[RESOLVED] my win xp desktop giving me problems.

Started By ProblemsRBad, Jan 09 2012 05:44 PM

Next

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

23 replies to this topic

#1 ProblemsRBad

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 09 January 2012 - 05:44 PM

yeah It's messed up lol heres some logs. I cant get gmer to run freeze the pc but i got the others.

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Homie :: DANDT [administrator]

Protection: Enabled

1/5/2012 4:28:45 PM
mbam-log-2012-01-05 (16-28-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168581
Time elapsed: 21 minute(s), 38 second(s)

Memory Processes Detected: 1
C:\WINDOWS\mstwain32.exe (Trojan.Agent) -> 1116 -> Delete on reboot.

Memory Modules Detected: 2
c:\windows\ntdtcstp.dll (Backdoor.Turkojan) -> Delete on reboot.
c:\windows\cmsetac.dll (Backdoor.Turkojan) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mstwain32 (Trojan.Agent) -> Data: C:\WINDOWS\mstwain32.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SYSTEM|klg (Trojan.Backdoor) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|chmodder (Trojan.Agent) -> Data: C:\WINDOWS\system32:chmodder.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SYSTEM|nck (Trojan.Backdoor) -> Data: ™^°füd‚T½ç[g -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
c:\windows\ntdtcstp.dll (Backdoor.Turkojan) -> Delete on reboot.
c:\windows\cmsetac.dll (Backdoor.Turkojan) -> Delete on reboot.
c:\documents and settings\homie\local settings\temp\sprut .exe (HackTool.DOS) -> Quarantined and deleted successfully.
c:\documents and settings\homie\local settings\temp\sprut.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\mstwain32.exe (Trojan.Agent) -> Delete on reboot.

(end)

---------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-09 11:45:27
-----------------------------
11:45:27.750 OS Version: Windows 5.1.2600 Service Pack 3
11:45:27.750 Number of processors: 1 586 0xA00
11:45:27.765 ComputerName: DANDT UserName: Homie
11:45:30.843 Initialize success
11:47:31.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
11:47:31.328 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
11:47:31.328 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064
11:47:31.328 Disk 1 Vendor: ST3250623A 3.04 Size: 238475MB BusType: 3
11:47:31.343 Disk 0 MBR read successfully
11:47:31.343 Disk 0 MBR scan
11:47:31.343 Disk 0 Windows XP default MBR code
11:47:31.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
11:47:31.359 Disk 0 scanning sectors +156280320
11:47:31.484 Disk 0 scanning C:\WINDOWS\system32\drivers
11:47:38.781 Service scanning
11:47:40.093 Modules scanning
11:47:54.078 Disk 0 trace - called modules:
11:47:54.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
11:47:54.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89745ab8]
11:47:54.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x89747f18]
11:47:54.125 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\00000063[0x89747030]
11:47:54.125 Scan finished successfully
11:52:53.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Homie\Desktop\MBR.dat"
11:52:53.046 The log file has been saved successfully to "C:\Documents and Settings\Homie\Desktop\aswMBR.txt"

-------------------------------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Homie at 11:53:03 on 2012-01-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.853 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyServer = 24.101.245.31:1690
uInternet Settings,ProxyOverride = local
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Facebook Update] "c:\documents and settings\homie\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [mstwain32] c:\windows\mstwain32.exe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [POINTER] point32.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VilonguLSP.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B2EE4B51-E398-48D8-9A98-226FC3C3B1EB} : DhcpNameServer = 192.168.1.1
mASetup: {57245E09-B482-9B38-A691-E9F3D9E60B47} - c:\windows\system32:chmodder.exe
mASetup: {9B52D821-F96D-47BA-0139-DA5209F74294} - c:\windows\system32\system\System.exe s
Hosts: 68.180.210.34 vc.yahoo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\homie\application data\mozilla\firefox\profiles\i5j8okm7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\homie\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-24 652872]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-8-1 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2002-1-16 218688]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2007-3-22 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-24 20464]
S0 bwykmnm;bwykmnm;c:\windows\system32\drivers\wycgyb.sys --> c:\windows\system32\drivers\wycgyb.sys [?]
S0 cdbfwy;cdbfwy;c:\windows\system32\drivers\bhxfynki.sys --> c:\windows\system32\drivers\bhxfynki.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== File Associations ===============
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2011-12-31 05:52:32 229376 ----a-w- c:\windows\system32\xTab.ocx
2011-12-31 05:52:30 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-12-31 05:52:28 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-12-31 05:52:26 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-12-31 05:52:25 422088 ----a-w- c:\windows\system32\crylic70.ocx
2011-12-31 05:52:25 1062704 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-12-31 05:52:24 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-12-31 05:52:23 609584 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-12-30 20:39:16 -------- d-----w- c:\documents and settings\homie\local settings\application data\Save-EE
2011-12-30 20:37:26 -------- d-----w- c:\documents and settings\homie\application data\Save-EE
2011-12-28 17:18:53 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-28 17:18:53 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-28 17:08:02 -------- d-----w- c:\program files\Apoint
2011-12-28 08:31:27 36992 ----a-w- c:\windows\system32\drivers\sfman.sys
2011-12-28 08:31:24 777472 ----a-w- c:\windows\system32\drivers\emu10k1f.sys
2011-12-28 08:31:21 6912 ----a-w- c:\windows\system32\drivers\ctlface.sys
2011-12-28 08:26:28 32768 ----a-w- c:\windows\system32\udaprop.dll
2011-12-28 08:26:28 1458176 ----a-w- c:\windows\system\SmWizard.exe
2011-12-28 08:26:27 821760 ----a-w- c:\windows\system32\drivers\cmuda.sys
2011-12-28 08:26:27 28672 ----a-w- c:\windows\system32\cmirmdrv.dll
2011-12-28 08:26:27 233472 ----a-w- c:\windows\system32\cmirmdrv.exe
2011-12-28 08:26:27 163840 ----a-w- c:\windows\system32\cmuda.dll
2011-12-28 08:26:26 917504 ----a-w- c:\windows\system\cmids3d.dll
2011-12-28 08:26:26 712704 ----a-w- c:\windows\system32\Audio3D.dll
2011-12-28 08:26:26 59392 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-12-28 08:26:26 59392 ----a-w- c:\windows\system32\a3d.dll
2011-12-28 08:25:03 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-28 08:24:52 215656 ----a-w- c:\windows\system32\NVCOSMB.DLL
2011-12-28 06:46:40 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-12-28 06:46:23 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-12-28 04:59:15 -------- d-----w- c:\documents and settings\all users\Uniblue
2011-12-28 04:59:05 -------- d-----w- c:\documents and settings\homie\application data\Uniblue
2011-12-28 04:58:31 -------- d-----w- c:\program files\Uniblue
.
==================== Find3M ====================
.
2011-12-31 04:06:34 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-12-31 04:06:34 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-12-31 04:06:34 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-12-29 14:56:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-28 08:31:27 51200 ----a-w- c:\windows\system32\sfman32.dll
2011-12-28 08:31:26 495616 ----a-w- c:\windows\system32\sblfx.dll
2011-12-28 08:31:23 25600 ----a-w- c:\windows\system32\devldr32.exe
2011-12-28 08:31:22 352256 ----a-w- c:\windows\system32\devcon32.dll
2011-12-28 08:31:21 3584 ----a-w- c:\windows\system32\ctwdm32.dll
2011-12-28 06:46:23 21520 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:05:38 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 23:22:34 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 13:34:49 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 11:54:44.00 ===============

