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-07 03:57 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NitroReaderDriverReadSpool"=2 (0x2)
"avg9wd"=2 (0x2)
"PCToolsSSDMonitorSvc"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"MsMpSvc"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"QSCopyEngine"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"McciCMService"=2 (0x2)
"LBTServ"=3 (0x3)
"IHA_MessageCenter"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"brmfrmps"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Iomega\\QuikProtect\\QuikProtect.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\WINPENJR\\win32\\PPupdwz.exe"=
"c:\\Program Files\\BETV\\BETV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010/8/19 2:27 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010/3/16 5:07 PM 655944]
R2 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010/6/24 5:04 PM 247088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010/3/16 5:07 PM 22344]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2009/11/26 8:38 AM 47360]
R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009/11/21 5:04 PM 19384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012/7/13 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012/4/3 11:10 AM 250568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2011/7/23 10:31 PM 1527900]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012/4/27 2:13 PM 113120]
S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010/12/14 3:28 PM 6400]
S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010/10/13 6:06 PM 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
‘計劃任務’ 文件夾 裡的內容
.
2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:30]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 02:12]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job
- c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 03:28]
.
2012-08-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-08-24 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
2012-08-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
2012-08-24 c:\windows\Tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Extra Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: citi.com\creditcards
Trusted Zone: itcu.org\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: yahoo.com\my
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-PPHIDPAD - c:\winpenjr\Win32\pphidpad.exe
MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-24 09:46
Windows 5.1.2600 Service Pack 3 NTFS
.
掃描被隱藏的進程 ...
.
掃描被隱藏的啟動組 ...
.
掃描被隱藏的文件 ...
.
掃描完成
被隱藏的檔案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-917075022-3912106595-2679439203-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- 運行進程下的動態鏈接庫 ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Time Completed: 2012-08-24 09:50:19
ComboFix-quarantined-files.txt 2012-08-24 14:50
.
Pre-Run: 101,936,541,696 bytes free
Post-Run: 102,175,883,264 bytes free
.
- - End Of File - - D7C6690DB89699A4F57ABEAA909997E0


#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 24 August 2012 - 02:20 PM

Trojan warning:TDL3
This system has some serious backdoor trojans. TDL3


This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.
You are strongly advised to do the following immediately.
1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.
While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

IF you decide to attempt cleaning, then start with the following.

Run RKILL one more time.

Step 2
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
  • Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  • Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon

    On Windows 7, press Windows-key, then start typing in text box [code=auto:0]Malwarebytes[code=auto:0] then select/click Malwarebytes Anti-Malware Chameleon
  • Once the Help file opens, click on a Chameleon button (starting with #1)
  • If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  • You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.6 at the top
  • Press any key to continue as it says in the window {space-bar will do}
  • If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  • Have infinite patience during this process
  • Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  • Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  • Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  • After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  • A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  • Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  • If prompted to restart your computer to complete the removal process, click Yes :excl:
  • If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  • After your computer restarts, open Malwarebytes Anti-Malware and perform one last FULL scan to verify that there are no remaining threats
Reply with copy of the MBAM scan log for review.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 24 August 2012 - 03:42 PM

Hi Maurice:
Too bad to learn that my system is hacked by a trojan. (I am using another system to communicate with you right now.)
I think I like to clean the system completely. Can you give me the steps to completely reformat the dard drives and reinstall Windows fresh? What about the external drive? Is that external drive safe to use after reinstall the Windows?
Too bad to have this problem. On the other hand, thank you for finding out the problem for me and hope the damage is minimized as soon as possible.
Planoguy

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 24 August 2012 - 07:58 PM

If you have the Windows XP CD, you would use that to boot from and in the initial steps you would delete the Windows partition as the first step, then load Windows fresh. You'd have to set the pc to boot from the CD as the first boot device.
IF your pc did not come with a Windows CD, your pc manufacturer likely has a factory restore partition on the HDD. You need to check with your pc manufacturer on the procedures and sequence.
I will not be guiding you on the factory restore process.

The following is a very general outline:
Before you do that, make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).
When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.
You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

NOTE: If XP CD is from a pc manufacturer, and they bundled an AV like McAfee or Norton/Symantec trial versions, immediately de-install those, sice they will be outdated & of no use. Install your antvirus immediately after.

Other security references at Microsoft
4 steps to protect your computer
How to boost your malware defense and protect your PC

Good wishes to you.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#13 planoguy

planoguy

    Regular Member

  • Honorary Members
  • PipPip
  • 53 posts

Posted 25 August 2012 - 08:52 AM

Thank you, Maurice. I do have windows xp CD. I will start from there.
Couple of more questions. In addition to the C Drive, I have another internal drive designated as E and F (two logical partitions), and an external drive. All of them are data files. Do I un-plug them before starting re-install XP? How do I make sure they are not infected? Can virus, trojans, etc. be in a data file? If they can, how to remove them?
Planoguy

#14 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 25 August 2012 - 09:16 AM

If you have external drives, you will want to unplug them before re-installing Windows.

IF you have logical partitions on your HDD, leave them be. I am assuming your Windows is on C:

You can scan your files with your antivirus & MBAM & with some of the following online scanners (listed below).

Safer practices & malware prevention
We are finished here. Best regards. Posted Image
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users