planoguy Posted August 23, 2012 ID:589112 Share Posted August 23, 2012 (edited) Running Windows xp home edition, I have IE, Firefox, and Chrome. Starting yesterday, I can not log on using Chrome. (IE and Firefox are OK) After a while the msg says "application not responding". I googled for solution with no avail. Remove and re-install latest Chrome. Same problem. Runned Malwarebytes, no malware found.Please helpPlanoguy.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Frank Liu at 8:09:54 on 2012-08-23Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.716 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\MozyHome\mozybackup.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Iomega\QuikProtect\QpMonitor.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\program files\real\realplayer\update\realsched.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Iomega\QuikProtect\QuikProtect.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\conime.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://my.yahoo.com/uInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLTrusted Zone: citi.com\creditcardsTrusted Zone: itcu.org\wwwTrusted Zone: microsoft.com\updateTrusted Zone: microsoft.com\windowsupdateTrusted Zone: yahoo.com\myDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/69.10/uploader2.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cabDPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{28982DB9-15B5-4F68-97C1-B14F8846B433} : DhcpNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\frank liu\application data\mozilla\firefox\profiles\bqdxhci7.default\FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dllFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\documents and settings\frank liu\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLLFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]R1 MpKsld3b8646b;MpKsld3b8646b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys [2012-8-23 29904]R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-19 10448]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-16 655944]R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-16 22344]R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009-11-21 19384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250568]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2011-7-23 1527900]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010-12-14 6400]S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304].=============== Created Last 30 ================.2012-08-23 13:03:42 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\offreg.dll2012-08-23 12:55:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys2012-08-23 03:54:56 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\mpengine.dll2012-08-22 02:46:26 -------- d-----r- c:\program files\Skype2012-08-22 02:39:48 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-08-22 02:39:18 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys2012-08-22 02:39:18 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys2012-08-22 02:39:01 20992 ----a-w- c:\windows\system32\dshowext.ax2012-08-22 02:36:11 465432 ----a-w- c:\windows\system32\LVUI2RC.dll2012-08-22 02:36:11 416280 ----a-w- c:\windows\system32\lvcodec2.dll2012-08-22 02:36:11 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys2012-08-22 02:36:10 490008 ----a-w- c:\windows\system32\LVUI2.dll2012-08-22 02:36:10 19344 ----a-w- c:\windows\system32\Repository.reg2012-08-22 02:36:10 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys2012-08-22 02:36:09 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys2012-08-22 02:36:09 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys2012-08-22 02:36:09 195096 ----a-w- c:\windows\system32\lvci1110.dll2012-08-01 15:50:43 -------- d-----w- c:\program files\BETV2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll.==================== Find3M ====================.2012-08-22 02:30:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-22 02:30:42 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-08-10 03:46:45 60 ----a-w- c:\windows\wpd99.drv2012-07-16 16:47:48 12562920 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec2012-06-17 14:33:44 12557904 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe2012-06-07 03:57:16 499712 ----a-w- c:\windows\system32\msvcp71.dll2012-06-07 03:57:16 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll2010-07-14 15:56:00 417944 ----a-w- c:\program files\common files\ZugoInstaller.exe2010-05-09 05:14:38 5387 ----a-w- c:\program files\apply.cmd2010-04-24 04:33:58 911800 ----a-w- c:\program files\amtlib.dll.============= FINISH: 8:10:31.46 ===============</local>.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 2009/11/15 1:13:34 PMSystem Uptime: 2012/8/23 7:52:28 AM (1 hours ago).Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7119Processor: AMD Sempron 3000+ | Socket A | 1991/166mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 149 GiB total, 95.06 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 186 GiB total, 62.031 GiB free.F: is FIXED (NTFS) - 186 GiB total, 91.883 GiB free.J: is FIXED (NTFS) - 932 GiB total, 673.123 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP899: 2012/8/8 9:43:56 PM - System CheckpointRP900: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0RP901: 2012/7/22 7:39:25 AM - System CheckpointRP902: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0RP903: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0RP904: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0RP905: 2012/7/22 7:39:25 AM - System CheckpointRP906: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0RP907: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0RP908: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0RP909: 2012/7/22 7:39:24 AM - System CheckpointRP910: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0RP911: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0RP912: 2012/7/22 7:40:12 AM - Installed MozyHomeRP913: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0RP914: 2012/7/22 7:40:12 AM - System CheckpointRP915: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0RP916: 2012/7/22 7:40:11 AM - System CheckpointRP917: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0RP918: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0RP919: 2012/7/22 7:40:11 AM - System CheckpointRP920: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0RP921: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0RP922: 2012/7/22 7:40:10 AM - System CheckpointRP923: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0RP924: 2012/7/22 7:39:26 AM - System CheckpointRP925: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0RP926: 2012/7/22 7:40:10 AM - System CheckpointRP927: 2012/7/22 7:40:10 AM - Revo Uninstaller's restore point - Pinnacle Studio Ultimate PluginsRP928: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Video DriverRP929: 2012/7/22 7:40:09 AM - Removed Pinnacle Video