-----------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2011 1:45:26 PM
System Uptime: 1/9/2012 11:42:40 AM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon™ | Socket A | 1094/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 57.651 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 223.388 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: C-Media AC97 Audio Device
Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_57001462&REV_A1\3&13C0B0C5&0&30
Manufacturer: C-Media
Name: C-Media AC97 Audio Device
PNP Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_57001462&REV_A1\3&13C0B0C5&0&30
Service: cmuda
.
==== System Restore Points ===================
.
RP154: 12/27/2011 10:28:55 PM - Software Distribution Service 3.0
RP155: 12/28/2011 1:45:56 AM - DriverScanner - 12/28/2011 1:45:51 AM
RP156: 12/28/2011 1:46:40 AM - Installed Windows XP Wdf01009.
RP157: 12/28/2011 3:23:53 AM - DriverScanner - 12/28/2011 3:23:47 AM
RP158: 12/28/2011 3:25:50 AM - DriverScanner - 12/28/2011 3:25:46 AM
RP159: 12/28/2011 3:26:21 AM - DriverScanner - 12/28/2011 3:26:18 AM
RP160: 12/28/2011 3:31:09 AM - DriverScanner - 12/28/2011 3:31:04 AM
RP161: 12/28/2011 3:37:08 AM - DriverScanner - 12/28/2011 3:37:03 AM
RP162: 12/28/2011 3:41:18 AM - DriverScanner - 12/28/2011 3:41:15 AM
RP163: 12/28/2011 3:41:42 AM - DriverScanner - 12/28/2011 3:41:39 AM
RP164: 12/28/2011 3:41:58 AM - DriverScanner - 12/28/2011 3:41:54 AM
RP165: 12/28/2011 11:57:07 AM - Unsigned driver install
RP166: 12/28/2011 12:07:43 PM - DriverScanner - 12/28/2011 12:07:37 PM
RP167: 12/28/2011 12:18:21 PM - Restore Operation
RP168: 12/29/2011 3:06:37 PM - System Checkpoint
RP169: 12/30/2011 4:40:44 PM - System Checkpoint
RP170: 12/31/2011 4:46:20 AM - Installato Empire Earth - The Art of Conquest
RP171: 12/31/2011 4:53:39 AM - Installed Empire Earth Patch 1.0.4.0
RP172: 12/31/2011 5:10:09 AM - Rimosso Empire Earth - The Art of Conquest
RP173: 12/31/2011 11:47:36 AM - Installed Empire Earth - The Art of Conquest
RP174: 1/1/2012 10:05:52 PM - System Checkpoint
RP175: 1/3/2012 12:03:46 PM - System Checkpoint
RP176: 1/4/2012 5:22:18 PM - System Checkpoint
RP177: 1/6/2012 1:23:04 PM - System Checkpoint
RP178: 1/7/2012 1:51:16 PM - System Checkpoint
RP179: 1/8/2012 4:19:28 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
C-Media WDM Audio Driver
Camfrog Video Chat 6.1
ClubWPT
DAEMON Tools Lite
Dark Age of Camelot - Labyrinth of the Minotaur
DC Universe Online Live
DriverMax 4
Empire Earth
Empire Earth - The Art of Conquest
EPSON NX300 Series Printer Uninstall
ESET Online Scanner v3
Facebook Video Calling 1.0.0.8953
Forum Proxy Leecher 1.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Installer
Java Auto Updater
Java™ 6 Update 26
Malwarebytes Anti-Malware version 1.60.0.1800
ManyCam 2.6.55 (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint 4.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
NVIDIA Drivers
Panda Cloud Antivirus
S.W.A.T. 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 5.5
Snagit 10.0.1
SWAT 4 - The Stetchkov Syndicate
Tencent QQ
Tor 0.2.2.32
Uniblue DriverScanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vidalia 0.2.14
Vilongu HTTP SOCKS tunneler 1.0.0
VLC media player 1.1.10
Vuze
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
WinRAR 4.00 (32-bit)
WSOP-USA.com
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 10:16:38 AM, error: Print [19] - Sharing printer failed + 1722, Printer Snagit 10 share name Printer.
1/5/2012 6:48:32 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 4:54:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi nv_agp PCIIde
1/5/2012 4:53:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/4/2012 6:51:47 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2012 8:28:43 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
1/3/2012 11:53:21 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/3/2012 11:23:21 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/3/2012 11:08:21 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/3/2012 10:26:14 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 10:26:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/3/2012 10:25:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
.
==== End Of File ===========================

Back to top

#2 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 09 January 2012 - 06:53 PM

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================================

Same computer we cleaned up last month?

What are the current issues?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#3 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 09 January 2012 - 08:25 PM

Ok, Now I am posting from my laptop. We are working with my own desktop pc at home. Before I ran Malwarebytes, when I booted up the system loaded into windows my Panda Cloud would quarentine a trojan and then ask me to reboot so I did. But every time I loaded back Panda Cloud would do the same thing with the same trojan asking me to reboot. After running Malwarebytes and having it find and clean, this issue went away.

So now today, my internet seems to be getting attack as I will lose connection a lot. Also when I am watching my cable T.V. on any ch. about every 3 or 4 min. the ch. will pause and show a black screen for about 3 sec. and come back.

Also when I download combofix on my desktop, it took about 30 min. to dl. but i managed to get it downloaded and now its running. It is taking forever to install the system recovery tool but it seems to be going in sloowwly so I am just letting it do it's thing.

So with all that said, I think my internet is being moniterd by some attacker and possibly being Dos'ed. I can change my IP address by changing my router MAC address and rebooting the modem and router, but this don't seem to work.

How can I stop this?

Also I will get the combofix log up as soon as it finishes. Right now its stuck installing recovery councle at 37.1%

Back to top

#4 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 09 January 2012 - 08:35 PM

The combofix is showing an error box,

Failed to download required files. Aborting ...
Shall continue scannine for malware.

So I click ok. Will get the log up when it done.

