Jump to content


[Inactive] working with another dirty win xp desktop

Started By ProblemsRBad, Jan 31 2012 06:54 PM

41 replies to this topic

#1 ProblemsRBad

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 31 January 2012 - 06:54 PM

So my friend has 3 pc's for me to clean up for them, this is pc #2 a windows xp desktop. it didnt have any virus protction at all. All i can get is an mbamlog and aswmbr. gmer reboots the system and stops scanning. dds will not open. here what i got for logs

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.30.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Amy :: ---------- [administrator]

Protection: Enabled

1/30/2012 11:10:17 PM
mbam-log-2012-01-30 (23-10-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264191
Time elapsed: 5 hour(s), 53 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


================================================================================

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 20:28:30
-----------------------------
20:28:30.406 OS Version: Windows 5.1.2600 Service Pack 3
20:28:30.406 Number of processors: 1 586 0xC00
20:28:30.406 ComputerName: ---------- UserName: Amy
20:28:41.000 Initialize success
20:35:26.562 AVAST engine defs: 12013000
20:35:29.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f
20:35:29.843 Disk 0 Vendor: WDC_WD200EB-11CSF0 04.01B04 Size: 19092MB BusType: 3
20:35:29.921 Disk 0 MBR read successfully
20:35:29.921 Disk 0 MBR scan
20:35:30.484 Disk 0 Windows XP default MBR code
20:35:30.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19084 MB offset 63
20:35:30.750 Disk 0 scanning sectors +39085200
20:35:31.062 Disk 0 scanning C:\WINDOWS\system32\drivers
20:36:48.375 Service scanning
20:36:55.734 Modules scanning
20:38:00.484 Disk 0 trace - called modules:
20:38:00.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:38:00.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88784ab8]
20:38:01.015 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000065[0x887a7418]
20:38:01.015 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1f[0x88780d98]
20:38:03.390 AVAST engine scan C:\WINDOWS
20:38:31.453 AVAST engine scan C:\WINDOWS\system32
20:56:56.359 AVAST engine scan C:\WINDOWS\system32\drivers
20:58:10.593 AVAST engine scan C:\Documents and Settings\Amy
21:39:25.609 AVAST engine scan C:\Documents and Settings\All Users
21:42:10.265 Scan finished successfully
21:44:44.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Amy\Desktop\MBR.dat"
21:44:44.406 The log file has been saved successfully to "C:\Documents and Settings\Amy\Desktop\aswMBRlog.txt"

#2 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 31 January 2012 - 07:19 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

=============================================================

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.
Posted Image Posted Image


#3 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 31 January 2012 - 09:21 PM