Driver.RP930: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14RP931: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14RP932: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0RP933: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0RP934: 2012/7/22 7:40:08 AM - System CheckpointRP935: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0RP936: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0RP937: 2012/7/22 7:40:08 AM - System CheckpointRP938: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0RP939: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0RP940: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0RP941: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0RP942: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0RP943: 2012/7/22 7:40:07 AM - System CheckpointRP944: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0RP945: 2012/7/22 7:40:07 AM - System CheckpointRP946: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0RP947: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0RP948: 2012/7/22 7:40:06 AM - System CheckpointRP949: 2012/7/22 7:40:06 AM - Software Distribution Service 3.0RP950: 2012/7/22 7:40:06 AM - System CheckpointRP951: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0RP952: 2012/7/22 7:40:05 AM - System CheckpointRP953: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0RP954: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0RP955: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0RP956: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0RP957: 2012/7/22 7:40:04 AM - System CheckpointRP958: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0RP959: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0RP960: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0RP961: 2012/7/22 7:40:04 AM - System CheckpointRP962: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0RP963: 2012/7/22 7:40:03 AM - System CheckpointRP964: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0RP965: 2012/7/22 7:40:03 AM - System CheckpointRP966: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0RP967: 2012/7/22 7:39:26 AM - System CheckpointRP968: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0RP969: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0RP970: 2012/7/22 7:40:02 AM - System CheckpointRP971: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0RP972: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0RP973: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0RP974: 2012/7/22 7:40:01 AM - System CheckpointRP975: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0RP976: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0RP977: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0RP978: 2012/7/22 7:40:01 AM - System CheckpointRP979: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0RP980: 2012/7/22 7:40:06 AM - System CheckpointRP981: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Pinnacle Studio 14RP982: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Amazon MP3 Downloader 1.0.5RP983: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Free Audio EditorRP984: 2012/7/22 7:40:05 AM - Revo Uninstaller's restore point - WavePad Sound EditorRP985: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0RP986: 2012/7/22 7:39:26 AM - System CheckpointRP987: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0RP988: 2012/7/22 7:40:00 AM - System CheckpointRP989: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0RP990: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0RP991: 2012/7/22 7:40:00 AM - System CheckpointRP992: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0RP993: 2012/7/22 7:39:59 AM - System CheckpointRP994: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0RP995: 2012/7/22 7:39:59 AM - System CheckpointRP996: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0RP997: 2012/7/22 7:39:59 AM - System CheckpointRP998: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0RP999: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0RP1000: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0RP1001: 2012/6/1 12:07:16 PM - System CheckpointRP1002: 2012/6/1 3:01:18 PM - Software Distribution Service 3.0RP1003: 2012/6/2 3:30:33 PM - System CheckpointRP1004: 2012/6/3 10:05:45 AM - Software Distribution Service 3.0RP1005: 2012/6/4 10:34:06 AM - Software Distribution Service 3.0RP1006: 2012/6/4 10:38:10 AM - Software Distribution Service 3.0RP1007: 2012/6/5 5:53:08 PM - Software Distribution Service 3.0RP1008: 2012/6/6 11:01:37 PM - Software Distribution Service 3.0RP1009: 2012/6/7 11:35:53 PM - Software Distribution Service 3.0RP1010: 2012/6/9 11:05:35 AM - Software Distribution Service 3.0RP1011: 2012/6/10 11:42:59 AM - System CheckpointRP1012: 2012/6/11 8:56:06 AM - Software Distribution Service 3.0RP1013: 2012/6/12 2:30:47 PM - Software Distribution Service 3.0RP1014: 2012/6/12 10:00:26 PM - Software Distribution Service 3.0RP1015: 2012/6/13 8:41:32 PM - Software Distribution Service 3.0RP1016: 2012/6/15 10:22:21 PM - Software Distribution Service 3.0RP1017: 2012/6/16 10:29:29 PM - Software Distribution Service 3.0RP1018: 2012/6/17 9:48:04 AM - Software Distribution Service 3.0RP1019: 2012/6/18 7:56:45 PM - Software Distribution Service 3.0RP1020: 2012/6/19 11:43:26 PM - Software Distribution Service 3.0RP1021: 2012/6/21 11:29:28 PM - Software Distribution Service 3.0RP1022: 2012/6/23 8:44:29 AM - Software Distribution Service 3.0RP1023: 2012/6/24 9:18:13 AM - Software Distribution Service 3.0RP1024: 2012/6/25 10:10:19 AM - Software Distribution Service 3.0RP1025: 2012/6/26 10:31:18 AM - System CheckpointRP1026: 2012/6/26 10:16:26 PM - Software Distribution Service 3.0RP1027: 2012/6/27 10:39:56 PM - Software Distribution Service 3.0RP1028: 2012/6/28 11:56:16 PM - Software Distribution Service 3.0RP1029: 2012/6/30 10:31:29 AM - Software Distribution Service 3.0RP1030: 2012/7/1 10:16:02 PM - Software Distribution Service 3.0RP1031: 2012/7/2 10:21:32 PM - System CheckpointRP1032: 2012/7/3 10:11:48 PM - Software Distribution Service 3.0RP1033: 2012/7/6 10:04:41 AM - Software Distribution Service 3.0RP1034: 2012/7/7 11:05:57 AM - System CheckpointRP1035: 2012/7/7 11:20:56 PM - Software Distribution Service 3.0RP1036: 2012/7/8 11:27:09 PM - Software Distribution Service 3.0RP1037: 2012/7/10 8:45:37 AM - Software Distribution Service 3.0RP1038: 2012/7/10 10:00:33 PM - Software Distribution Service 3.0RP1039: 2012/7/12 8:19:35 AM - Software Distribution Service 3.0RP1040: 2012/7/13 9:48:47 PM - Software Distribution Service 3.0RP1041: 2012/7/13 9:58:57 AM - System CheckpointRP1042: 2012/7/15 10:10:22 PM - Software Distribution Service 3.0RP1043: 2012/7/17 8:45:05 AM - Software Distribution Service 3.0RP1044: 2012/7/18 10:29:56 AM - Software Distribution Service 3.0RP1045: 2012/7/19 10:15:57 PM - Software Distribution Service 3.0RP1046: 2012/7/20 10:54:17 PM - Software Distribution Service 3.0RP1047: 2012/7/21 11:11:18 PM - System CheckpointRP1048: 2012/7/22 7:32:51 AM - Software Distribution Service 