Back to top

#5 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 09 January 2012 - 08:50 PM

Well the system rebooted and loaded up but combofix never finished. My buddy just stopped over with his new desktop pc, we need to head to the store and grabe an HDMI cable for him and go back to his house so I can help him set his system up. I will leave my desktop running wile I gone in hope's to see a combofix log when I return home. LoL I will be back in about 2 hours or so.

Back to top

#6 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 09 January 2012 - 09:09 PM

Try to run it from Safe Mode with Networking.

Back to top

#7 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 10 January 2012 - 02:30 AM

Got it in safe mode, took forever though. I did not use rkill.

ComboFix 12-01-09.06 - Administrator 01/09/2012 21:09:26.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.924 [GMT -5:00]
Running from: c:\documents and settings\Homie\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SCLabel.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 00:34 . 2012-01-10 00:34 -------- d-----w- c:\documents and settings\Administrator.DANDT
2011-12-31 05:52 . 2011-12-03 08:20 229376 ----a-w- c:\windows\system32\xTab.ocx
2011-12-31 05:52 . 1998-06-17 18:30 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-12-31 05:52 . 1998-06-23 18:30 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-12-31 05:52 . 1998-06-23 18:30 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-12-31 05:52 . 2011-10-28 08:18 422088 ----a-w- c:\windows\system32\crylic70.ocx
2011-12-31 05:52 . 1998-06-25 18:30 1062704 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-12-31 05:52 . 1998-06-23 18:30 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-12-31 05:52 . 1998-06-23 18:30 609584 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-12-28 17:18 . 2011-12-28 17:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-28 17:08 . 2011-12-28 17:18 -------- d-----w- c:\program files\Apoint
2011-12-28 08:31 . 2011-12-28 08:31 36992 ----a-w- c:\windows\system32\drivers\sfman.sys
2011-12-28 08:31 . 2011-12-28 08:31 777472 ----a-w- c:\windows\system32\drivers\emu10k1f.sys
2011-12-28 08:31 . 2011-12-28 08:31 6912 ----a-w- c:\windows\system32\drivers\ctlface.sys
2011-12-28 08:26 . 2011-12-28 08:26 32768 ----a-w- c:\windows\system32\udaprop.dll
2011-12-28 08:26 . 2011-12-28 08:26 1458176 ----a-w- c:\windows\system\SmWizard.exe
2011-12-28 08:26 . 2011-12-28 08:26 821760 ----a-w- c:\windows\system32\drivers\cmuda.sys
2011-12-28 08:26 . 2011-12-28 08:26 28672 ----a-w- c:\windows\system32\cmirmdrv.dll
2011-12-28 08:26 . 2011-12-28 08:26 233472 ----a-w- c:\windows\system32\cmirmdrv.exe
2011-12-28 08:26 . 2011-12-28 08:26 163840 ----a-w- c:\windows\system32\cmuda.dll
2011-12-28 08:26 . 2011-12-28 08:31 59392 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-12-28 08:26 . 2011-12-28 08:31 59392 ----a-w- c:\windows\system32\a3d.dll
2011-12-28 08:26 . 2011-12-28 08:26 917504 ----a-w- c:\windows\system\cmids3d.dll
2011-12-28 08:26 . 2011-12-28 08:26 712704 ----a-w- c:\windows\system32\Audio3D.dll
2011-12-28 08:25 . 2011-12-28 08:25 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-28 08:24 . 2011-12-28 08:24 215656 ----a-w- c:\windows\system32\NVCOSMB.DLL
2011-12-28 06:46 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-12-28 06:46 . 2011-12-28 06:46 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-12-28 04:59 . 2011-12-28 04:59 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-12-28 04:58 . 2011-12-28 04:58 -------- d-----w- c:\program files\Uniblue
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 04:06 . 2002-02-06 01:17 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-12-31 04:06 . 2002-02-06 01:17 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-12-31 04:06 . 2002-02-06 01:17 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-12-29 14:56 . 2002-01-17 20:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-28 08:31 . 2011-05-24 12:55 51200 ----a-w- c:\windows\system32\sfman32.dll
2011-12-28 08:31 . 2011-05-24 12:55 495616 ----a-w- c:\windows\system32\sblfx.dll
2011-12-28 08:31 . 2011-05-24 12:55 25600 ----a-w- c:\windows\system32\devldr32.exe
2011-12-28 08:31 . 2011-05-24 12:55 352256 ----a-w- c:\windows\system32\devcon32.dll
2011-12-28 08:31 . 2011-05-24 12:55 3584 ----a-w- c:\windows\system32\ctwdm32.dll
2011-12-28 06:46 . 2009-05-09 05:14 21520 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-12-10 20:24 . 2011-05-24 18:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:29 . 2009-07-14 19:40 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-07-14 19:40 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-07-14 19:40 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:05 . 2008-04-14 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 23:22 . 2009-02-06 10:30 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 13:34 . 2009-07-14 19:38 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-02 11:02 . 2002-02-15 22:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-14 . 418A05EC487D63B84C87BE77279834E1 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON NX300 Series 1 on DANLT]
2008-01-22 05:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEJA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2011-05-16 07:34 54664 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-09 07:19 13529088 ----a-r- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-09 07:19 86016 ----a-r- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vilongu HTTP SOCKS tunneler]
2008-10-15 02:36 50688 ----a-w- c:\program files\Vilongu HTTP SOCKS tunneler\Vilongu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"npggsvc"=3 (0x3)
"idsvc"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)
"EPSON_EB_RPCV4_01"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\S.W.A.T. 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Program Files\\S.W.A.T. 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QQ Chat\\QQIntl\\Bin\\QQ.exe"=
"d:\\Yahoo Stuff\\Yahoo Voice\\Revolution_Vox__crack_by_iraq_att\\Revolution Vox__crack by iraq_att\\Revolution Vox__crack by iraq_att.exe"=
"d:\\CamFrog Flooder\\SubsUPDFlooder\\SubsUPDFlooder\\SubsUPDFlooder\\SubsUPDFlooder.exe"=
"c:\\Documents and Settings\\Homie\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12880:TCP"= 12880:TCP:Utor
"12880:UDP"= 12880:UDP:utor2
"46169:TCP"= 46169:TCP:ut
"46169:UDP"= 46169:UDP:ut2
.
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/16/2002 2:53 PM 218688]
S0 bwykmnm;bwykmnm;c:\windows\system32\drivers\wycgyb.sys --> c:\windows\system32\drivers\wycgyb.sys [?]
S0 cdbfwy;cdbfwy;c:\windows\system32\drivers\bhxfynki.sys --> c:\windows\system32\drivers\bhxfynki.sys [?]
S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4/28/2011 6:57 AM 129992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/24/2011 1:28 PM 652872]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/28/2011 6:58 AM 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [8/1/2011 6:23 AM 143752]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/28/2011 6:57 AM 97096]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/28/2011 6:57 AM 111688]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [4/28/2011 6:57 AM 112456]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [3/22/2007 7:17 AM 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/24/2011 1:28 PM 20464]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-12-28 19:43]
.
2012-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003Core.job
- c:\documents and settings\Homie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-28 01:41]
.
2012-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003UA.job
- c:\documents and settings\Homie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-28 01:41]
.
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\VilonguLSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Homie\Application Data\Mozilla\Firefox\Profiles\i5j8okm7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-POINTER - point32.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-nwiz - nwiz.exe
HKLM_ActiveSetup-{57245E09-B482-9B38-A691-E9F3D9E60B47} - c:\windows\system32:chmodder.exe
HKLM_ActiveSetup-{9B52D821-F96D-47BA-0139-DA5209F74294} - c:\windows\system32\System\System.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\01\00\0d\00\1c\0e>"
.
Completion time: 2012-01-09 21:16:45
ComboFix-quarantined-files.txt 2012-01-10 02:16
.
Pre-Run: 63,153,901,568 bytes free
Post-Run: 63,220,375,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0CED38E866134DA004181263F87BB6D0

