planoguy

Honorary Members
  • Content count

    53
  • Joined

  • Last visited

About planoguy

  • Rank
    Regular Member

Contact Methods

  • ICQ
    0
  1. You heldped me to identify backdoor trojan about two three weeks ago. And I was advised to re-format the C drive (system drive). My question now is after re-formatting, re-install the windows xp and all the applications. How to make sure that the system is clean without malware and/or virus? Thank you for your help. Planoguy
  2. Thank you, Maurice. I do have windows xp CD. I will start from there. Couple of more questions. In addition to the C Drive, I have another internal drive designated as E and F (two logical partitions), and an external drive. All of them are data files. Do I un-plug them before starting re-install XP? How do I make sure they are not infected? Can virus, trojans, etc. be in a data file? If they can, how to remove them? Planoguy
  3. Hi Maurice: Too bad to learn that my system is hacked by a trojan. (I am using another system to communicate with you right now.) I think I like to clean the system completely. Can you give me the steps to completely reformat the dard drives and reinstall Windows fresh? What about the external drive? Is that external drive safe to use after reinstall the Windows? Too bad to have this problem. On the other hand, thank you for finding out the problem for me and hope the damage is minimized as soon as possible. Planoguy
  4. Part 3 (last one) . -- 快照技術重新設置 -- . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] "QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-07 296056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk backup=c:\windows\pss\MozyHome Status.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^清?紫光全能王手???系?.lnk] backup=c:\windows\pss\清?紫光全能王手???系?.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Frank Liu^Start Menu^Programs^Startup^startQuikProtect.exe.lnk] backup=c:\windows\pss\startQuikProtect.exe.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2010-03-25 01:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx] 2010-04-02 15:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cookienator] 2009-10-19 06:29 1333472 -c--a-w- c:\program files\Cookienator\cookienator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2010-06-26 00:15 1311312 -c--a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-06-28 03:28 116648 ----atw- c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2007-07-25 21:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-07-25 21:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe] 2011-11-26 00:11 27306624 ----a-w- c:\documents and settings\Frank Liu\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 18:06 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-06-07 03:57 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NitroReaderDriverReadSpool"=2 (0x2) "avg9wd"=2 (0x2) "PCToolsSSDMonitorSvc"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) "MsMpSvc"=2 (0x2) "YahooAUService"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "QSCopyEngine"=2 (0x2) "PLFlash DeviceIoControl Service"=2 (0x2) "ose"=3 (0x3) "NMIndexingService"=3 (0x3) "Nero BackItUp Scheduler 4.0"=2 (0x2) "McciCMService"=2 (0x2) "LBTServ"=3 (0x3) "IHA_MessageCenter"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "Brother XP spl Service"=2 (0x2) "brmfrmps"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Iomega\\QuikProtect\\QuikProtect.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\WINPENJR\\win32\\PPupdwz.exe"= "c:\\Program Files\\BETV\\BETV.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "50000:UDP"= 50000:UDP:IHA_MessageCenter . R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010/8/19 2:27 PM 10448] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010/3/16 5:07 PM 655944] R2 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010/6/24 5:04 PM 247088] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010/3/16 5:07 PM 22344] R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2009/11/26 8:38 AM 47360] R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009/11/21 5:04 PM 19384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012/7/13 1:28 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012/4/3 11:10 AM 250568] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2011/7/23 10:31 PM 1527900] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012/4/27 2:13 PM 113120] S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010/12/14 3:28 PM 6400] S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010/10/13 6:06 PM 98304] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . ‘計劃任務’ 文件夾 裡的內容 . 2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:30] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 02:12] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job - c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 03:28] . 2012-08-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03] . 2012-08-24 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03] . 2012-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21] . 2012-08-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21] . 2012-08-24 c:\windows\Tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Extra Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: citi.com\creditcards Trusted Zone: itcu.org\www Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: yahoo.com\my TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) MSConfigStartUp-PPHIDPAD - c:\winpenjr\Win32\pphidpad.exe MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-24 09:46 Windows 5.1.2600 Service Pack 3 NTFS . 掃描被隱藏的進程 ... . 掃描被隱藏的啟動組 ... . 掃描被隱藏的文件 ... . 掃描完成 被隱藏的檔案: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-917075022-3912106595-2679439203-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- 運行進程下的動態鏈接庫 --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Time Completed: 2012-08-24 09:50:19 ComboFix-quarantined-files.txt 2012-08-24 14:50 . Pre-Run: 101,936,541,696 bytes free Post-Run: 102,175,883,264 bytes free . - - End Of File - - D7C6690DB89699A4F57ABEAA909997E0