3.0RP1049: 2012/7/24 8:17:47 AM - Software Distribution Service 3.0RP1050: 2012/7/26 8:25:46 AM - Software Distribution Service 3.0RP1051: 2012/7/27 11:23:59 PM - Software Distribution Service 3.0RP1052: 2012/7/31 7:02:36 AM - Software Distribution Service 3.0RP1053: 2012/8/1 10:27:09 AM - Software Distribution Service 3.0RP1054: 2012/8/2 12:52:08 PM - Software Distribution Service 3.0RP1055: 2012/8/3 2:14:01 PM - System CheckpointRP1056: 2012/8/4 8:52:33 AM - Software Distribution Service 3.0RP1057: 2000/8/4 11:42:05 AM - System CheckpointRP1058: 2012/8/5 9:38:39 AM - System CheckpointRP1059: 2012/8/5 9:48:24 AM - Software Distribution Service 3.0RP1060: 2012/8/6 11:36:10 AM - Software Distribution Service 3.0RP1061: 2012/8/7 11:55:40 AM - System CheckpointRP1062: 2012/8/8 8:33:31 AM - Software Distribution Service 3.0RP1063: 2012/8/9 9:19:46 AM - Software Distribution Service 3.0RP1064: 2012/8/10 11:10:37 AM - System CheckpointRP1065: 2012/8/11 9:44:02 AM - Software Distribution Service 3.0RP1066: 2012/8/12 3:13:17 PM - Software Distribution Service 3.0RP1067: 2012/8/13 4:51:43 PM - System CheckpointRP1068: 2012/8/14 9:12:22 AM - Software Distribution Service 3.0RP1069: 2012/8/15 9:21:49 AM - Software Distribution Service 3.0RP1070: 2012/8/15 9:43:22 AM - Software Distribution Service 3.0RP1071: 2012/8/17 10:01:06 AM - Software Distribution Service 3.0RP1072: 2012/8/18 10:06:02 AM - System CheckpointRP1073: 2012/8/19 7:05:51 PM - Software Distribution Service 3.0RP1074: 2012/8/21 9:37:07 PM - Logitech Camera Driver InstallRP1075: 2012/8/22 10:54:39 PM - Software Distribution Service 3.0.==== Installed Programs ======================.."Nero SoundTrax Help1Click DVD Copy 5.0.2.97-Zip 4.65ACDSee 8Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.4)Advertising CenterAny Video Converter 3.3.4Audacity 1.2.6Auslogics Duplicate File FinderBETV 1.6.0.7Canon Easy-PhotoPrint EXCanon IJ Network ToolCanon MP Navigator EX 4.0Canon MP495 series MP DriversCanon MP495 series User RegistrationCanon My PrinterCanon Solution Menu EXCCleanerChinese (Traditional) Language SupportCompatibility Pack for the 2007 Office systemCookienatorCopyToDVDDolbyFilesDVD43 v4.6.0eRegffdshowFirebird SQL Server - MAGIX Edition (US)Google ChromeGoogle Earth Plug-inGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB942288-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)ImagXpressInCD HelpIntel® PRO Network Adapters and DriversIomega QuikProtectJava Auto UpdaterJava 6 Update 29Knoll Light Factory EZ StudioLogitech QuickCamLogitech SetPoint 6.15Logitech® Camera ÅX°Êµ{¦¡Malwarebytes Anti-Malware version 1.62.0.1300Menu Templates - Starter KitMeritline EZ Label Xpress 3.5 LiteMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Chinese Date & TimeMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office InfoPath MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Windows Journal ViewerMicrosoft Windows XP Video Decoder Checkup UtilityMicrosoft XML ParserMicrosoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Movie Templates - Starter KitMozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMozyHomeMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MVisionNCH ToolboxNero 9Nero Burning ROM HelpNero BurnRightsNero BurnRights HelpNero ControlCenterNero CoverDesignerNero CoverDesigner HelpNero DiscSpeedNero DiscSpeed HelpNero DriveSpeedNero DriveSpeed HelpNero Express HelpNero InfoToolNero InfoTool HelpNero InstallerNero LiveNero Live HelpNero PhotoSnapNero PhotoSnap HelpNero RecodeNero Recode HelpNero Rescue AgentNero RescueAgent HelpNero ShowTimeNero StartSmartNero StartSmart HelpNero VisionNero Vision HelpNero WaveEditorNero WaveEditor HelpNeroBurningROMNeroExpressNeroLiveGadgetNeroLiveGadget HelpneroxmlNVIDIA DriversOffice Tab Free Edition 8.00Pdf995Penpower Jr.Picasa 3RealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1Revo Uninstaller 1.92SanDiskSecureAccess_Manager.exeSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371-v2)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974455)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Skype? 5.10Sony DVD Architect Studio 4.5SoundTraxUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit EditionUpdate for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB978506)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2718704)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Vegas Movie Studio 9.0VLC media player 1.1.11WebFldrs XPWindows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows PowerShell 1.0Windows XP Service Pack 3XP Codec PackYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.2012/8/22 5:52:07 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.2012/8/19 9:01:04 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DELLFROMYC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{28982DB9-15B5-4F6. The master browser is stopping or an election is being forced.2012/8/19 7:14:24 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DELLFROMYC.2012/8/19 6:53:44 PM, error: NetBT [4321] - The name "CHAPTER 8 :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.4 did not allow the name to be claimed by this machine.2012/8/18 11:15:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Nero BackItUp Scheduler 4.0 with arguments "-Service" in order to run the server: {35212119-C615-4CD0-8DA5-7D7F19FBA1B8}.==== End Of File =========================== Edited August 23, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2012 ID:589137 Share Posted August 23, 2012 Hello planoguy,Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 3Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Step 4Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Step 5Close all open browsers at this point.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallStart Internet ExplorerUsing Internet Explorer browser only, go to BitDefender Quickscan website:http://quickscan.bitdefender.comand click "Start Scan".Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.If prompted, reply yes to allow it to run.Press the Allow button and follow prompts.Press the "Start Scan" once more.You'll see the EULA in a pop-up window. Click the I accept & then the OK buttonNote: The FAQ is here --> http://quickscan.bitdefender.com/faq/and that QuickScan has no removal capability.The site boasts a 60-second scan. Do have patience as it likely will take longer.It may seem to stall at moments, but have patience; it will move on.You'll see a progress bar at top right of window.Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.The log report will show in your text editor. Save the log.Do a Select ALL, Copy. Then paste contents into your next reply.Step 6 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad into your next reply.Step 7RE-Enable your antivirus program.Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.Use separate replies as needed if logs do not fit into one reply box. Link to post Share on other sites More sharing options...