Back to top

#8 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 10 January 2012 - 03:08 AM

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\wycgyb.sys
c:\windows\system32\drivers\bhxfynki.sys


Folder::

Driver::
bwykmnm
cdbfwy


Registry::

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Back to top

#9 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 10 January 2012 - 04:19 AM

this time combofix went a little more fast.

ComboFix 12-01-09.07 - Homie 01/09/2012 22:58:47.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.854 [GMT -5:00]
Running from: c:\documents and settings\Homie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Homie\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
FILE ::
"c:\windows\system32\drivers\bhxfynki.sys"
"c:\windows\system32\drivers\wycgyb.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bwykmnm
-------\Service_cdbfwy
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 00:34 . 2012-01-10 00:34 -------- d-----w- c:\documents and settings\Administrator.DANDT
2011-12-31 05:52 . 2011-12-03 08:20 229376 ----a-w- c:\windows\system32\xTab.ocx
2011-12-31 05:52 . 1998-06-17 18:30 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-12-31 05:52 . 1998-06-23 18:30 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-12-31 05:52 . 1998-06-23 18:30 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-12-31 05:52 . 2011-10-28 08:18 422088 ----a-w- c:\windows\system32\crylic70.ocx
2011-12-31 05:52 . 1998-06-25 18:30 1062704 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-12-31 05:52 . 1998-06-23 18:30 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-12-31 05:52 . 1998-06-23 18:30 609584 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-12-28 17:18 . 2011-12-28 17:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-28 17:08 . 2011-12-28 17:18 -------- d-----w- c:\program files\Apoint
2011-12-28 08:31 . 2011-12-28 08:31 36992 ----a-w- c:\windows\system32\drivers\sfman.sys
2011-12-28 08:31 . 2011-12-28 08:31 777472 ----a-w- c:\windows\system32\drivers\emu10k1f.sys
2011-12-28 08:31 . 2011-12-28 08:31 6912 ----a-w- c:\windows\system32\drivers\ctlface.sys
2011-12-28 08:26 . 2011-12-28 08:26 32768 ----a-w- c:\windows\system32\udaprop.dll
2011-12-28 08:26 . 2011-12-28 08:26 1458176 ----a-w- c:\windows\system\SmWizard.exe
2011-12-28 08:26 . 2011-12-28 08:26 821760 ----a-w- c:\windows\system32\drivers\cmuda.sys
2011-12-28 08:26 . 2011-12-28 08:26 28672 ----a-w- c:\windows\system32\cmirmdrv.dll
2011-12-28 08:26 . 2011-12-28 08:26 233472 ----a-w- c:\windows\system32\cmirmdrv.exe
2011-12-28 08:26 . 2011-12-28 08:26 163840 ----a-w- c:\windows\system32\cmuda.dll
2011-12-28 08:26 . 2011-12-28 08:31 59392 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-12-28 08:26 . 2011-12-28 08:31 59392 ----a-w- c:\windows\system32\a3d.dll
2011-12-28 08:26 . 2011-12-28 08:26 917504 ----a-w- c:\windows\system\cmids3d.dll
2011-12-28 08:26 . 2011-12-28 08:26 712704 ----a-w- c:\windows\system32\Audio3D.dll
2011-12-28 08:25 . 2011-12-28 08:25 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-28 08:24 . 2011-12-28 08:24 215656 ----a-w- c:\windows\system32\NVCOSMB.DLL
2011-12-28 06:46 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-12-28 06:46 . 2011-12-28 06:46 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-12-28 04:59 . 2011-12-28 04:59 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-12-28 04:58 . 2011-12-28 04:58 -------- d-----w- c:\program files\Uniblue
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 04:06 . 2002-02-06 01:17 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-12-31 04:06 . 2002-02-06 01:17 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-12-31 04:06 . 2002-02-06 01:17 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-12-29 14:56 . 2002-01-17 20:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-28 08:31 . 2011-05-24 12:55 51200 ----a-w- c:\windows\system32\sfman32.dll
2011-12-28 08:31 . 2011-05-24 12:55 495616 ----a-w- c:\windows\system32\sblfx.dll
2011-12-28 08:31 . 2011-05-24 12:55 25600 ----a-w- c:\windows\system32\devldr32.exe
2011-12-28 08:31 . 2011-05-24 12:55 352256 ----a-w- c:\windows\system32\devcon32.dll
2011-12-28 08:31 . 2011-05-24 12:55 3584 ----a-w- c:\windows\system32\ctwdm32.dll
2011-12-28 06:46 . 2009-05-09 05:14 21520 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-12-10 20:24 . 2011-05-24 18:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:29 . 2009-07-14 19:40 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-07-14 19:40 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-07-14 19:40 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:05 . 2008-04-14 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 23:22 . 2009-02-06 10:30 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 13:34 . 2009-07-14 19:38 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-02 11:02 . 2002-02-15 22:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-14 . 418A05EC487D63B84C87BE77279834E1 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Homie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-09-28 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON NX300 Series 1 on DANLT]
2008-01-22 05:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEJA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2011-05-16 07:34 54664 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-09 07:19 13529088 ----a-r- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-09 07:19 86016 ----a-r- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vilongu HTTP SOCKS tunneler]
2008-10-15 02:36 50688 ----a-w- c:\program files\Vilongu HTTP SOCKS tunneler\Vilongu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"npggsvc"=3 (0x3)
"idsvc"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)
"EPSON_EB_RPCV4_01"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\S.W.A.T. 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Program Files\\S.W.A.T. 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QQ Chat\\QQIntl\\Bin\\QQ.exe"=
"d:\\Yahoo Stuff\\Yahoo Voice\\Revolution_Vox__crack_by_iraq_att\\Revolution Vox__crack by iraq_att\\Revolution Vox__crack by iraq_att.exe"=
"d:\\CamFrog Flooder\\SubsUPDFlooder\\SubsUPDFlooder\\SubsUPDFlooder\\SubsUPDFlooder.exe"=
"c:\\Documents and Settings\\Homie\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12880:TCP"= 12880:TCP:Utor
"12880:UDP"= 12880:UDP:utor2
"46169:TCP"= 46169:TCP:ut
"46169:UDP"= 46169:UDP:ut2
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4/28/2011 6:57 AM 129992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/24/2011 1:28 PM 652872]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/28/2011 6:58 AM 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [8/1/2011 6:23 AM 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/28/2011 6:57 AM 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/28/2011 6:57 AM 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [4/28/2011 6:57 AM 112456]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/16/2002 2:53 PM 218688]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [3/22/2007 7:17 AM 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/24/2011 1:28 PM 20464]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-12-28 19:43]
.
2012-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003Core.job
- c:\documents and settings\Homie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-28 01:41]
.
2012-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003UA.job
- c:\documents and settings\Homie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-28 01:41]
.
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyServer = 24.101.245.31:1690
uInternet Settings,ProxyOverride = local
LSP: c:\windows\system32\VilonguLSP.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Homie\Application Data\Mozilla\Firefox\Profiles\i5j8okm7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 23:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\01\00\0d\00\1c\0e>"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\VilonguLSP.dll
.
- - - - - - - > 'explorer.exe'(1872)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2012-01-09 23:18:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 04:18
ComboFix2.txt 2012-01-10 02:16
.
Pre-Run: 61,865,263,104 bytes free
Post-Run: 63,157,243,904 bytes free
.
- - End Of File - - A76B5160DF4B14FFD9A24DA5F56D7EB3