16:04:48.0765 0176 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
16:04:50.0781 0176 ============================================================
16:04:50.0781 0176 Current date / time: 2012/01/31 16:04:50.0781
16:04:50.0781 0176 SystemInfo:
16:04:50.0781 0176
16:04:50.0781 0176 OS Version: 5.1.2600 ServicePack: 3.0
16:04:50.0781 0176 Product type: Workstation
16:04:50.0781 0176 ComputerName: ----------
16:04:51.0468 0176 UserName: Amy
16:04:51.0484 0176 Windows directory: C:\WINDOWS
16:04:51.0484 0176 System windows directory: C:\WINDOWS
16:04:51.0484 0176 Processor architecture: Intel x86
16:04:51.0484 0176 Number of processors: 1
16:04:51.0484 0176 Page size: 0x1000
16:04:51.0484 0176 Boot type: Normal boot
16:04:51.0484 0176 ============================================================
16:04:56.0578 0176 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0xA1A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
16:04:56.0593 0176 \Device\Harddisk0\DR0:
16:04:56.0593 0176 MBR used
16:04:56.0593 0176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546451
16:04:56.0640 0176 Initialize success
16:04:56.0640 0176 ============================================================
16:05:14.0593 2044 ============================================================
16:05:14.0593 2044 Scan started
16:05:14.0593 2044 Mode: Manual;
16:05:14.0593 2044 ============================================================
16:05:15.0406 2044 Abiosdsk - ok
16:05:15.0875 2044 abp480n5 - ok
16:05:16.0562 2044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:05:16.0671 2044 ACPI - ok
16:05:17.0312 2044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:05:17.0312 2044 ACPIEC - ok
16:05:17.0843 2044 adpu160m - ok
16:05:18.0531 2044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:05:18.0593 2044 aec - ok
16:05:19.0343 2044 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
16:05:19.0437 2044 AFD - ok
16:05:19.0984 2044 Aha154x - ok
16:05:20.0406 2044 aic78u2 - ok
16:05:20.0921 2044 aic78xx - ok
16:05:25.0312 2044 ALCXWDM (0a24f3d25cde25a2eb6f2f9770fc471b) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:05:29.0562 2044 ALCXWDM - ok
16:05:30.0234 2044 ALIEHCD (996ae1f2a9e87b706945ab57bc9e3e4d) C:\WINDOWS\system32\Drivers\ALIEHCI.sys
16:05:30.0250 2044 ALIEHCD - ok
16:05:30.0750 2044 AliIde - ok
16:05:31.0265 2044 aliroothub (7820ef3a3495fdbd4c69b665d3365080) C:\WINDOWS\system32\DRIVERS\AliRtHub.sys
16:05:31.0265 2044 aliroothub - ok
16:05:31.0812 2044 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
16:05:31.0812 2044 amdide - ok
16:05:32.0468 2044 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:05:32.0468 2044 AmdK8 - ok
16:05:32.0953 2044 amsint - ok
16:05:33.0593 2044 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:05:33.0593 2044 Arp1394 - ok
16:05:34.0109 2044 asc - ok
16:05:34.0593 2044 asc3350p - ok
16:05:35.0109 2044 asc3550 - ok
16:05:35.0781 2044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:05:35.0781 2044 AsyncMac - ok
16:05:36.0468 2044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:05:36.0484 2044 atapi - ok
16:05:36.0984 2044 Atdisk - ok
16:05:40.0593 2044 ati2mtag (ef1fa1877c6f411937623844423024a5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:05:40.0625 2044 ati2mtag - ok
16:05:41.0406 2044 ATI_WDMAUD (d1a2a37ee1959ea316f2e95f7f725c14) C:\WINDOWS\system32\drivers\atiwdma.sys
16:05:41.0484 2044 ATI_WDMAUD - ok
16:05:42.0140 2044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:05:42.0156 2044 Atmarpc - ok
16:05:42.0750 2044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:05:42.0750 2044 audstub - ok
16:05:43.0265 2044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:05:43.0265 2044 Beep - ok
16:05:43.0968 2044 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
16:05:43.0984 2044 BVRPMPR5 - ok
16:05:44.0562 2044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:05:44.0562 2044 cbidf2k - ok
16:05:45.0109 2044 cd20xrnt - ok
16:05:45.0640 2044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:05:45.0656 2044 Cdaudio - ok
16:05:46.0203 2044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:05:46.0203 2044 Cdfs - ok
16:05:46.0828 2044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:05:46.0828 2044 Cdrom - ok
16:05:47.0328 2044 Changer - ok
16:05:47.0906 2044 CmdIde - ok
16:05:48.0484 2044 Cpqarray - ok
16:05:49.0000 2044 dac2w2k - ok
16:05:49.0484 2044 dac960nt - ok