planoguy Posted August 23, 2012 Author ID:589170 Share Posted August 23, 2012 (edited) Hi MauriceThanks for your help. Run thru 7 steps and here are the reportsLogfile of random's system information tool 1.09 (written by random/random)Run by Frank Liu at 2012-08-23 10:01:17Microsoft Windows XP Home Edition Service Pack 3System drive C: has 97 GB (64%) free of 153 GBTotal RAM: 1471 MB (37% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:01:23 AM, on 2012/8/23Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\MozyHome\mozybackup.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Iomega\QuikProtect\QpMonitor.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\program files\real\realplayer\update\realsched.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Iomega\QuikProtect\QuikProtect.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\system32\conime.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\Frank Liu\Desktop\RSIT.exeC:\Program Files\trend micro\Frank Liu.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exeO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrunO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://update.microsoft.comO15 - Trusted Zone: http://windowsupdate.microsoft.comO15 - Trusted Zone: http://my.yahoo.comO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cabO16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/69.10/uploader2.cabO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cabO16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe--End of file - 7626 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Adobe Flash Player Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.jobC:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.jobC:\WINDOWS\tasks\MpIdleTask.jobC:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.jobC:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.jobC:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job=========Mozilla firefox=========ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.defaultprefs.js - "browser.startup.homepage" - "http://my.yahoo.com/" Edited August 23, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2012 ID:589174 Share Posted August 23, 2012 @PlanoguyThe RSIT log looks short.I cannot tell if you ran the other steps that I outlined. Tell me which you completed.andI doubt you had the time yet to complete the BitDefender scan.BE AWARE:Use only NOTEPAD to Copy ALL Lines of report(s) and then to Paste all into each reply.In NOTEPAD make sure you have turned off Word wrap. Link to post Share on other sites More sharing options...
planoguy Posted August 23, 2012 Author ID:589249 Share Posted August 23, 2012 Thanks for your quick reponse.I run first 4 steps with three reports log.txt, info.txt and checkup.txt as follows. Will now run step 5 and attach additional reports in next reply.Logfile of random's system information tool 1.09 (written by random/random)Run by Frank Liu at 2012-08-23 14:21:03Microsoft Windows XP Home Edition Service Pack 3System drive C: has 97 GB (64%) free of 153 GBTotal RAM: 1471 MB (45% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:21:09 PM, on 2012/8/23Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\MozyHome\mozybackup.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Iomega\QuikProtect\QpMonitor.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\program files\real\realplayer\update\realsched.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\system32\conime.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Iomega\QuikProtect\QuikProtect.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Frank Liu\Desktop\chrome\RSIT.exeC:\Program Files\trend micro\Frank Liu.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exeO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrunO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://update.microsoft.comO15 - Trusted Zone: http://windowsupdate.microsoft.comO15 - Trusted Zone: http://my.yahoo.comO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cabO16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/69.10/uploader2.cabO16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cabO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cabO16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe--End of file - 7731 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Adobe Flash Player Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.jobC:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.jobC:\WINDOWS\tasks\MpIdleTask.jobC:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.jobC:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.jobC:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job=========Mozilla firefox=========ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.defaultprefs.js - "browser.startup.homepage" - "http://my.yahoo.com/"<p>"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" Link to post Share on other sites More sharing options...
planoguy Posted August 23, 2012 Author ID:589250 Share Posted August 23, 2012 Here is the start of step 5 thru 7QuickScan 32-bit v0.9.9.118---------------------------Scan date: Thu Aug 23 14:44:58 2012Machine ID: 5C71CD09No infection found.-------------------Processes--------- Microsoft® Windows® Operating System 9640 C:\WINDOWS\system32\notepad.exe(verified) Google Update 568 C:\Program Files\Google\Update\GoogleUpdate.exe(verified) Java Platform SE 6 U29 560 C:\Program Files\Java\jre6\bin\jqs.exe(verified) Logitech QuickCam 616 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe(verified) Logitech QuickCam 2908 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe(verified) Logitech QuickCam 1616 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(verified) Malwarebytes Anti-Malware 348 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(verified) Microsoft Malware Protection 1100 C:\Program Files\Microsoft Security Client\MsMpEng.exe(verified) Microsoft Security Client 148 C:\Program Files\Microsoft Security Client\msseces.exe(verified) Microsoft® Windows® Operating System 1684 C:\WINDOWS\explorer.exe(verified) Microsoft® Windows® Operating System 1764 C:\WINDOWS\system32\alg.exe(verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\system32\conime.exe(verified) Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\csrss.exe(verified) Microsoft® Windows® Operating System 1712 C:\WINDOWS\system32\ctfmon.exe(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\lsass.exe(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\services.exe(verified) Microsoft® Windows® Operating System 400 C:\WINDOWS\system32\smss.exe(verified) Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\spoolsv.exe(verified) Microsoft® Windows® Operating System 232 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 464 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1232 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\winlogon.exe(verified) Microsoft® Windows® Operating System 9712 C:\WINDOWS\system32\wscntfy.exe(verified) MozyHome 672 C:\Program Files\MozyHome\mozybackup.exe(verified) NVIDIA Driver Helper Service, Version 7 688 C:\WINDOWS\system32\nvsvc32.exe(verified) Quik Protect (x32) 1804 C:\Program Files\Iomega\QuikProtect\QpMonitor.exe(verified) QuikProtect 7364 C:\Program Files\Iomega\QuikProtect\QuikProtect.exe(verified) RealPlayer (32-bit) 160 C:\Program Files\real\realplayer\Update\realsched.exe(verified) Skype 636 C:\Program Files\Skype\Phone\Skype.exe(verified) Windows® Internet Explorer 3520 C:\Program Files\Internet Explorer\iexplore.exe(verified) Windows® Internet Explorer 6252 C:\Program Files\Internet Explorer\iexplore.exe(verified) Windows® Internet Explorer 8360 C:\Program Files\Internet Explorer\iexplore.exeNetwork activity----------------Process Skype.exe (636) connected on port 40008 --> 157.55.130.162Process Skype.exe (636) connected on port 443 (HTTP over SSL) --> 64.4.44.29Process Skype.exe (636) connected on port 12350 --> 78.141.179.15Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.41Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.45Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.49Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.57Process Skype.exe (636) listens on ports: 80 (HTTP), 62825Process svchost.exe (1000) listens on ports: 135 (RPC)Autoruns and critical