Back to top

#10 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 10 January 2012 - 04:25 AM

Yeah there were couple of trojans we just whacked.

How is computer doing at the moment?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Back to top

#11 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 10 January 2012 - 06:15 AM

its running better now my internet loss and tv flicker has stopped

OTL logfile created on: 1/10/2012 12:39:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Homie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 61.45% Memory free
2.61 Gb Paging File | 2.26 Gb Available in Paging File | 86.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.84 Gb Free Space | 78.96% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 223.39 Gb Free Space | 95.92% Space Free | Partition Type: NTFS

Computer Name: DANDT | User Name: Homie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 00:31:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Homie\Desktop\OTL.exe
PRC - [2011/12/31 03:18:24 | 000,061,440 | ---- | M] (YAH-KILLER.ORG) -- D:\Yahoo Stuff\Y!Booter\Happy New Year 2012 By Langbooter\Happy+New+Year+2012++By+Langbooter.exe
PRC - [2011/12/28 03:31:23 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/20 14:43:56 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\driverscanner.exe
PRC - [2011/10/20 14:43:56 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011/04/28 07:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 06:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/20 14:43:56 | 000,407,400 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\locale\en\en.dll
MOD - [2011/10/20 14:43:56 | 000,071,016 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\InstallerExtensions.dll
MOD - [2011/10/20 14:43:56 | 000,018,792 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\cwebpage.dll
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/02/14 11:55:11 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll
MOD - [2007/02/14 11:55:10 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 06:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/04/24 15:09:00 | 004,164,600 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/28 03:31:27 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2011/12/28 03:31:24 | 000,777,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2011/12/28 03:31:21 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/01 06:23:20 | 000,143,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 06:57:57 | 000,112,456 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 06:57:38 | 000,129,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 06:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 06:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/08/09 02:20:12 | 000,021,760 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2009/08/09 02:20:04 | 000,093,764 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2009/08/09 02:19:55 | 000,396,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2009/08/09 02:19:55 | 000,048,640 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2009/08/09 02:19:49 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2008/04/13 21:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 15:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/07/18 19:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 19:39:15 | 001,278,104 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2005/01/03 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2002/01/16 14:53:25 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2001/08/17 09:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 07:05:48 | 000,314,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000 (08B0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 24.101.245.31:1690