16:05:50.0156 2044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:05:50.0156 2044 Disk - ok
16:05:51.0484 2044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:05:52.0218 2044 dmboot - ok
16:05:53.0031 2044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:05:53.0156 2044 dmio - ok
16:05:53.0796 2044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:05:53.0796 2044 dmload - ok
16:05:54.0406 2044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:05:54.0406 2044 DMusic - ok
16:05:54.0937 2044 dpti2o - ok
16:05:55.0468 2044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:05:55.0468 2044 drmkaud - ok
16:05:55.0968 2044 EagleNT - ok
16:05:57.0046 2044 Envy24HFS (75474586a845dfb77050d118d0d368f6) C:\WINDOWS\system32\drivers\Envy24HF.sys
16:05:57.0546 2044 Envy24HFS - ok
16:05:58.0328 2044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:05:58.0453 2044 Fastfat - ok
16:05:59.0046 2044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:05:59.0046 2044 Fdc - ok
16:05:59.0609 2044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:05:59.0609 2044 Fips - ok
16:05:59.0812 2044 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
16:05:59.0828 2044 FLASHSYS - ok
16:06:00.0437 2044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:06:00.0437 2044 Flpydisk - ok
16:06:01.0078 2044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:06:01.0171 2044 FltMgr - ok
16:06:01.0734 2044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:06:01.0734 2044 Fs_Rec - ok
16:06:02.0328 2044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:06:02.0406 2044 Ftdisk - ok
16:06:03.0000 2044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:06:03.0000 2044 Gpc - ok
16:06:03.0515 2044 hpn - ok
16:06:04.0312 2044 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:06:04.0359 2044 HTTP - ok
16:06:04.0828 2044 i2omgmt - ok
16:06:05.0312 2044 i2omp - ok
16:06:05.0906 2044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:06:05.0906 2044 i8042prt - ok
16:06:06.0515 2044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:06:06.0546 2044 Imapi - ok
16:06:07.0062 2044 ini910u - ok
16:06:07.0546 2044 IntelIde - ok
16:06:08.0125 2044 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:06:08.0171 2044 Ip6Fw - ok
16:06:08.0781 2044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:06:08.0781 2044 IpFilterDriver - ok
16:06:09.0406 2044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:06:09.0406 2044 IpInIp - ok
16:06:10.0109 2044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:06:10.0187 2044 IpNat - ok
16:06:10.0796 2044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:06:10.0812 2044 IPSec - ok
16:06:11.0375 2044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:06:11.0375 2044 IRENUM - ok
16:06:11.0984 2044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:06:12.0000 2044 isapnp - ok
16:06:12.0593 2044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:06:12.0593 2044 Kbdclass - ok
16:06:13.0468 2044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:06:13.0671 2044 kmixer - ok
16:06:14.0343 2044 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
16:06:14.0375 2044 KSecDD - ok
16:06:14.0921 2044 lbrtfdc - ok
16:06:15.0578 2044 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
16:06:15.0578 2044 MBAMProtector - ok
16:06:16.0140 2044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:06:16.0140 2044 mnmdd - ok
16:06:16.0703 2044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:06:16.0703 2044 Modem - ok
16:06:17.0312 2044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:06:17.0312 2044 Mouclass - ok
16:06:17.0859 2044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:06:17.0859 2044 MountMgr - ok
16:06:18.0343 2044 mraid35x - ok
16:06:19.0031 2044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:06:19.0187 2044 MRxDAV - ok
16:06:20.0171 2044 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:06:20.0593 2044 MRxSmb - ok
16:06:21.0187 2044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:06:21.0218 2044 Msfs - ok
16:06:21.0765 2044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:06:21.0765 2044 MSKSSRV - ok
16:06:22.0343 2044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:06:22.0343 2044 MSPCLOCK - ok
16:06:22.0937 2044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:06:22.0953 2044 MSPQM - ok
16:06:23.0531 2044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:06:23.0531 2044 mssmbios - ok