files---------------------------(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe(verified) Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe(verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe(verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll(verified) Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(verified) Microsoft Malware Protection C:\Program Files\Microsoft Security Client\MpCmdRun.exe(verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll(verified) NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll(verified) RealPlayer (32-bit) C:\Program Files\real\realplayer\Update\realsched.exe(verified) RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe(verified) Skype C:\Program Files\Skype\Phone\Skype.exe(verified) startQuikProtect C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dllBrowser plugins---------------(unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll(unsigned) Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll(unsigned) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll(unsigned) RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll(unsigned) RealNetworks Chrome Background Exte C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll(unsigned) RealPlayer HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll(verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll(verified) Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll(verified) CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe(verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll(verified) Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll(verified) Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll(verified) Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll(verified) Java Platform SE 6 U29 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll(verified) Messenger C:\Program Files\Messenger\msmsgs.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll(verified) NPSWF32_11_3_300_257.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll(verified) Photo Uploader C:\WINDOWS\Downloaded Program Files\UploaderX.dll(verified) PhotoCenter Active X control C:\WINDOWS\Downloaded Program Files\Photochannel.dll(verified) Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll(verified) RealPlayer Download and Record Plugin C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll(verified) RealPlayer Download Plugin C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll(verified) RealPlayer Download Plugin c:\program files\real\realplayer\Netscape6\nprpplugin.dll(verified) RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll(verified) RealPlayer G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll(verified) Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll(verified) Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dllScan----MD5: e670ce1a52782d364156056ed28d2161 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dllMD5: 10737b44923217bc0e67d26a9fc1f0aa C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllMD5: 2645990c521342dcd08963d2df6cd0d2 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllMD5: 167d24a045499ebef438f231976158df C:\MAGIX\Common\Database\bin\fbserver.exeMD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllMD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllMD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dllMD5: ca6f7021f560fc9ee7b7471795aa628f C:\Program Files\MozyHome\LIBEAY32.dllMD5: a14a07c8e27e4e4c13f251d76b65e98e C:\Program Files\MozyHome\SSLEAY32.dllMD5: 90492e00ee4c916123bec5d267894e8c c:\program files\real\realplayer\Netscape6\nprjplug.dllMD5: f835d707a2756f3ac756331dc2e5fde2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dllMD5: 2f0539bff032d35ba47c341a988be1ff C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dllMD5: dec7885b2ef0966ea285c9a40e7afba4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dllMD5: 1d52bcaf65ec439c735ed109431d1c09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dllMD5: c05a4d494c3096782f80cfdf7f4aefa8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dllMD5: 397d3ef4842d6454fa68218438165a5d C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dllMD5: b7a48556eb302cd02a725d2d425f2d0c C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dllMD5: a7e9d45b18a13dc18e3c0311d1cf620f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dllMD5: 8563f5a4f6342ba64e7c398f7efcc350 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dllMD5: 72cadf7ee0722dae4a6b98eefeac06bc C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dllMD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dllMD5: bb8dc530b88f47dd2a37915480aa6cd2 C:\WINDOWS\system32\dshowext.axMD5: f1941197a42f9f373cc70042fc82c950 C:\WINDOWS\system32\ksproxy.axMD5: c9ef69b25dfa1c0e7932cb02fb8a7e91 C:\WINDOWS\system32\kswdmcap.axMD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLLMD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exeMD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLLMD5: 94ba90c6af5c50ff5f7a6392514c4642 C:\WINDOWS\system32\vidcap.axMD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dllMD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dllMD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLLMD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLLNo file uploaded.Scan finished - communication took 1 secTotal traffic - 0.00 MB sent, 0.14 KB recvdScanned 628 files and modules - 127 seconds==============================================================================Step 6RogueKiller V7.6.6 [08/10/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser: Frank Liu [Admin rights]Mode: Scan -- Date: 08/23/2012 14:51:12¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 1 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: SAMSUNG SP1604N +++++--- User ---[MBR] 62f07d074c1ea5a4720fffc1fdfa7219[bSP] 709a9d4529d10caafc13093f815046ab : Standard MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 MoError reading LL1 MBR!Error reading LL2 MBR!+++++ PhysicalDrive1: ST3400620A +++++--- User ---[MBR] da750aa383971399d9e72eebdb803397[bSP] ab891c45853e9ceb9a74972a00a05374 : Windows XP MBR CodePartition table:0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1008 | Size: 190720 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 390595968 | Size: 190831 MoError reading LL1 MBR!Error reading LL2 MBR!+++++ PhysicalDrive2: SAMSUNG HD103SI USB Device +++++--- User ---[MBR] 7435b395373533bcd39085cd12602a0e[bSP] 3a263ec662f61a27d74cd7a536bc3337 : TestDisk MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1].txt >>RKreport[1].txtShould have all txt files as you mentioned. Please kindly let me know if anything needed. Thank you again for your help.Planoguy Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 24, 2012 ID:589450 Share Posted August 24, 2012 These steps are for planoguy only. If you are a casual viewer, do NOT try this on your system!If you are not planoguy and have a similar problem, do NOT post here; start your own topicThe fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!You will want to print out or copy these instructions to Notepad for Safe offline reference!Let's have you do the following:Step 1Disable CD-ROM Emulation Software:Please download the following tool DeFogger to your desktop.◦Double click DeFogger to run the tool.◦The application window will appear◦Click the Disable button to disable your CD Emulation drivers.◦Click Yes to continue◦A 'Finished!' message will appear◦Click OK◦DeFogger will now ask to reboot the machine - click OK◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.◦Do not re-enable these drivers until otherwise instructed.Step 2Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLIF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Step 3Logoff and Restart the system fresh.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallIf you have a prior copy of Combofix, delete it now !Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2* IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe accept the EULA & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.------------------------------------------------------- A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !Reply & attach the C:\Combofix.txt log and tell me, How is the system now RE-Enable your AntiVirus and AntiSpyware applications. Link to post Share on other sites More sharing options...