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: c:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Homie\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 06:02:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/24 14:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Homie\Application Data\Mozilla\Extensions
[2011/09/19 21:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\i5j8okm7.default\extensions
[2002/01/16 14:53:05 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\i5j8okm7.default\searchplugins\daemon-search.xml
[2011/07/14 11:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/24 14:47:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/14 11:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/15 20:35:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/02 06:02:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/01/09 23:09:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003..\Run: [Facebook Update] C:\Documents and Settings\Homie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VilonguLSP.dll (Crow Soft)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VilonguLSP.dll (Crow Soft)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\VilonguLSP.dll (Crow Soft)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2EE4B51-E398-48D8-9A98-226FC3C3B1EB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/24 12:41:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/13 16:10:32 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 00:30:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Homie\Desktop\OTL.exe
[2012/01/09 23:18:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/09 21:06:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/09 19:31:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/01/09 15:40:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/09 14:53:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/09 14:53:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/09 14:53:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/09 14:53:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/09 14:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/09 14:53:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 14:27:24 | 004,376,727 | R--- | C] (Swearware) -- C:\Documents and Settings\Homie\Desktop\ComboFix.exe
[2012/01/09 11:53:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Homie\My Documents\My Videos
[2012/01/09 11:53:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Homie\Start Menu\Programs\Administrative Tools
[2012/01/05 22:42:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Homie\Desktop\dds.scr
[2012/01/05 22:42:30 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Homie\Desktop\aswMBR.exe
[2012/01/05 21:57:47 | 000,901,120 | ---- | C] (Save-EE) -- C:\Documents and Settings\Homie\Desktop\LobbyClient.exe
[2011/12/31 00:52:32 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\xTab.ocx
[2011/12/31 00:52:25 | 000,422,088 | ---- | C] (LogicNP Software) -- C:\WINDOWS\System32\crylic70.ocx
[2011/12/30 15:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Homie\Local Settings\Application Data\Save-EE
[2011/12/30 15:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Homie\Application Data\Save-EE
[2011/12/28 12:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2011/12/28 03:26:28 | 001,458,176 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\SmWizard.exe
[2011/12/28 03:26:28 | 000,032,768 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System32\udaprop.dll
[2011/12/28 03:26:27 | 000,163,840 | ---- | C] (C-Media) -- C:\WINDOWS\System32\cmuda.dll
[2011/12/28 03:26:26 | 002,568,192 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System\cmicnfg.cpl
[2011/12/28 03:26:26 | 000,917,504 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\cmids3d.dll
[2011/12/28 03:26:26 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/12/28 03:26:26 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/12/28 03:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/12/27 23:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/12/27 23:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Homie\Application Data\Uniblue
[2011/12/27 23:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/12/27 23:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 00:47:06 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003UA.job
[2012/01/10 00:31:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Homie\Desktop\OTL.exe
[2012/01/10 00:29:47 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\Shortcut to DevilDC v1.0.lnk
[2012/01/09 23:13:40 | 000,434,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/09 23:13:40 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/09 23:12:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/09 23:09:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/09 23:09:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012/01/09 23:09:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/09 23:09:12 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 22:54:52 | 004,376,727 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\ComboFix.exe
[2012/01/09 21:47:01 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003Core.job
[2012/01/09 21:07:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/09 11:52:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\MBR.dat
[2012/01/05 22:46:25 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Homie\Desktop\aswMBR.exe
[2012/01/05 22:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Homie\Desktop\dds.scr
[2012/01/05 22:42:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\8hbcpdp4.exe
[2012/01/05 21:59:10 | 000,901,120 | ---- | M] (Save-EE) -- C:\Documents and Settings\Homie\Desktop\LobbyClient.exe
[2011/12/31 11:51:53 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\Shortcut to EE-AOC.lnk
[2011/12/31 11:47:36 | 000,000,515 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2011/12/30 23:06:34 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/30 23:06:34 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/30 23:06:34 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/28 03:31:24 | 002,259,070 | ---- | M] () -- C:\WINDOWS\System32\drivers\eapci2m.ecw
[2011/12/28 03:31:21 | 000,059,392 | ---- | M] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/12/28 03:31:21 | 000,059,392 | ---- | M] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/12/28 03:31:20 | 002,090,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2011/12/28 03:26:28 | 001,458,176 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\System\SmWizard.exe
[2011/12/28 03:26:28 | 000,032,768 | ---- | M] (C-Media Corporation) -- C:\WINDOWS\System32\udaprop.dll
[2011/12/28 03:26:27 | 000,233,472 | ---- | M] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2011/12/28 03:26:27 | 000,163,840 | ---- | M] (C-Media) -- C:\WINDOWS\System32\cmuda.dll
[2011/12/28 03:26:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2011/12/28 03:26:26 | 002,568,192 | ---- | M] (C-Media Corporation) -- C:\WINDOWS\System\cmicnfg.cpl
[2011/12/28 03:26:26 | 000,917,504 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\System\cmids3d.dll
[2011/12/28 01:46:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/12/28 01:46:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/12/27 23:58:34 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/12/27 23:58:34 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Homie\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/12/27 23:11:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Homie\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/27 23:11:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 22:41:04 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/27 22:34:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 00:29:47 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\Shortcut to DevilDC v1.0.lnk
[2012/01/09 21:18:39 | 1341,706,240 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/09 21:07:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/09 21:06:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/09 14:53:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/09 14:53:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/09 14:53:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/09 14:53:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/09 14:53:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/09 11:52:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\MBR.dat
[2012/01/05 22:42:17 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\8hbcpdp4.exe
[2011/12/31 11:51:53 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\Shortcut to EE-AOC.lnk
[2011/12/28 03:31:24 | 002,259,070 | ---- | C] () -- C:\WINDOWS\System32\drivers\eapci2m.ecw
[2011/12/28 03:26:27 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2011/12/28 03:26:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2011/12/28 01:46:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/12/28 01:46:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/12/27 23:59:12 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/12/27 23:58:34 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/12/27 23:58:34 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Homie\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/12/27 23:11:21 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Homie\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/27 23:11:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/05/24 16:36:19 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/05/24 14:34:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/24 13:26:06 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/05/24 12:45:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 12:36:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/24 07:53:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/24 07:50:07 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/28 06:57:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\PSINAflt(2).sys
[2009/04/30 21:39:36 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,434,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,068,318 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/02/05 20:17:14 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2002/02/05 20:17:13 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2002/02/05 20:17:13 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2002/02/05 20:13:12 | 000,000,515 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/01/26 10:18:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/01/19 19:57:11 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Homie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2002/01/16 14:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2002/01/26 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/24 13:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/08/22 15:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/12/31 11:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Azureus
[2011/09/11 16:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Camfrog
[2002/01/16 15:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\DAEMON Tools Lite
[2002/01/01 13:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Electronic Arts
[2011/05/24 15:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\IObit
[2011/09/19 20:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\ManyCam
[2011/05/24 13:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Panda Security
[2011/12/31 04:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Save-EE
[2002/01/01 03:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Sony Online Entertainment
[2011/09/12 18:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Tencent
[2011/12/27 23:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Uniblue
[2011/07/16 00:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\uTorrent
[2011/08/11 17:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\WSOP-USA.com
[2012/01/09 23:09:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2012/01/09 21:47:01 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003Core.job
[2012/01/10 00:47:06 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-651377827-1547161642-1003UA.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/05/24 12:41:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/13 16:27:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/09 21:07:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/09 23:18:16 | 000,014,508 | ---- | M] () -- C:\ComboFix.txt
[2011/05/24 12:41:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/01/09 23:09:12 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 12:41:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/24 12:41:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/09 23:09:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2002/01/01 20:25:18 | 000,000,534 | ---- | M] () -- C:\SoftUpdate.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/05/24 12:40:31 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2002/01/19 19:10:34 | 000,001,666 | -H-- | M] () -- C:\Documents and Settings\Homie\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/05/24 07:49:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/05/24 07:49:26 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/05/24 07:49:26 | 000,933,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/05/24 12:41:14 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/24 13:05:33 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Homie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/05/24 13:05:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Homie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/05 22:42:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\8hbcpdp4.exe
[2012/01/05 22:46:25 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Homie\Desktop\aswMBR.exe
[2012/01/09 22:54:52 | 004,376,727 | R--- | M] (Swearware) -- C:\Documents and Settings\Homie\Desktop\ComboFix.exe
[2012/01/05 21:59:10 | 000,901,120 | ---- | M] (Save-EE) -- C:\Documents and Settings\Homie\Desktop\LobbyClient.exe
[2012/01/10 00:31:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Homie\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2008/04/14 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/24 13:05:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Homie\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/10 00:30:15 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Homie\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 07:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 07:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 20:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 13:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 20:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 02:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 07:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 20:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 20:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2011/12/28 03:26:28 | 001,458,176 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\SmWizard.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-28 05:58:18

< End of report >

------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 1/10/2012 12:39:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Homie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 61.45% Memory free
2.61 Gb Paging File | 2.26 Gb Available in Paging File | 86.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.84 Gb Free Space | 78.96% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 223.39 Gb Free Space | 95.92% Space Free | Partition Type: NTFS