  5. Hi Maurice I run through all the steps but the problem is still there. Google Chrome can not be started. I tried to attach Combofix log but got an error msg saying that the file is too long. I will send you the log file in four separate posts. First one ComboFix 12-08-24.01 - Frank Liu /08/24 Fri 9:34.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.917 [GMT -5:00] 執行位置: c:\documents and settings\Frank Liu\Desktop\Combo-Fix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Deleted Files ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe c:\documents and settings\Frank Liu\GoToAssistDownloadHelper.exe c:\documents and settings\Frank Liu\My Documents\~WRL0003.tmp c:\documents and settings\Frank Liu\WINDOWS c:\windows\system32\OLD3E1.tmp c:\windows\system32\OLD3E4.tmp c:\windows\system32\OLD411.tmp c:\windows\system32\OLD41C.tmp c:\windows\system32\OLD5A3.tmp c:\windows\system32\OLD63F.tmp c:\windows\system32\OLD642.tmp c:\windows\system32\OLD7A4.tmp c:\windows\system32\OLD7A7.tmp c:\windows\system32\OLD7AA.tmp c:\windows\system32\OLD7AD.tmp c:\windows\system32\OLD7B0.tmp c:\windows\system32\OLD7B3.tmp c:\windows\system32\OLD7BA.tmp c:\windows\system32\OLD83B.tmp c:\windows\system32\OLD88D.tmp c:\windows\system32\OLD890.tmp c:\windows\system32\OLD893.tmp c:\windows\system32\OLD896.tmp c:\windows\system32\OLD89C.tmp c:\windows\system32\OLD8A1.tmp c:\windows\system32\OLD8AA.tmp c:\windows\system32\OLD942.tmp c:\windows\system32\OLDAA4.tmp c:\windows\system32\OLDB38.tmp c:\windows\system32\SET144.tmp c:\windows\system32\SET145.tmp c:\windows\system32\SET146.tmp c:\windows\system32\SET182.tmp c:\windows\system32\SET183.tmp c:\windows\system32\SET184.tmp c:\windows\system32\SET185.tmp c:\windows\system32\SET186.tmp c:\windows\system32\SET187.tmp c:\windows\system32\SET188.tmp c:\windows\system32\SET189.tmp c:\windows\system32\SET18A.tmp c:\windows\system32\SET18B.tmp c:\windows\system32\SET18C.tmp c:\windows\system32\SET18D.tmp c:\windows\system32\SET18E.tmp c:\windows\system32\SET18F.tmp c:\windows\system32\SET191.tmp c:\windows\system32\SET192.tmp c:\windows\system32\SET193.tmp c:\windows\system32\SET194.tmp c:\windows\system32\SET195.tmp c:\windows\system32\SET196.tmp c:\windows\system32\SET197.tmp c:\windows\system32\SET198.tmp c:\windows\system32\SET199.tmp c:\windows\system32\SET19A.tmp c:\windows\system32\SET19B.tmp c:\windows\system32\SET19C.tmp c:\windows\system32\SET19D.tmp c:\windows\system32\SET19E.tmp c:\windows\system32\SET19F.tmp c:\windows\system32\SET1A0.tmp c:\windows\system32\SET1A1.tmp c:\windows\system32\SET1A2.tmp c:\windows\system32\SET1A3.tmp c:\windows\system32\SET1A4.tmp c:\windows\system32\SET1A5.tmp c:\windows\system32\SET1A6.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET78.tmp c:\windows\system32\SET84.tmp c:\windows\system32\SET86.tmp c:\windows\system32\SETD6.tmp c:\windows\system32\SETD7.tmp c:\windows\system32\SETD9.tmp c:\windows\system32\SETDA.tmp c:\windows\system32\SETDB.tmp c:\windows\system32\SETDF.tmp c:\windows\system32\SETE0.tmp c:\windows\system32\SETE1.tmp c:\windows\system32\SETE6.tmp c:\windows\system32\SETE7.tmp c:\windows\system32\SETEA.tmp c:\windows\system32\SETEB.tmp c:\windows\system32\SETEC.tmp c:\windows\system32\SETF0.tmp c:\windows\system32\SETF3.tmp c:\windows\system32\SETF4.tmp c:\windows\system32\SETF5.tmp c:\windows\system32\SETF6.tmp c:\windows\system32\SETF7.tmp c:\windows\system32\SETF9.tmp c:\windows\system32\SETFA.tmp c:\windows\system32\SETFB.tmp c:\windows\system32\SETFD.tmp c:\windows\system32\SETFE.tmp c:\windows\system32\SETFF.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( 2012-07-24 to 2012-08-24 New Files ))))))))))))))))))))))))))))))) . . 2012-08-24 13:55 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC52919-918D-4E35-847D-C3EDE77D7E1B}\mpengine.dll 2012-08-23 19:54 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-23 19:21 . 2012-08-23 19:21 -------- d-----w- C:\rsit 2012-08-23 15:16 . 2012-08-23 19:44 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\QuickScan 2012-08-23 14:59 . 2012-08-23 19:21 -------- d-----w- c:\program files\trend micro 2012-08-23 14:55 . 2012-08-23 14:55 -------- d-----w- c:\program files\ERUNT 2012-08-22 02:46 . 2012-08-24 14:27 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\Skype 2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\program files\Common Files\Skype 2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----r- c:\program files\Skype 2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2012-08-22 02:39 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2012-08-22 02:39 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2012-08-22 02:39 . 2008-04-13 23:12 20992 ----a-w- c:\windows\system32\dshowext.ax 2012-08-22 02:36 . 2007-07-19 00:44 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys 2012-08-22 02:36 . 2007-07-19 00:44 465432 ----a-w- c:\windows\system32\LVUI2RC.dll 2012-08-22 02:36 . 2007-07-19 00:40 416280 ----a-w- c:\windows\system32\lvcodec2.dll 2012-08-22 02:36 . 2007-07-19 00:43 490008 ----a-w- c:\windows\system32\LVUI2.dll 2012-08-22 02:36 . 2007-07-19 00:42 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys 2012-08-22 02:36 . 2007-07-18 23:55 19344 ----a-w- c:\windows\system32\Repository.reg 2012-08-22 02:36 . 2007-07-19 00:44 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys 2012-08-22 02:36 . 2007-07-19 00:44 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys 2012-08-22 02:36 . 2007-07-19 00:40 195096 ----a-w- c:\windows\system32\lvci1110.dll 2012-08-22 02:35 . 