planoguy Posted August 24, 2012 Author ID:589567 Share Posted August 24, 2012 Hi MauriceI run through all the steps but the problem is still there. Google Chrome can not be started. I tried to attach Combofix log but got an error msg saying that the file is too long. I will send you the log file in four separate posts.First oneComboFix 12-08-24.01 - Frank Liu /08/24 Fri 9:34.5.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.917 [GMT -5:00]執行位置: c:\documents and settings\Frank Liu\Desktop\Combo-Fix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Deleted Files )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exec:\documents and settings\Frank Liu\GoToAssistDownloadHelper.exec:\documents and settings\Frank Liu\My Documents\~WRL0003.tmpc:\documents and settings\Frank Liu\WINDOWSc:\windows\system32\OLD3E1.tmpc:\windows\system32\OLD3E4.tmpc:\windows\system32\OLD411.tmpc:\windows\system32\OLD41C.tmpc:\windows\system32\OLD5A3.tmpc:\windows\system32\OLD63F.tmpc:\windows\system32\OLD642.tmpc:\windows\system32\OLD7A4.tmpc:\windows\system32\OLD7A7.tmpc:\windows\system32\OLD7AA.tmpc:\windows\system32\OLD7AD.tmpc:\windows\system32\OLD7B0.tmpc:\windows\system32\OLD7B3.tmpc:\windows\system32\OLD7BA.tmpc:\windows\system32\OLD83B.tmpc:\windows\system32\OLD88D.tmpc:\windows\system32\OLD890.tmpc:\windows\system32\OLD893.tmpc:\windows\system32\OLD896.tmpc:\windows\system32\OLD89C.tmpc:\windows\system32\OLD8A1.tmpc:\windows\system32\OLD8AA.tmpc:\windows\system32\OLD942.tmpc:\windows\system32\OLDAA4.tmpc:\windows\system32\OLDB38.tmpc:\windows\system32\SET144.tmpc:\windows\system32\SET145.tmpc:\windows\system32\SET146.tmpc:\windows\system32\SET182.tmpc:\windows\system32\SET183.tmpc:\windows\system32\SET184.tmpc:\windows\system32\SET185.tmpc:\windows\system32\SET186.tmpc:\windows\system32\SET187.tmpc:\windows\system32\SET188.tmpc:\windows\system32\SET189.tmpc:\windows\system32\SET18A.tmpc:\windows\system32\SET18B.tmpc:\windows\system32\SET18C.tmpc:\windows\system32\SET18D.tmpc:\windows\system32\SET18E.tmpc:\windows\system32\SET18F.tmpc:\windows\system32\SET191.tmpc:\windows\system32\SET192.tmpc:\windows\system32\SET193.tmpc:\windows\system32\SET194.tmpc:\windows\system32\SET195.tmpc:\windows\system32\SET196.tmpc:\windows\system32\SET197.tmpc:\windows\system32\SET198.tmpc:\windows\system32\SET199.tmpc:\windows\system32\SET19A.tmpc:\windows\system32\SET19B.tmpc:\windows\system32\SET19C.tmpc:\windows\system32\SET19D.tmpc:\windows\system32\SET19E.tmpc:\windows\system32\SET19F.tmpc:\windows\system32\SET1A0.tmpc:\windows\system32\SET1A1.tmpc:\windows\system32\SET1A2.tmpc:\windows\system32\SET1A3.tmpc:\windows\system32\SET1A4.tmpc:\windows\system32\SET1A5.tmpc:\windows\system32\SET1A6.tmpc:\windows\system32\SET75.tmpc:\windows\system32\SET78.tmpc:\windows\system32\SET84.tmpc:\windows\system32\SET86.tmpc:\windows\system32\SETD6.tmpc:\windows\system32\SETD7.tmpc:\windows\system32\SETD9.tmpc:\windows\system32\SETDA.tmpc:\windows\system32\SETDB.tmpc:\windows\system32\SETDF.tmpc:\windows\system32\SETE0.tmpc:\windows\system32\SETE1.tmpc:\windows\system32\SETE6.tmpc:\windows\system32\SETE7.tmpc:\windows\system32\SETEA.tmpc:\windows\system32\SETEB.tmpc:\windows\system32\SETEC.tmpc:\windows\system32\SETF0.tmpc:\windows\system32\SETF3.tmpc:\windows\system32\SETF4.tmpc:\windows\system32\SETF5.tmpc:\windows\system32\SETF6.tmpc:\windows\system32\SETF7.tmpc:\windows\system32\SETF9.tmpc:\windows\system32\SETFA.tmpc:\windows\system32\SETFB.tmpc:\windows\system32\SETFD.tmpc:\windows\system32\SETFE.tmpc:\windows\system32\SETFF.tmpc:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exe..((((((((((((((((((((((((( 2012-07-24 to 2012-08-24 New Files )))))))))))))))))))))))))))))))..2012-08-24 13:55 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC52919-918D-4E35-847D-C3EDE77D7E1B}\mpengine.dll2012-08-23 19:54 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-23 19:21 . 2012-08-23 19:21 -------- d-----w- C:\rsit2012-08-23 15:16 . 2012-08-23 19:44 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\QuickScan2012-08-23 14:59 . 2012-08-23 19:21 -------- d-----w- c:\program files\trend micro2012-08-23 14:55 . 2012-08-23 14:55 -------- d-----w- c:\program files\ERUNT2012-08-22 02:46 . 2012-08-24 14:27 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\Skype2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\program files\Common Files\Skype2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----r- c:\program files\Skype2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype2012-08-22 02:39 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys2012-08-22 02:39 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys2012-08-22 02:39 . 2008-04-13 23:12 20992 ----a-w- c:\windows\system32\dshowext.ax2012-08-22 02:36 . 2007-07-19 00:44 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys2012-08-22 02:36 . 2007-07-19 00:44 465432 ----a-w- c:\windows\system32\LVUI2RC.dll2012-08-22 02:36 . 2007-07-19 00:40 416280 ----a-w- c:\windows\system32\lvcodec2.dll2012-08-22 02:36 . 2007-07-19 00:43 490008 ----a-w- c:\windows\system32\LVUI2.dll2012-08-22 02:36 . 2007-07-19 00:42 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys2012-08-22 02:36 . 2007-07-18 23:55 19344 ----a-w- c:\windows\system32\Repository.reg2012-08-22 02:36 . 2007-07-19 00:44 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys2012-08-22 02:36 . 2007-07-19 00:44 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys2012-08-22 02:36 . 2007-07-19 00:40 195096 ----a-w- c:\windows\system32\lvci1110.dll2012-08-22 02:35 . 2012-08-22 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech2012-08-01 15:50 . 2012-08-12 20:59 -------- d-----w- c:\program files\BETV2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll...(((((((((((((((((((((((((((((((((((((((( Modified Files in Three Months )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-22 02:30 . 2012-04-03 16:10 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-22 02:30 . 2011-05-20 12:23 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-06 13:58 . 2009-11-15 18:50 78336 ----a-w- c:\windows\system32\browser.dll2012-07-04 14:05 . 2009-11-15 18:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-07-03 18:46 . 2010-03-16 22:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-03 13:40 . 2005-05-20 00:14 1866112 ----a-w- c:\windows\system32\win32k.sys2012-07-02 17:49 . 2005-05-20 00:14 916992 ----a-w- c:\windows\system32\wininet.dll2012-07-02 17:49 . 2009-11-15 18:52 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-07-02 17:49 . 