16:06:24.0156 2044 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:06:24.0203 2044 Mup - ok
16:06:24.0937 2044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:06:25.0078 2044 NDIS - ok
16:06:25.0640 2044 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:06:25.0640 2044 NdisTapi - ok
16:06:26.0171 2044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:06:26.0171 2044 Ndisuio - ok
16:06:26.0875 2044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:06:26.0953 2044 NdisWan - ok
16:06:27.0546 2044 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:06:27.0546 2044 NDProxy - ok
16:06:28.0187 2044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:06:28.0187 2044 NetBIOS - ok
16:06:28.0890 2044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:06:28.0984 2044 NetBT - ok
16:06:29.0718 2044 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:06:29.0718 2044 NIC1394 - ok
16:06:30.0343 2044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:06:30.0375 2044 Npfs - ok
16:06:31.0453 2044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:06:31.0937 2044 Ntfs - ok
16:06:32.0593 2044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:06:32.0593 2044 Null - ok
16:06:33.0125 2044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:06:33.0140 2044 NwlnkFlt - ok
16:06:33.0765 2044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:06:33.0765 2044 NwlnkFwd - ok
16:06:34.0390 2044 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:06:34.0421 2044 ohci1394 - ok
16:06:35.0015 2044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:06:35.0046 2044 Parport - ok
16:06:35.0703 2044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:06:35.0703 2044 PartMgr - ok
16:06:36.0250 2044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:06:36.0250 2044 ParVdm - ok
16:06:36.0890 2044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:06:36.0937 2044 PCI - ok
16:06:37.0406 2044 PCIDump - ok
16:06:37.0953 2044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:06:37.0953 2044 PCIIde - ok
16:06:38.0671 2044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:06:38.0734 2044 Pcmcia - ok
16:06:39.0296 2044 PDCOMP - ok
16:06:39.0796 2044 PDFRAME - ok
16:06:40.0312 2044 PDRELI - ok
16:06:40.0796 2044 PDRFRAME - ok
16:06:41.0265 2044 perc2 - ok
16:06:41.0796 2044 perc2hib - ok
16:06:42.0406 2044 PGR1394b (6fc9cda0b608dfda41e42d2e9c7d7874) C:\WINDOWS\system32\DRIVERS\HS3dSensor1394.sys
16:06:42.0406 2044 PGR1394b - ok
16:06:43.0187 2044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:06:43.0187 2044 PptpMiniport - ok
16:06:43.0843 2044 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:06:43.0859 2044 Processor - ok
16:06:44.0484 2044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:06:44.0531 2044 PSched - ok
16:06:45.0234 2044 PSINAflt (9abf1d1da5afaaaa41fcbd940aa2e844) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
16:06:45.0250 2044 PSINAflt - ok
16:06:45.0937 2044 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
16:06:45.0937 2044 PSINFile - ok
16:06:46.0593 2044 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
16:06:46.0609 2044 PSINKNC - ok
16:06:47.0343 2044 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
16:06:47.0359 2044 PSINProc - ok
16:06:48.0046 2044 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
16:06:48.0046 2044 PSINProt - ok
16:06:48.0625 2044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:06:48.0625 2044 Ptilink - ok
16:06:49.0203 2044 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:06:49.0203 2044 PxHelp20 - ok
16:06:49.0687 2044 ql1080 - ok
16:06:50.0171 2044 Ql10wnt - ok
16:06:50.0656 2044 ql12160 - ok
16:06:51.0156 2044 ql1240 - ok
16:06:51.0656 2044 ql1280 - ok
16:06:52.0203 2044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:06:52.0203 2044 RasAcd - ok
16:06:52.0812 2044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:06:52.0843 2044 Rasl2tp - ok
16:06:53.0500 2044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:06:53.0500 2044 RasPppoe - ok
16:06:54.0015 2044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:06:54.0015 2044 Raspti - ok
16:06:54.0718 2044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:06:54.0859 2044 Rdbss - ok
16:06:55.0500 2044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:06:55.0500 2044 RDPCDD - ok
16:06:56.0265 2044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:06:56.0421 2044 rdpdr - ok