Computer Name: DANDT | User Name: Homie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1409082233-651377827-1547161642-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"12880:TCP" = 12880:TCP:*:Enabled:Utor
"12880:UDP" = 12880:UDP:*:Enabled:utor2
"46169:TCP" = 46169:TCP:*:Enabled:ut
"46169:UDP" = 46169:UDP:*:Enabled:ut2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Video Chat -- (Camshare Inc.)
"C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe" = C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate -- (Sierra Entertainment, Inc.)
"C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe" = C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server -- (Sierra Entertainment, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\QQ Chat\QQIntl\Bin\QQ.exe" = C:\Program Files\QQ Chat\QQIntl\Bin\QQ.exe:*:Enabled:Tencent QQ -- (Tencent)
"D:\Yahoo Stuff\Yahoo Voice\Revolution_Vox__crack_by_iraq_att\Revolution Vox__crack by iraq_att\Revolution Vox__crack by iraq_att.exe" = D:\Yahoo Stuff\Yahoo Voice\Revolution_Vox__crack_by_iraq_att\Revolution Vox__crack by iraq_att\Revolution Vox__crack by iraq_att.exe:*:Enabled:yahoo Voice Domination Soft -- (MnT Softs Inc.)
"D:\CamFrog Flooder\SubsUPDFlooder\SubsUPDFlooder\SubsUPDFlooder\SubsUPDFlooder.exe" = D:\CamFrog Flooder\SubsUPDFlooder\SubsUPDFlooder\SubsUPDFlooder\SubsUPDFlooder.exe:*:Enabled:SubsUPDFlooder -- (WCBOOTIN)
"C:\Documents and Settings\Homie\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Homie\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"D:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe" = D:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = Empire Earth - The Art of Conquest
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Camfrog 6.1" = Camfrog Video Chat 6.1
"ClubWPT" = ClubWPT
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark Age of Camelot - Labyrinth of the Minotaur_is1" = Dark Age of Camelot - Labyrinth of the Minotaur
"DMX4_is1" = DriverMax 4
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"Forum Proxy Leecher_is1" = Forum Proxy Leecher 1.11
"ie8" = Windows Internet Explorer 8
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"ManyCam" = ManyCam 2.6.55 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"S.W.A.T. 4_is1" = S.W.A.T. 4
"Tor" = Tor 0.2.2.32
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.14
"Vilongu HTTP SOCKS tunneler_is1" = Vilongu HTTP SOCKS tunneler 1.0.0
"VLC media player" = VLC media player 1.1.10
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WSOP-USA.com" = WSOP-USA.com
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1409082233-651377827-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2012 3:58:10 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application wscntfy.exe, version 5.1.2600.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 1/4/2012 3:58:27 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application psantomanager.exe, version 3.0.0.88, faulting
module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.

Error - 1/4/2012 3:58:27 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application psantomanager.exe, version 3.0.0.88, faulting
module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.

Error - 1/5/2012 12:58:06 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application wscntfy.exe, version 5.1.2600.5512, faulting
module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.

Error - 1/5/2012 12:58:42 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application psantomanager.exe, version 3.0.0.88, faulting
module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.

Error - 1/5/2012 1:06:56 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application wscntfy.exe, version 5.1.2600.5512, faulting
module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.

Error - 1/5/2012 1:07:24 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application psantomanager.exe, version 3.0.0.88, faulting
module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.

Error - 1/6/2012 4:47:06 PM | Computer Name = DANDT | Source = Google Update | ID = 20
Description =

Error - 1/9/2012 10:13:29 PM | Computer Name = DANDT | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 1/9/2012 10:14:33 PM | Computer Name = DANDT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 1/9/2012 4:42:54 PM | Computer Name = DANDT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NanoServiceMain service.

Error - 1/9/2012 4:44:17 PM | Computer Name = DANDT | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 8852f5e8, parameter3
00000000, parameter4 00000000.

Error - 1/9/2012 8:28:41 PM | Computer Name = DANDT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NanoServiceMain service.

Error - 1/9/2012 8:33:14 PM | Computer Name = DANDT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 Fips PSINKNC

Error - 1/9/2012 8:34:41 PM | Computer Name = DANDT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/9/2012 8:35:06 PM | Computer Name = DANDT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/9/2012 8:35:56 PM | Computer Name = DANDT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 Fips PSINKNC

Error - 1/9/2012 10:17:15 PM | Computer Name = DANDT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/9/2012 10:17:34 PM | Computer Name = DANDT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/9/2012 10:17:59 PM | Computer Name = DANDT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Back to top

#12 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 10 January 2012 - 03:49 PM

No internet?

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Back to top

#13 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 10 January 2012 - 08:35 PM

Yes, did you read posts 3,4 and 5? :)

Farbar Service Scanner
Ran by Homie (administrator) on 10-01-2012 at 15:36:00
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2009-07-14 14:37] - [2009-07-14 14:37] - 0361600 ____A (Microsoft Corporation) 418A05EC487D63B84C87BE77279834E1

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2009-07-14 14:38] - [2009-07-14 14:38] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2009-07-14 14:38] - [2009-07-14 14:38] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Back to top

#14 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 10 January 2012 - 08:38 PM

Looks perfectly fine.

Please download MiniToolBox and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices (do NOT change any settings here)
List Users, Partitions and Memory size

Click Go and post the result.

Back to top

#15 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 10 January 2012 - 10:03 PM

Yeah all that stuff in posts 3,4 and 5 seemed to stop after running combofix. now its better thanks!

MiniToolBox by Farbar
Ran by Homie (administrator) on 10-01-2012 at 16:37:22
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 24.101.245.31:1690

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)
Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : DANDT

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-0C-76-96-B7-69

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.9

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, January 09, 2012 9:18:47 PM

Lease Expires . . . . . . . . . . : Tuesday, January 10, 2012 9:18:47 PM

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)

Physical Address. . . . . . . . . : 00-04-5A-87-BD-17

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.113.99, 74.125.113.106, 74.125.113.104, 74.125.113.105
74.125.113.147, 74.125.113.103

Pinging google.com [74.125.113.104] with 32 bytes of data:

Reply from 74.125.113.104: bytes=32 time=59ms TTL=51

Reply from 74.125.113.104: bytes=32 time=52ms TTL=51

Ping statistics for 74.125.113.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 52ms, Maximum = 59ms, Average = 55ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43

Pinging yahoo.com [98.139.180.149] with 32 bytes of data:

Reply from 98.139.180.149: bytes=32 time=100ms TTL=46

Reply from 98.139.180.149: bytes=32 time=90ms TTL=46

Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 100ms, Average = 95ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 76 96 b7 69 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x3 ...00 04 5a 87 bd 17 ...... Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.9 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.9 192.168.1.9 20
192.168.1.9 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.9 192.168.1.9 20
224.0.0.0 240.0.0.0 192.168.1.9 192.168.1.9 20
255.255.255.255 255.255.255.255 192.168.1.9 3 1
255.255.255.255 255.255.255.255 192.168.1.9 192.168.1.9 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\VilonguLSP.dll [130560] (Crow Soft)
Catalog9 02 C:\WINDOWS\system32\VilonguLSP.dll [130560] (Crow Soft)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\VilonguLSP.dll [130560] (Crow Soft)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/09/2012 09:14:33 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (01/09/2012 09:13:29 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [pev.exe!ws!]