2009-11-15 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-07-02 12:05 . 2009-11-15 18:51 385024 ------w- c:\windows\system32\html.iec2012-06-17 14:33 . 2012-06-17 14:33 12557904 ----a-w- c:\documents and settings\All Users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe2012-06-07 03:57 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll2012-06-07 03:57 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX2012-06-05 15:50 . 2009-11-15 18:52 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll2012-06-04 04:32 . 2009-11-15 18:53 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 20:19 . 2009-11-15 18:54 210968 ----a-w- c:\windows\system32\wuweb.dll2012-06-02 20:19 . 2009-11-15 18:54 329240 ----a-w- c:\windows\system32\wucltui.dll2012-06-02 20:19 . 2009-11-15 18:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 20:19 . 2009-11-15 18:54 35864 ----a-w- c:\windows\system32\wups.dll2012-06-02 20:19 . 2009-11-15 18:54 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 20:19 . 2009-11-15 18:50 97304 ----a-w- c:\windows\system32\cdm.dll2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 20:19 . 2009-11-15 18:54 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 20:19 . 2009-11-15 18:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 20:18 . 2010-02-15 09:10 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-02 20:18 . 2010-02-15 09:10 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 20:18 . 2010-02-15 09:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 17:25 . 2009-12-14 16:59 237072 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 13:22 . 2009-11-15 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll2010-07-14 15:56 . 2010-09-18 11:53 417944 ----a-w- c:\program files\Common Files\ZugoInstaller.exe2010-05-09 05:14 . 2010-12-14 14:28 5387 ----a-w- c:\program files\apply.cmd2010-04-24 04:33 . 2010-12-14 14:28 911800 ----a-w- c:\program files\amtlib.dll2000-08-04 23:59 . 2012-06-16 03:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2010-06-03 19:36 . 2010-08-18 03:23 13696 -c--a-w- c:\program files\mozilla firefox\components\CntvSpeedup.dll.. Link to post Share on other sites More sharing options...
planoguy Posted August 24, 2012 Author ID:589575 Share Posted August 24, 2012 Part 3 (last one).-- 快照技術重新設置 --.((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))..*注意* 空白與合法缺省登錄將不會被顯示REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-07 296056]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnkbackup=c:\windows\pss\MozyHome Status.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^清?紫光全能王手???系?.lnk]backup=c:\windows\pss\清?紫光全能王手???系?.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Frank Liu^Start Menu^Programs^Startup^startQuikProtect.exe.lnk]backup=c:\windows\pss\startQuikProtect.exe.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]2010-03-25 01:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]2010-04-02 15:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cookienator]2009-10-19 06:29 1333472 -c--a-w- c:\program files\Cookienator\cookienator.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]2010-06-26 00:15 1311312 -c--a-w- c:\program files\Logitech\SetPointP\SetPoint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2012-06-28 03:28 116648 ----atw- c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]2007-07-25 21:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]2007-07-25 21:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]2011-11-26 00:11 27306624 ----a-w- c:\documents and settings\Frank Liu\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2011-06-09 18:06 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [bU].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]2012-06-07 03:57 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"NitroReaderDriverReadSpool"=2 (0x2)"avg9wd"=2 (0x2)"PCToolsSSDMonitorSvc"=2 (0x2)"ioloSystemService"=2 (0x2)"ioloFileInfoList"=2 (0x2)"MsMpSvc"=2 (0x2)"YahooAUService"=2 (0x2)"WMPNetworkSvc"=3 (0x3)"QSCopyEngine"=2 (0x2)"PLFlash DeviceIoControl Service"=2 (0x2)"ose"=3 (0x3)"NMIndexingService"=3 (0x3)"Nero BackItUp Scheduler 4.0"=2 (0x2)"McciCMService"=2 (0x2)"LBTServ"=3 (0x3)"IHA_MessageCenter"=2 (0x2)"idsvc"=3 (0x3)"IDriverT"=3 (0x3)"gusvc"=3 (0x3)"Brother XP spl Service"=2 (0x2)"brmfrmps"=2 (0x2).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Program Files\\Iomega\\QuikProtect\\QuikProtect.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\WINPENJR\\win32\\PPupdwz.exe"="c:\\Program Files\\BETV\\BETV.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"50000:UDP"= 50000:UDP:IHA_MessageCenter.R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010/8/19 2:27 PM 10448]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010/3/16 5:07 PM 655944]R2 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010/6/24 5:04 PM 247088]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010/3/16 5:07 PM 22344]R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2009/11/26 8:38 AM 47360]R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009/11/21 5:04 PM 19384]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012/7/13 1:28 PM 160944]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012/4/3 11:10 AM 250568]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2011/7/23 10:31 PM 1527900]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012/4/27 2:13 PM 113120]S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010/12/14 3:28 PM 6400]S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010/10/13 6:06 PM 98304].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll. ‘計劃任務’ 文件夾 裡的內容.2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:30].2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 02:12].2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job- c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 03:28].2012-08-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03].2012-08-24 c:\windows\Tasks\MpIdleTask.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03].2012-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21].2012-08-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21].2012-08-24 c:\windows\Tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]..------- Extra Scan -------.uStart Page = hxxp://my.yahoo.com/uInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: citi.com\creditcardsTrusted Zone: itcu.org\wwwTrusted Zone: microsoft.com\updateTrusted Zone: microsoft.com\windowsupdateTrusted Zone: yahoo.com\myTCP: DhcpNameServer = 192.168.1.1DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default\FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)MSConfigStartUp-PPHIDPAD - c:\winpenjr\Win32\pphidpad.exeMSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-08-24 09:46Windows 5.1.2600 Service Pack 3 NTFS.