16:06:57.0218 2044 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:06:57.0343 2044 RDPWD - ok
16:06:57.0953 2044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:06:57.0953 2044 redbook - ok
16:06:58.0687 2044 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:06:58.0718 2044 RTL8023xp - ok
16:06:59.0328 2044 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:06:59.0328 2044 rtl8139 - ok
16:06:59.0968 2044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:06:59.0968 2044 Secdrv - ok
16:07:00.0609 2044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:07:00.0609 2044 Serial - ok
16:07:01.0140 2044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:07:01.0140 2044 Sfloppy - ok
16:07:01.0703 2044 Simbad - ok
16:07:02.0203 2044 Sparrow - ok
16:07:03.0109 2044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:07:03.0109 2044 splitter - ok
16:07:03.0781 2044 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:07:03.0828 2044 Sr - ok
16:07:04.0718 2044 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
16:07:04.0984 2044 Srv - ok
16:07:05.0609 2044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:07:05.0609 2044 swenum - ok
16:07:06.0218 2044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:07:06.0218 2044 swmidi - ok
16:07:06.0750 2044 symc810 - ok
16:07:07.0250 2044 symc8xx - ok
16:07:07.0718 2044 sym_hi - ok
16:07:08.0234 2044 sym_u3 - ok
16:07:08.0828 2044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:07:08.0828 2044 sysaudio - ok
16:07:09.0765 2044 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:07:10.0109 2044 Tcpip - ok
16:07:10.0687 2044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:07:10.0687 2044 TDPIPE - ok
16:07:11.0312 2044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:07:11.0328 2044 TDTCP - ok
16:07:11.0890 2044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:07:11.0906 2044 TermDD - ok
16:07:12.0484 2044 TosIde - ok
16:07:13.0078 2044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:07:13.0078 2044 Udfs - ok
16:07:13.0656 2044 ultra - ok
16:07:14.0500 2044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:07:14.0515 2044 Update - ok
16:07:15.0187 2044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:07:15.0187 2044 usbccgp - ok
16:07:15.0812 2044 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:07:15.0812 2044 usbehci - ok
16:07:16.0593 2044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:07:16.0593 2044 usbhub - ok
16:07:17.0171 2044 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:07:17.0171 2044 usbohci - ok
16:07:17.0734 2044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:07:17.0734 2044 usbprint - ok
16:07:18.0281 2044 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:07:18.0281 2044 usbscan - ok
16:07:18.0921 2044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:07:18.0937 2044 USBSTOR - ok
16:07:19.0484 2044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:07:19.0484 2044 VgaSave - ok
16:07:19.0968 2044 ViaIde - ok
16:07:20.0531 2044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:07:20.0531 2044 VolSnap - ok
16:07:21.0078 2044 vulfnths (16409c468ceee99b6b129fcaa5c0f206) C:\WINDOWS\System32\Drivers\vulfnth.sys
16:07:21.0078 2044 vulfnths - ok
16:07:21.0593 2044 vulfntrs (9fcad546c6285d5073fb926709203049) C:\WINDOWS\System32\Drivers\vulfntr.sys
16:07:21.0609 2044 vulfntrs - ok
16:07:22.0218 2044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:07:22.0218 2044 Wanarp - ok
16:07:22.0703 2044 wanatw - ok
16:07:23.0375 2044 WDICA - ok
16:07:24.0281 2044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:07:24.0281 2044 wdmaud - ok
16:07:25.0734 2044 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:07:25.0765 2044 WudfPf - ok
16:07:26.0625 2044 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:07:26.0656 2044 WudfRd - ok
16:07:27.0421 2044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:07:29.0359 2044 \Device\Harddisk0\DR0 - ok
16:07:29.0375 2044 Boot (0x1200) (790c645ad70625599ac81d85eca1382d) \Device\Harddisk0\DR0\Partition0
16:07:29.0375 2044 \Device\Harddisk0\DR0\Partition0 - ok
16:07:29.0375 2044 ============================================================
16:07:29.0375 2044 Scan finished
16:07:29.0375 2044 ============================================================
16:07:29.0437 2136 Detected object count: 0
16:07:29.0437 2136 Actual detected object count: 0
16:08:59.0437 1728 Deinitialize success