2012-08-22 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech 2012-08-01 15:50 . 2012-08-12 20:59 -------- d-----w- c:\program files\BETV 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Modified Files in Three Months )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-22 02:30 . 2012-04-03 16:10 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 02:30 . 2011-05-20 12:23 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2009-11-15 18:50 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2009-11-15 18:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:46 . 2010-03-16 22:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 13:40 . 2005-05-20 00:14 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2005-05-20 00:14 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2009-11-15 18:52 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2009-11-15 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2009-11-15 18:51 385024 ------w- c:\windows\system32\html.iec 2012-06-17 14:33 . 2012-06-17 14:33 12557904 ----a-w- c:\documents and settings\All Users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe 2012-06-07 03:57 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-07 03:57 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50 . 2009-11-15 18:52 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-04 04:32 . 2009-11-15 18:53 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2009-11-15 18:54 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2009-11-15 18:54 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2009-11-15 18:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2009-11-15 18:54 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2009-11-15 18:54 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2009-11-15 18:50 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2009-11-15 18:54 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2009-11-15 18:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 20:18 . 2010-02-15 09:10 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18 . 2010-02-15 09:10 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18 . 2010-02-15 09:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 17:25 . 2009-12-14 16:59 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-31 13:22 . 2009-11-15 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2010-07-14 15:56 . 2010-09-18 11:53 417944 ----a-w- c:\program files\Common Files\ZugoInstaller.exe 2010-05-09 05:14 . 2010-12-14 14:28 5387 ----a-w- c:\program files\apply.cmd 2010-04-24 04:33 . 2010-12-14 14:28 911800 ----a-w- c:\program files\amtlib.dll 2000-08-04 23:59 . 2012-06-16 03:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-06-03 19:36 . 2010-08-18 03:23 13696 -c--a-w- c:\program files\mozilla firefox\components\CntvSpeedup.dll . .
  6. Here is the start of step 5 thru 7 QuickScan 32-bit v0.9.9.118 --------------------------- Scan date: Thu Aug 23 14:44:58 2012 Machine ID: 5C71CD09 No infection found. ------------------- Processes --------- Microsoft® Windows® Operating System 9640 C:\WINDOWS\system32\notepad.exe (verified) Google Update 568 C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Java Platform SE 6 U29 560 C:\Program Files\Java\jre6\bin\jqs.exe (verified) Logitech QuickCam 616 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (verified) Logitech QuickCam 2908 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (verified) Logitech QuickCam 1616 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (verified) Malwarebytes Anti-Malware 348 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (verified) Microsoft Malware Protection 1100 C:\Program Files\Microsoft Security Client\MsMpEng.exe (verified) Microsoft Security Client 148 C:\Program Files\Microsoft Security Client\msseces.exe (verified) Microsoft® Windows® Operating System 1684 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 1764 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\system32\conime.exe (verified) Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 1712 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 400 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\spoolsv.exe (verified) Microsoft® Windows® Operating System 232 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 464 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1232 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\winlogon.exe (verified) Microsoft® Windows® Operating System 9712 C:\WINDOWS\system32\wscntfy.exe (verified) MozyHome 672 C:\Program Files\MozyHome\mozybackup.exe (verified) NVIDIA Driver Helper Service, Version 7 688 C:\WINDOWS\system32\nvsvc32.exe (verified) Quik Protect (x32) 1804 C:\Program Files\Iomega\QuikProtect\QpMonitor.exe (verified) QuikProtect 7364 C:\Program Files\Iomega\QuikProtect\QuikProtect.exe (verified) RealPlayer (32-bit) 160 C:\Program Files\real\realplayer\Update\realsched.exe (verified) Skype 636 C:\Program Files\Skype\Phone\Skype.exe (verified) Windows® Internet Explorer 3520 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 6252 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 8360 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process Skype.exe (636) connected on port 40008 --> 157.55.130.162 Process Skype.exe (636) connected on port 443 (HTTP over SSL) --> 64.4.44.29 Process Skype.exe (636) connected on port 12350 --> 78.141.179.15 Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.41 Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.45 Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.49 Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.57 Process Skype.exe (636) listens on ports: 80 (HTTP), 62825 Process svchost.exe (1000) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- (verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified) Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (verified) Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (verified) Microsoft Malware Protection C:\Program Files\Microsoft Security Client\MpCmdRun.exe (verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll (verified) NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll (verified) RealPlayer (32-bit) C:\Program Files\real\realplayer\Update\realsched.exe (verified) RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe (verified) Skype C:\Program Files\Skype\Phone\Skype.exe (verified) startQuikProtect C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe (verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- (unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (unsigned) Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (unsigned) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (unsigned) RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll (unsigned) RealNetworks Chrome Background Exte C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (unsigned) RealPlayer HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll (verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (verified) Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll (verified) CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe (verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe (verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (verified) Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (verified) Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (verified) Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll (verified) Java Platform SE 6 U29 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (verified) Messenger C:\Program Files\Messenger\msmsgs.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll (verified) NPSWF32_11_3_300_257.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll (verified) Photo Uploader C:\WINDOWS\Downloaded Program Files\UploaderX.dll (verified) PhotoCenter Active X control C:\WINDOWS\Downloaded Program Files\Photochannel.dll (verified) Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll (verified) RealPlayer Download and Record Plugin C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (verified) RealPlayer Download Plugin C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (verified) RealPlayer Download Plugin c:\program files\real\realplayer\Netscape6\nprpplugin.dll (verified) RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (verified) RealPlayer G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll (verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll (verified) Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll Scan ---- MD5: e670ce1a52782d364156056ed28d2161 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll MD5: 10737b44923217bc0e67d26a9fc1f0aa C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll MD5: 2645990c521342dcd08963d2df6cd0d2 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll MD5: 167d24a045499ebef438f231976158df C:\MAGIX\Common\Database\bin\fbserver.exe MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll MD5: ca6f7021f560fc9ee7b7471795aa628f C:\Program Files\MozyHome\LIBEAY32.dll MD5: a14a07c8e27e4e4c13f251d76b65e98e C:\Program Files\MozyHome\SSLEAY32.dll MD5: 90492e00ee4c916123bec5d267894e8c c:\program files\real\realplayer\Netscape6\nprjplug.dll MD5: f835d707a2756f3ac756331dc2e5fde2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MD5: 2f0539bff032d35ba47c341a988be1ff C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll MD5: dec7885b2ef0966ea285c9a40e7afba4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MD5: 1d52bcaf65ec439c735ed109431d1c09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MD5: c05a4d494c3096782f80cfdf7f4aefa8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MD5: 397d3ef4842d6454fa68218438165a5d C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll MD5: b7a48556eb302cd02a725d2d425f2d0c C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MD5: a7e9d45b18a13dc18e3c0311d1cf620f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MD5: 8563f5a4f6342ba64e7c398f7efcc350 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MD5: 72cadf7ee0722dae4a6b98eefeac06bc C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll MD5: bb8dc530b88f47dd2a37915480aa6cd2 C:\WINDOWS\system32\dshowext.ax MD5: f1941197a42f9f373cc70042fc82c950 C:\WINDOWS\system32\ksproxy.ax MD5: c9ef69b25dfa1c0e7932cb02fb8a7e91 C:\WINDOWS\system32\kswdmcap.ax MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exe MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL MD5: 94ba90c6af5c50ff5f7a6392514c4642 C:\WINDOWS\system32\vidcap.ax MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dll MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL No file uploaded. Scan finished - communication took 1 sec Total traffic - 0.00 MB sent, 0.14 KB recvd Scanned 628 files and modules - 127 seconds ============================================================================== Step 6 RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Frank Liu [Admin rights] Mode: Scan -- Date: 08/23/2012 14:51:12 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP1604N +++++ --- User --- [MBR] 62f07d074c1ea5a4720fffc1fdfa7219 [bSP] 709a9d4529d10caafc13093f815046ab : Standard MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo Error reading LL1 MBR! Error reading LL2 MBR! +++++ PhysicalDrive1: ST3400620A +++++ --- User --- [MBR] da750aa383971399d9e72eebdb803397 [bSP] ab891c45853e9ceb9a74972a00a05374 : Windows XP MBR Code Partition table: 0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1008 | Size: 190720 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 390595968 | Size: 190831 Mo Error reading LL1 MBR! Error reading LL2 MBR! +++++ PhysicalDrive2: SAMSUNG HD103SI USB Device +++++ --- User --- [MBR] 7435b395373533bcd39085cd12602a0e [bSP] 3a263ec662f61a27d74cd7a536bc3337 : TestDisk MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt Should have all txt files as you mentioned. Please kindly let me know if anything needed. Thank you again for your help. Planoguy