掃描被隱藏的進程 ... .掃描被隱藏的啟動組 ....掃描被隱藏的文件 ... .掃描完成被隱藏的檔案: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-917075022-3912106595-2679439203-1006\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- 運行進程下的動態鏈接庫 ---------------------.- - - - - - - > 'winlogon.exe'(724)c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll.Time Completed: 2012-08-24 09:50:19ComboFix-quarantined-files.txt 2012-08-24 14:50.Pre-Run: 101,936,541,696 bytes freePost-Run: 102,175,883,264 bytes free.- - End Of File - - D7C6690DB89699A4F57ABEAA909997E0 Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 24, 2012 ID:589645 Share Posted August 24, 2012 Trojan warning:TDL3This system has some serious backdoor trojans. TDL3This is a point where you need to decide about whether to make a clean start.According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.You are strongly advised to do the following immediately.1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.* Take any other steps you think appropriate for an attempted identity theft.You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojanDanger: Remote Access Trojans http://www.microsoft...o/virusrat.mspxConsumers – Identity Theft http://www.ftc.gov/b...mers/index.htmlWhen should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451Let me know what you decide.IF you decide to attempt cleaning, then start with the following.Run RKILL one more time.Step 2Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallClose any/all open internet browsers. Save any open documents you have open & close programs you started.Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon On Windows 7, press Windows-key, then start typing in text box Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.6[/b] at the topPress any key to continue as it says in the window {space-bar will do}If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).Have infinite patience during this processMalwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possibleOnce the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scanA quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]If prompted to restart your computer to complete the removal process, click [b]Yes[/b] If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last [b][color=blue]FULL [/color][/b]scan to verify that there are no remaining threatsReply with copy of the MBAM scan log for review. Link to post Share on other sites More sharing options...
planoguy Posted August 24, 2012 Author ID:589696 Share Posted August 24, 2012 Hi Maurice:Too bad to learn that my system is hacked by a trojan. (I am using another system to communicate with you right now.)I think I like to clean the system completely. Can you give me the steps to completely reformat the dard drives and reinstall Windows fresh? What about the external drive? Is that external drive safe to use after reinstall the Windows?Too bad to have this problem. On the other hand, thank you for finding out the problem for me and hope the damage is minimized as soon as possible.Planoguy Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 25, 2012 ID:589792 Share Posted August 25, 2012 If you have the Windows XP CD, you would use that to boot from and in the initial steps you would delete the Windows partition as the first step, then load Windows fresh. You'd have to set the pc to boot from the CD as the first boot device.IF your pc did not come with a Windows CD, your pc manufacturer likely has a factory restore partition on the HDD. You need to check with your pc manufacturer on the procedures and sequence.I will not be guiding you on the factory restore process.The following is a very general outline:Before you do that, make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOPAlso Clean Install Windows by Michael Stevens, MS-MVPI would urge you to follow the directions very carefully.You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.NOTE: If XP CD is from a pc manufacturer, and they bundled an AV like McAfee or Norton/Symantec trial versions, immediately de-install those, sice they will be outdated & of no use. Install your antvirus immediately after.Other security references at Microsoft4 steps to protect your computerHow to boost your malware defense and protect your PCGood wishes to you. Link to post Share on other sites More sharing options...
planoguy Posted August 25, 2012 Author ID:589905 Share Posted August 25, 2012 Thank you, Maurice. I do have windows xp CD. I will start from there.Couple of more questions. In addition to the C Drive, I have another internal drive designated as E and F (two logical partitions), and an external drive. All of them are data files. Do I un-plug them before starting re-install XP? How do I make sure they are not infected? Can virus, trojans, etc. be in a data file? If they can, how to remove them?Planoguy Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 25, 2012 ID:589912 Share Posted August 25, 2012 If you have external drives, you will want to unplug them before re-installing Windows.IF you have logical partitions on your HDD, leave them be. I am assuming your Windows is on C:You can scan your files with your antivirus & MBAM & with some of the following online scanners (listed below).Safer practices & malware preventionHave a hardware router between the incoming internet-modem and your computer. Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Critical Updates offered.Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in Windowshttp://support.microsoft.com/kb/306525Check on other update issues as well, visit Secunia Online Software Inspector (OSI)See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareI'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm That would help to keep your browser away from known spyware/malware sites. Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.htmlConsider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onOn some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerBitDefender Quickscan Trend Micro HousecallF-Secure Online Scanner Microsoft Safety Scanner Panda ActiveScan See Six tips to help you stay safer online Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !We are finished here. Best regards. Link to post Share on other sites More sharing options...
Recommended Posts