========================================================================================================

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

========================================================================================================

ListParts by Farbar
Ran by Amy on 31-01-2012 at 16:17:13
Windows XP (X86)
Running From: C:\Documents and Settings\Amy\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 53%
Total physical RAM: 1150.48 MB
Available physical RAM: 534.69 MB
Total Pagefile: 1985.66 MB
Available Pagefile: 1524.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.14 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:18.64 GB) (Free:4.89 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 19 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 19 GB 32 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 19 GB Healthy System (partition with boot components)


****** End Of Log ******

#4 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 31 January 2012 - 10:17 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Posted Image Posted Image


#5 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 12:23 AM

I had to run combofix in safe mode. Would not run in normal. I did not need to use rkill.
The panda cloud antivirus keeps giving me an error when I try to enable it.
Heres the log

ComboFix 12-01-30.02 - Administrator 01/31/2012 18:34:15.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.940 [GMT -5:00]
Running from: c:\documents and settings\Amy\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET50.tmp
.
c:\windows\system32\attrib.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 05:29 . 2012-01-31 05:29 -------- d-----w- c:\windows\system32\GroupPolicy
2012-01-30 20:55 . 2012-01-30 20:55 45056 ----a-w- c:\windows\system32\aticalrt.dll
2012-01-30 20:55 . 2012-01-30 20:55 45056 ----a-w- c:\windows\system32\aticalcl.dll
2012-01-30 20:55 . 2012-01-30 20:55 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2012-01-30 20:55 . 2012-01-30 20:55 118784 ----a-w- c:\windows\system32\atibrtmon.exe
2012-01-30 20:37 . 2012-01-30 20:37 -------- d-----w- c:\documents and settings\All Users\Uniblue
2012-01-30 18:28 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-30 18:28 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-30 18:28 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-30 18:28 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-30 18:28 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-30 18:28 . 2011-12-21 07:24 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2012-01-30 07:35 . 2012-01-30 07:35 -------- d-----w- c:\program files\Common Files\Java
2012-01-30 07:29 . 2012-01-30 07:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-30 07:00 . 2012-01-30 07:00 -------- d-----w- c:\program files\Foxit Software
2012-01-30 05:45 . 2012-01-30 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-30 05:45 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 05:45 . 2012-01-30 23:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 05:24 . 2012-01-30 05:24 -------- d-----w- c:\program files\Panda Security
2012-01-30 05:24 . 2012-01-30 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2012-01-30 01:46 . 2012-01-30 01:47 -------- d-----w- C:\temp
2012-01-30 01:41 . 2012-01-30 18:24 -------- d-----w- C:\Program Installers
2012-01-29 23:08 . 2012-01-29 23:09 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 07:27 . 2010-05-24 21:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-21 07:24 . 2012-01-30 18:28 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Walgreens PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Walgreens PictureMover.lnk
backup=c:\windows\pss\Walgreens PictureMover.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-26 01:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
2004-12-09 08:51 3895296 ----a-w- c:\program files\Audio Deck\EnMixCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 11:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 09:42 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"MyFunCardsbarService"=2 (0x2)
"KodakCCS"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"SeaPort"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4/28/2011 1:57 PM 129992]
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2010 6:27 AM 84319]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/30/2012 12:45 AM 652360]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/28/2011 1:58 PM 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [8/1/2011 6:23 AM 143752]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/28/2011 1:57 PM 97096]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/28/2011 1:57 PM 111688]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [4/28/2011 1:57 PM 112456]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2010 6:27 AM 5318]
S3 ATI_WDMAUD;ATI Integrated Digital Audio;c:\windows\system32\drivers\atiwdma.sys [4/26/2010 1:47 PM 101408]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [4/26/2010 2:23 PM 577664]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [4/24/2010 8:52 PM 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/30/2012 12:45 AM 20464]
S3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [5/29/2010 7:44 PM 72704]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1430.0\mswinext.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe
AddRemove-HPExtendedCapabilities - c:\program files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 18:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-01-31 18:49:32
ComboFix-quarantined-files.txt 2012-01-31 23:49
.
Pre-Run: 5,151,186,944 bytes free
Post-Run: 5,198,528,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - ECCF5D3C3137446AA9D048995A1D0A9C

#6 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 12:26 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
attrib.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image Posted Image


#7 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 12:41 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 19:35 on 31/01/2012 by Amy
Administrator - Elevation successful

========== filefind ==========

Searching for "attrib.exe"
C:\WINDOWS\system32\attrib.exe --a---- 12288 bytes [12:42 14/04/2008] [12:42 14/04/2008] 7DD9541FA41BAD9D70C93F1C4147E8F4
C:\WINDOWS\system32\dllcache\attrib.exe --a--c- 12288 bytes [12:42 14/04/2008] [12:42 14/04/2008] E6D680494C812B82A15600FD23C94424

-= EOF =-

#8 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 12:59 AM

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\WINDOWS\system32\dllcache\attrib.exe | C:\WINDOWS\system32\attrib.exe