  7. Thanks for your quick reponse. I run first 4 steps with three reports log.txt, info.txt and checkup.txt as follows. Will now run step 5 and attach additional reports in next reply. Logfile of random's system information tool 1.09 (written by random/random) Run by Frank Liu at 2012-08-23 14:21:03 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 97 GB (64%) free of 153 GB Total RAM: 1471 MB (45% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:21:09 PM, on 2012/8/23 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Iomega\QuikProtect\QpMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Iomega\QuikProtect\QuikProtect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Frank Liu\Desktop\chrome\RSIT.exe C:\Program Files\trend micro\Frank Liu.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://update.microsoft.com O15 - Trusted Zone: http://windowsupdate.microsoft.com O15 - Trusted Zone: http://my.yahoo.com O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/69.10/uploader2.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 7731 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job C:\WINDOWS\tasks\MpIdleTask.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job C:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default prefs.js - "browser.startup.homepage" - "http://my.yahoo.com/"<p>"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "
  8. Hi Maurice Thanks for your help. Run thru 7 steps and here are the reports Logfile of random's system information tool 1.09 (written by random/random) Run by Frank Liu at 2012-08-23 10:01:17 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 97 GB (64%) free of 153 GB Total RAM: 1471 MB (37% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:23 AM, on 2012/8/23 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Iomega\QuikProtect\QpMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Iomega\QuikProtect\QuikProtect.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Frank Liu\Desktop\RSIT.exe C:\Program Files\trend micro\Frank Liu.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://update.microsoft.com O15 - Trusted Zone: http://windowsupdate.microsoft.com O15 - Trusted Zone: http://my.yahoo.com O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/69.10/uploader2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 7626 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job C:\WINDOWS\tasks\MpIdleTask.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job C:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default prefs.js - "browser.startup.homepage" - "http://my.yahoo.com/"
  9. Running Windows xp home edition, I have IE, Firefox, and Chrome. Starting yesterday, I can not log on using Chrome. (IE and Firefox are OK) After a while the msg says "application not responding". I googled for solution with no avail. Remove and re-install latest Chrome. Same problem. Runned Malwarebytes, no malware found. Please help Planoguy . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Frank Liu at 8:09:54 on 2012-08-23 Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.716 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Iomega\QuikProtect\QpMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Iomega\QuikProtect\QuikProtect.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\conime.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: citi.com\creditcards Trusted Zone: itcu.org\www Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: yahoo.com\my DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/69.10/uploader2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{28982DB9-15B5-4F68-97C1-B14F8846B433} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\frank liu\application data\mozilla\firefox\profiles\bqdxhci7.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\frank liu\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R1 MpKsld3b8646b;MpKsld3b8646b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys [2012-8-23 29904] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-19 10448] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-16 655944] R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-16 22344] R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009-11-21 19384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250568] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2011-7-23 1527900] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120] S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010-12-14 6400] S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304] . =============== Created Last 30 ================ . 2012-08-23 13:03:42 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\offreg.dll 2012-08-23 12:55:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys 2012-08-23 03:54:56 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\mpengine.dll 2012-08-22 02:46:26 -------- d-----r- c:\program files\Skype 2012-08-22 02:39:48 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-08-22 02:39:18 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2012-08-22 02:39:18 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2012-08-22 02:39:01 20992 ----a-w- c:\windows\system32\dshowext.ax 2012-08-22 02:36:11 465432 ----a-w- c:\windows\system32\LVUI2RC.dll 2012-08-22 02:36:11 416280 ----a-w- c:\windows\system32\lvcodec2.dll 2012-08-22 02:36:11 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys 2012-08-22 02:36:10 490008 ----a-w- c:\windows\system32\LVUI2.dll 2012-08-22 02:36:10 19344 ----a-w- c:\windows\system32\Repository.reg 2012-08-22 02:36:10 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys 2012-08-22 02:36:09 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys 2012-08-22 02:36:09 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys 2012-08-22 02:36:09 195096 ----a-w- c:\windows\system32\lvci1110.dll 2012-08-01 15:50:43 -------- d-----w- c:\program files\BETV 2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-22 02:30:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 02:30:42 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-10 03:46:45 60 ----a-w- c:\windows\wpd99.drv 2012-07-16 16:47:48 12562920 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec 2012-06-17 14:33:44 12557904 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe 2012-06-07 03:57:16 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-07 03:57:16 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2010-07-14 15:56:00 417944 ----a-w- c:\program files\common files\ZugoInstaller.exe 2010-05-09 05:14:38 5387 ----a-w- c:\program files\apply.cmd 2010-04-24 04:33:58 911800 ----a-w- c:\program files\amtlib.dll . ============= FINISH: 8:10:31.46 ===============</local> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 2009/11/15 1:13:34 PM System Uptime: 2012/8/23 7:52:28 AM (1 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7119 Processor: AMD Sempron 3000+ | Socket A | 1991/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 95.06 GiB free. D: is CDROM () E: is FIXED (NTFS) - 186 GiB total, 62.031 GiB free. F: is FIXED (NTFS) - 186 GiB total, 91.883 GiB free. J: is FIXED (NTFS) - 932 GiB total, 673.123 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP899: 2012/8/8 9:43:56 PM - System Checkpoint RP900: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0 RP901: 2012/7/22 7:39:25 AM - System Checkpoint RP902: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP903: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP904: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP905: 2012/7/22 7:39:25 AM - System Checkpoint RP906: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP907: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP908: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0 RP909: 2012/7/22 7:39:24 AM - System Checkpoint RP910: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0 RP911: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0 RP912: 2012/7/22 7:40:12 AM - Installed MozyHome RP913: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0 RP914: 2012/7/22 7:40:12 AM - System Checkpoint RP915: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP916: 2012/7/22 7:40:11 AM - System Checkpoint RP917: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP918: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP919: 2012/7/22 7:40:11 AM - System Checkpoint RP920: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP921: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0 RP922: 2012/7/22 7:40:10 AM - System Checkpoint RP923: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0 RP924: 2012/7/22 7:39:26 AM - System Checkpoint RP925: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0 RP926: 2012/7/22 7:40:10 AM - System Checkpoint RP927: 2012/7/22 7:40:10 AM - Revo Uninstaller's restore point - Pinnacle Studio Ultimate Plugins RP928: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Video Driver RP929: 2012/7/22 7:40:09 AM - Removed Pinnacle Video Driver. RP930: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14 RP931: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14 RP932: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0 RP933: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0 RP934: 2012/7/22 7:40:08 AM - System Checkpoint RP935: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP936: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP937: 2012/7/22 7:40:08 AM - System Checkpoint RP938: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP939: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP940: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP941: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP942: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP943: 2012/7/22 7:40:07 AM - System Checkpoint RP944: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP945: 2012/7/22 7:40:07 AM - System Checkpoint RP946: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP947: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP948: 2012/7/22 7:40:06 AM - System Checkpoint RP949: 2012/7/22 7:40:06 AM - Software Distribution Service 3.0 RP950: 2012/7/22 7:40:06 AM - System Checkpoint RP951: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0 RP952: 2012/7/22 7:40:05 AM - System Checkpoint RP953: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0 RP954: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP955: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP956: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP957: 2012/7/22 7:40:04 AM - System Checkpoint RP958: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP959: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP960: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP961: 2012/7/22 7:40:04 AM - System Checkpoint RP962: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP963: 2012/7/22 7:40:03 AM - System Checkpoint RP964: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP965: 2012/7/22 7:40:03 AM - System Checkpoint RP966: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP967: 2012/7/22 7:39:26 AM - System Checkpoint RP968: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP969: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP970: 2012/7/22 7:40:02 AM - System Checkpoint