Error: (01/06/2012 03:47:06 PM) (Source: Google Update) (User: Homie)Homie
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/05/2012 00:07:24 PM) (Source: Application Error) (User: )
Description: Faulting application psantomanager.exe, version 3.0.0.88, faulting module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.
Processing media-specific event for [psantomanager.exe!ws!]

Error: (01/05/2012 00:06:56 PM) (Source: Application Error) (User: )
Description: Faulting application wscntfy.exe, version 5.1.2600.5512, faulting module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.
Processing media-specific event for [wscntfy.exe!ws!]

Error: (01/05/2012 11:58:42 AM) (Source: Application Error) (User: )
Description: Faulting application psantomanager.exe, version 3.0.0.88, faulting module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.
Processing media-specific event for [psantomanager.exe!ws!]

Error: (01/05/2012 11:58:06 AM) (Source: Application Error) (User: )
Description: Faulting application wscntfy.exe, version 5.1.2600.5512, faulting module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.
Processing media-specific event for [wscntfy.exe!ws!]

Error: (01/04/2012 02:58:27 PM) (Source: Application Error) (User: )
Description: Faulting application psantomanager.exe, version 3.0.0.88, faulting module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.
Processing media-specific event for [psantomanager.exe!ws!]

Error: (01/04/2012 02:58:27 PM) (Source: Application Error) (User: )
Description: Faulting application psantomanager.exe, version 3.0.0.88, faulting module cmsetac.dll, version 0.0.0.0, fault address 0x00007164.
Processing media-specific event for [psantomanager.exe!ws!]

Error: (01/04/2012 02:58:10 PM) (Source: Application Error) (User: )
Description: Faulting application wscntfy.exe, version 5.1.2600.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [wscntfy.exe!ws!]

System errors:
=============
Error: (01/09/2012 09:17:59 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/09/2012 09:17:34 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/09/2012 09:17:15 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/09/2012 07:35:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK7
Fips
PSINKNC

Error: (01/09/2012 07:35:06 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/09/2012 07:34:41 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/09/2012 07:33:14 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK7
Fips
PSINKNC

Error: (01/09/2012 07:28:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.

Error: (01/09/2012 03:44:17 PM) (Source: System Error) (User: )
Description: Error code 000000ca, parameter1 00000004, parameter2 8852f5e8, parameter3 00000000, parameter4 00000000.

Error: (01/09/2012 03:42:54 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.

Microsoft Office Sessions:
=========================
Error: (01/09/2012 09:14:33 PM) (Source: crypt32)(User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (01/09/2012 09:13:29 PM) (Source: Application Error)(User: )
Description: pev.exe0.0.0.0pev.exe0.0.0.00008d1c0

Error: (01/06/2012 03:47:06 PM) (Source: Google Update)(User: Homie)Homie
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/05/2012 00:07:24 PM) (Source: Application Error)(User: )
Description: psantomanager.exe3.0.0.88cmsetac.dll0.0.0.000007164

Error: (01/05/2012 00:06:56 PM) (Source: Application Error)(User: )
Description: wscntfy.exe5.1.2600.5512cmsetac.dll0.0.0.000007164

Error: (01/05/2012 11:58:42 AM) (Source: Application Error)(User: )
Description: psantomanager.exe3.0.0.88cmsetac.dll0.0.0.000007164

Error: (01/05/2012 11:58:06 AM) (Source: Application Error)(User: )
Description: wscntfy.exe5.1.2600.5512cmsetac.dll0.0.0.000007164

Error: (01/04/2012 02:58:27 PM) (Source: Application Error)(User: )
Description: psantomanager.exe3.0.0.88cmsetac.dll0.0.0.000007164

Error: (01/04/2012 02:58:27 PM) (Source: Application Error)(User: )
Description: psantomanager.exe3.0.0.88cmsetac.dll0.0.0.000007164

Error: (01/04/2012 02:58:10 PM) (Source: Application Error)(User: )
Description: wscntfy.exe5.1.2600.55120.0.0.000000000

========================= Devices: ================================

Name: C-Media AC97 Audio Device
Description: C-Media AC97 Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: C-Media
Service: cmuda
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1279.49 MB
Available physical RAM: 648.36 MB
Total Pagefile: 2670.54 MB
Available Pagefile: 2180.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.21 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:58.83 GB) NTFS
3 Drive d: (Slave Disk) (Fixed) (Total:232.88 GB) (Free:223.39 GB) NTFS

========================= Users: ========================================

User accounts for \\DANDT

Administrator Guest HelpAssistant
Homie SUPPORT_388945a0

**** End of log ****

Back to top

#16 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 10 January 2012 - 10:28 PM

"Ping" command works just fine.

I can see two network adapters:

Quote

NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)
Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) = Local Area Connection (Media disconnected)

Which one is in use?

By internet not working what exactly do you mean?
Browsers errors?

Back to top

#17 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 10 January 2012 - 11:03 PM

I use this one,

NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)

By internet not working what exactly do you mean?

Yeah, my modem would just drop signal and the T.V. would pause and go black for 3-4 sec., but that has stopped.

Browsers errors? None.

Back to top

#18 Broni Re: [RESOLVED] my win xp desktop giving me problems.

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 11h 50m 50s

Posted 10 January 2012 - 11:24 PM

Quote

my modem would just drop signal and the T.V. would pause and go black for 3-4 sec., but that has stopped.

Oh, OK.

I strongly suggest you uninstall Uniblue DriverScanner.
Generally drivers should be left alone, not to mention it's constantly running, checking for those drivers on every startup, which is ridiculous.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 24.101.245.31:1690
O3 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-651377827-1547161642-1003\..Trusted Domains: sony.com ([]* in Trusted sites)

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================================

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

=======================================================================

Last scans...
1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Back to top

#19 ProblemsRBad Re: [RESOLVED] my win xp desktop giving me problems.

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 12:11 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 11 January 2012 - 02:27 AM

The OTL has frozen up it seems. It says on the bottom status bar Killing processes. DO NOT INTERRUPT...

It's beel stuck here for about 2 hours now. What should I do?