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

Posted Image Posted Image


#9 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 02:18 AM

ComboFix 12-01-31.01 - Administrator 01/31/2012 20:44:30.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.939 [GMT -5:00]
Running from: c:\documents and settings\Amy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Amy\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\attrib.exe --> c:\windows\system32\attrib.exe
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 00:39 . 2012-02-01 00:39 -------- d-----w- c:\windows\LastGood.Tmp
2012-01-31 05:29 . 2012-01-31 05:29 -------- d-----w- c:\windows\system32\GroupPolicy
2012-01-30 20:55 . 2012-01-30 20:55 45056 ----a-w- c:\windows\system32\aticalrt.dll
2012-01-30 20:55 . 2012-01-30 20:55 45056 ----a-w- c:\windows\system32\aticalcl.dll
2012-01-30 20:55 . 2012-01-30 20:55 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2012-01-30 20:55 . 2012-01-30 20:55 118784 ----a-w- c:\windows\system32\atibrtmon.exe
2012-01-30 20:37 . 2012-01-30 20:37 -------- d-----w- c:\documents and settings\All Users\Uniblue
2012-01-30 18:28 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-30 18:28 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-30 18:28 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-30 18:28 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-30 18:28 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-30 18:28 . 2011-12-21 07:24 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2012-01-30 07:35 . 2012-01-30 07:35 -------- d-----w- c:\program files\Common Files\Java
2012-01-30 07:29 . 2012-01-30 07:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-30 07:00 . 2012-01-30 07:00 -------- d-----w- c:\program files\Foxit Software
2012-01-30 05:45 . 2012-01-30 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-30 05:45 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 05:45 . 2012-01-30 23:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 05:24 . 2012-01-30 05:24 -------- d-----w- c:\program files\Panda Security
2012-01-30 05:24 . 2012-01-30 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2012-01-30 01:46 . 2012-01-30 01:47 -------- d-----w- C:\temp
2012-01-30 01:41 . 2012-01-30 18:24 -------- d-----w- C:\Program Installers
2012-01-29 23:08 . 2012-01-29 23:09 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 07:27 . 2010-05-24 21:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-21 07:24 . 2012-01-30 18:28 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_23.46.14 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Walgreens PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Walgreens PictureMover.lnk
backup=c:\windows\pss\Walgreens PictureMover.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-26 01:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
2004-12-09 08:51 3895296 ----a-w- c:\program files\Audio Deck\EnMixCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 11:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 09:42 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"MyFunCardsbarService"=2 (0x2)
"KodakCCS"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"SeaPort"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4/28/2011 1:57 PM 129992]
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2010 6:27 AM 84319]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/30/2012 12:45 AM 652360]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/28/2011 1:58 PM 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [8/1/2011 6:23 AM 143752]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/28/2011 1:57 PM 97096]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/28/2011 1:57 PM 111688]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [4/28/2011 1:57 PM 112456]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2010 6:27 AM 5318]
S3 ATI_WDMAUD;ATI Integrated Digital Audio;c:\windows\system32\drivers\atiwdma.sys [4/26/2010 1:47 PM 101408]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [4/26/2010 2:23 PM 577664]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [4/24/2010 8:52 PM 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/30/2012 12:45 AM 20464]
S3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [5/29/2010 7:44 PM 72704]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(396)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2012-01-31 20:57:51
ComboFix-quarantined-files.txt 2012-02-01 01:57
ComboFix2.txt 2012-01-31 23:49
.
Pre-Run: 5,178,327,040 bytes free
Post-Run: 5,158,576,128 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 78DE674828B1BE6A2C9652B6A55FDCCE

#10 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 02:20 AM

Good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Posted Image Posted Image


#11 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 04:46 PM

Well the OTL scan took alost 3 hours, it was still scanning when I went to bed. I woke up and it seems the system has rebooted as it was sititng on the windows login screen. I did not get any logs from the OTL scan. Should I try again? The system is still running very slow.

#12 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 04:49 PM

Yeah, go ahead and redo.
Posted Image Posted Image


#13 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 05:18 PM

It is taking a long time to scan, should I try it in safe mode?

#14 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 05:21 PM

The results won't be the same.
Try to disable your AV program.
Posted Image Posted Image


#15 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 06:12 PM

Ok, I disables that but its still taking a long time, I will let it scan and see if it produces the logs.