RP971: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP972: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP973: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP974: 2012/7/22 7:40:01 AM - System Checkpoint RP975: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0 RP976: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0 RP977: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0 RP978: 2012/7/22 7:40:01 AM - System Checkpoint RP979: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP980: 2012/7/22 7:40:06 AM - System Checkpoint RP981: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Pinnacle Studio 14 RP982: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Amazon MP3 Downloader 1.0.5 RP983: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Free Audio Editor RP984: 2012/7/22 7:40:05 AM - Revo Uninstaller's restore point - WavePad Sound Editor RP985: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP986: 2012/7/22 7:39:26 AM - System Checkpoint RP987: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0 RP988: 2012/7/22 7:40:00 AM - System Checkpoint RP989: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP990: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP991: 2012/7/22 7:40:00 AM - System Checkpoint RP992: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0 RP993: 2012/7/22 7:39:59 AM - System Checkpoint RP994: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0 RP995: 2012/7/22 7:39:59 AM - System Checkpoint RP996: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0 RP997: 2012/7/22 7:39:59 AM - System Checkpoint RP998: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0 RP999: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0 RP1000: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0 RP1001: 2012/6/1 12:07:16 PM - System Checkpoint RP1002: 2012/6/1 3:01:18 PM - Software Distribution Service 3.0 RP1003: 2012/6/2 3:30:33 PM - System Checkpoint RP1004: 2012/6/3 10:05:45 AM - Software Distribution Service 3.0 RP1005: 2012/6/4 10:34:06 AM - Software Distribution Service 3.0 RP1006: 2012/6/4 10:38:10 AM - Software Distribution Service 3.0 RP1007: 2012/6/5 5:53:08 PM - Software Distribution Service 3.0 RP1008: 2012/6/6 11:01:37 PM - Software Distribution Service 3.0 RP1009: 2012/6/7 11:35:53 PM - Software Distribution Service 3.0 RP1010: 2012/6/9 11:05:35 AM - Software Distribution Service 3.0 RP1011: 2012/6/10 11:42:59 AM - System Checkpoint RP1012: 2012/6/11 8:56:06 AM - Software Distribution Service 3.0 RP1013: 2012/6/12 2:30:47 PM - Software Distribution Service 3.0 RP1014: 2012/6/12 10:00:26 PM - Software Distribution Service 3.0 RP1015: 2012/6/13 8:41:32 PM - Software Distribution Service 3.0 RP1016: 2012/6/15 10:22:21 PM - Software Distribution Service 3.0 RP1017: 2012/6/16 10:29:29 PM - Software Distribution Service 3.0 RP1018: 2012/6/17 9:48:04 AM - Software Distribution Service 3.0 RP1019: 2012/6/18 7:56:45 PM - Software Distribution Service 3.0 RP1020: 2012/6/19 11:43:26 PM - Software Distribution Service 3.0 RP1021: 2012/6/21 11:29:28 PM - Software Distribution Service 3.0 RP1022: 2012/6/23 8:44:29 AM - Software Distribution Service 3.0 RP1023: 2012/6/24 9:18:13 AM - Software Distribution Service 3.0 RP1024: 2012/6/25 10:10:19 AM - Software Distribution Service 3.0 RP1025: 2012/6/26 10:31:18 AM - System Checkpoint RP1026: 2012/6/26 10:16:26 PM - Software Distribution Service 3.0 RP1027: 2012/6/27 10:39:56 PM - Software Distribution Service 3.0 RP1028: 2012/6/28 11:56:16 PM - Software Distribution Service 3.0 RP1029: 2012/6/30 10:31:29 AM - Software Distribution Service 3.0 RP1030: 2012/7/1 10:16:02 PM - Software Distribution Service 3.0 RP1031: 2012/7/2 10:21:32 PM - System Checkpoint RP1032: 2012/7/3 10:11:48 PM - Software Distribution Service 3.0 RP1033: 2012/7/6 10:04:41 AM - Software Distribution Service 3.0 RP1034: 2012/7/7 11:05:57 AM - System Checkpoint RP1035: 2012/7/7 11:20:56 PM - Software Distribution Service 3.0 RP1036: 2012/7/8 11:27:09 PM - Software Distribution Service 3.0 RP1037: 2012/7/10 8:45:37 AM - Software Distribution Service 3.0 RP1038: 2012/7/10 10:00:33 PM - Software Distribution Service 3.0 RP1039: 2012/7/12 8:19:35 AM - Software Distribution Service 3.0 RP1040: 2012/7/13 9:48:47 PM - Software Distribution Service 3.0 RP1041: 2012/7/13 9:58:57 AM - System Checkpoint RP1042: 2012/7/15 10:10:22 PM - Software Distribution Service 3.0 RP1043: 2012/7/17 8:45:05 AM - Software Distribution Service 3.0 RP1044: 2012/7/18 10:29:56 AM - Software Distribution Service 3.0 RP1045: 2012/7/19 10:15:57 PM - Software Distribution Service 3.0 RP1046: 2012/7/20 10:54:17 PM - Software Distribution Service 3.0 RP1047: 2012/7/21 11:11:18 PM - System Checkpoint RP1048: 2012/7/22 7:32:51 AM - Software Distribution Service 3.0 RP1049: 2012/7/24 8:17:47 AM - Software Distribution Service 3.0 RP1050: 2012/7/26 8:25:46 AM - Software Distribution Service 3.0 RP1051: 2012/7/27 11:23:59 PM - Software Distribution Service 3.0 RP1052: 2012/7/31 7:02:36 AM - Software Distribution Service 3.0 RP1053: 2012/8/1 10:27:09 AM - Software Distribution Service 3.0 RP1054: 2012/8/2 12:52:08 PM - Software Distribution Service 3.0 RP1055: 2012/8/3 2:14:01 PM - System Checkpoint RP1056: 2012/8/4 8:52:33 AM - Software Distribution Service 3.0 RP1057: 2000/8/4 11:42:05 AM - System Checkpoint RP1058: 2012/8/5 9:38:39 AM - System Checkpoint RP1059: 2012/8/5 9:48:24 AM - Software Distribution Service 3.0 RP1060: 2012/8/6 11:36:10 AM - Software Distribution Service 3.0 RP1061: 2012/8/7 11:55:40 AM - System Checkpoint RP1062: 2012/8/8 8:33:31 AM - Software Distribution Service 3.0 RP1063: 2012/8/9 9:19:46 AM - Software Distribution Service 3.0 RP1064: 2012/8/10 11:10:37 AM - System Checkpoint RP1065: 2012/8/11 9:44:02 AM - Software Distribution Service 3.0 RP1066: 2012/8/12 3:13:17 PM - Software Distribution Service 3.0 RP1067: 2012/8/13 4:51:43 PM - System Checkpoint RP1068: 2012/8/14 9:12:22 AM - Software Distribution Service 3.0 RP1069: 2012/8/15 9:21:49 AM - Software Distribution Service 3.0 RP1070: 2012/8/15 9:43:22 AM - Software Distribution Service 3.0 RP1071: 2012/8/17 10:01:06 AM - Software Distribution Service 3.0 RP1072: 2012/8/18 10:06:02 AM - System Checkpoint RP1073: 2012/8/19 7:05:51 PM - Software Distribution Service 3.0 RP1074: 2012/8/21 9:37:07 PM - Logitech Camera Driver Install RP1075: 2012/8/22 10:54:39 PM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . . "Nero SoundTrax Help 1Click DVD Copy 5.0.2.9 7-Zip 4.65 ACDSee 8 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Advertising Center Any Video Converter 3.3.4 Audacity 1.2.6 Auslogics Duplicate File Finder BETV 1.6.0.7 Canon Easy-PhotoPrint EX Canon IJ Network Tool Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon MP495 series User Registration Canon My Printer Canon Solution Menu EX CCleaner Chinese (Traditional) Language Support Compatibility Pack for the 2007 Office system Cookienator CopyToDVD DolbyFiles DVD43 v4.6.0 eReg ffdshow Firebird SQL Server - MAGIX Edition (US) Google Chrome Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImagXpress InCD Help Intel® PRO Network Adapters and Drivers Iomega QuikProtect Java Auto Updater Java 6 Update 29 Knoll Light Factory EZ Studio Logitech QuickCam Logitech SetPoint 6.15 Logitech® Camera ÅX°Êµ{¦¡ Malwarebytes Anti-Malware version 1.62.0.1300 Menu Templates - Starter Kit Meritline EZ Label Xpress 3.5 Lite Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Chinese Date & Time Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows Journal Viewer Microsoft Windows XP Video Decoder Checkup Utility Microsoft XML Parser Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Movie Templates - Starter Kit Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MozyHome MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MVision NCH Toolbox Nero 9 Nero Burning ROM Help Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero Vision Help Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress NeroLiveGadget NeroLiveGadget Help neroxml NVIDIA Drivers Office Tab Free Edition 8.00 Pdf995 Penpower Jr. Picasa 3 RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Revo Uninstaller 1.92 SanDiskSecureAccess_Manager.exe Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype? 5.10 Sony DVD Architect Studio 4.5 SoundTrax Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Vegas Movie Studio 9.0 VLC media player 1.1.11 WebFldrs XP Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 XP Codec Pack Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 2012/8/22 5:52:07 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. 2012/8/19 9:01:04 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DELLFROMYC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{28982DB9-15B5-4F6. The master browser is stopping or an election is being forced. 2012/8/19 7:14:24 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DELLFROMYC. 2012/8/19 6:53:44 PM, error: NetBT [4321] - The name "CHAPTER 8 :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.4 did not allow the name to be claimed by this machine. 2012/8/18 11:15:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Nero BackItUp Scheduler 4.0 with arguments "-Service" in order to run the server: {35212119-C615-4CD0-8DA5-7D7F19FBA1B8} . ==== End Of File ===========================
  10. I should have said "Same problem" after I re-installed chrome.
  11. I use windows xp home edition. I have IE, Firefox, and Chrome. IE and Firefox are running without problem. But can not use Chrome. Msg is application time out. Removed chrome, re-install it. Some problem. Google searched. It seems to be a malware problem. Run Malbytes. No problem found. But still can not start chrome. Please help. Planoguy
  12. Have not heard back from you since my last posting of the logs. May I assume that my system is "clean" now? Please let me know. Thank you very much for your help in solving the problem of 'certificate error' and helping to make my system working much better. Let me know if there is anything I can and should do. Planoguy
  13. OK. I reset IE, re-boot system. Run dds.scr. Please find the two logs. As a matter of fact, after I sent the reply to you saying that there were solid black "bars" when opening IE, I power off the system. Later on, when I re-start the black bars are gone. Things are back to normal. But, anyway, I reset IE, re-boot, run dds.scr as per you instruction. In the meantime, Alex_computer, a 'true_member' said I should reenable the MS AntiMalware Service. I went back to msconfig, services, found that it was not stopped. I guess it can not be stopped manually. Attach 3_06.txt DDS 3_06.txt
  14. Want to clarify one thing. I did not disable NvCpl, mbamgui, and ctfmon. They are kept "enabled". Anything other than these are disabled.
  15. Just want to let you know what I have done since last report. Remove Desktop Maestro, Iolo, SuperAntiSpyware Run wbemtest again, found one entry of MSE, deleted it. No more anti-virus program. Download/install MSE. Updated it to avoid conflict with Malwarebytes (per Malwarebytes forum). Run msconfig, "startup". Disabled all, except NvCpl, mbamgui, and ctfmon (Don't really understand what they are) under "services" stopped all non-MS services, except mbamservice, mozyhome (I use this for on-line file back-up), and nvidia display driver.I found MS Antimalware service there. It is stopped. After all these actions, a new problem came up. When I use IE log-on, the tool bar, address bar, manual bar (those bars on top of the page) are all solid black. (Firefox does not have this problem) Any suggestions? Am I doing the right things? What shall I do now? Really depend on your advises to clean up the system. Thank you.