#16 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 06:19 PM

Let me know if it gets stuck on any particular item.
Eventually run it without custom script.
Posted Image Posted Image


#17 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 06:34 PM

It is stuck on,

Scanning Modules...

#18 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 06:42 PM

Try to run it without custom script.

If still stuck run it from safe mode.
Posted Image Posted Image


#19 ProblemsRBad Re: [Inactive] working with another dirty win xp desktop

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 02:21 PM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 01 February 2012 - 09:33 PM

Ok, I scanned in safe mode with out using the custom script. Ran much more fast heres the log.

OTL logfile created on: 2/1/2012 4:21:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Amy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 82.65% Memory free
1.94 Gb Paging File | 1.88 Gb Available in Paging File | 96.92% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 4.59 Gb Free Space | 24.64% Space Free | Partition Type: NTFS

Computer Name: ---------- | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 21:26:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy\Desktop\OTL.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/05 12:12:43 | 000,143,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 13:57:57 | 000,112,456 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 13:57:38 | 000,129,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/06/11 11:34:22 | 003,225,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/19 08:09:10 | 000,072,704 | ---- | M] (Point Grey Research) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HS3dSensor1394.sys -- (PGR1394b)
DRV - [2007/12/14 08:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007/10/12 08:40:12 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/07/12 10:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/12/04 16:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/06/14 10:10:14 | 000,084,319 | ---- | M] (ULi Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2005/03/17 10:33:04 | 000,005,318 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2004/11/25 21:55:18 | 000,577,664 | R--- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2004/07/27 08:12:00 | 000,101,408 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atiwdma.sys -- (ATI_WDMAUD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-492894223-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/30 13:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 12:51:15 | 000,000,000 | ---D | M]

[2012/01/30 13:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/30 02:27:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/04 16:33:05 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/31 18:46:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-492894223-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-492894223-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-492894223-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-492894223-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00E9C374-78A8-43BE-AC37-44BDE226E44F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/22 15:40:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 14:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2012/01/31 20:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/31 20:42:38 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/01/31 18:25:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/31 18:25:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/31 18:25:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/31 18:25:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/31 18:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/31 18:23:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/01/31 18:23:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/01/31 18:23:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/01/31 18:23:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/01/31 17:56:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/31 17:21:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/01/31 00:29:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/01/30 15:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2012/01/30 02:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/30 02:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/01/30 02:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/01/30 00:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 00:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/30 00:45:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/30 00:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/30 00:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/01/30 00:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/01/29 20:46:20 | 000,000,000 | ---D | C] -- C:\temp
[2012/01/29 20:41:04 | 000,000,000 | ---D | C] -- C:\Program Installers
[2012/01/29 18:09:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/01/29 18:08:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/01/29 18:08:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/01/29 18:08:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/01/29 18:08:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/01/29 18:08:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/01/29 18:08:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/01/29 18:08:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/01/29 18:08:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/01/29 18:08:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/01/29 18:08:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/01/29 18:08:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/01/29 18:08:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/01/29 18:08:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/01/29 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/01/29 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/01/29 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/01/29 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/01/29 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/01/29 18:08:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/26 14:23:09 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2010/04/26 14:23:07 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 16:01:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/01 14:50:14 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2012/02/01 03:05:55 | 000,000,575 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/31 18:46:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/30 18:29:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 15:55:08 | 000,152,496 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/01/30 13:29:34 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/30 02:00:46 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.1.lnk
[2012/01/29 23:28:30 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2012/01/29 16:33:54 | 000,393,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/29 16:33:54 | 000,059,468 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/28 22:41:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 14:50:14 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2012/01/31 18:30:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2012/01/31 18:25:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/31 18:25:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/31 18:25:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/31 18:25:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/31 18:25:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/30 15:55:08 | 000,152,496 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/01/30 02:00:46 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.1.lnk
[2012/01/30 00:45:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/29 18:08:54 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/01/29 18:08:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/08/26 17:38:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2011/05/09 20:42:24 | 000,112,847 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2011/05/09 20:42:24 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/05/20 23:59:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/05/07 20:37:19 | 000,111,960 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/05/07 20:37:19 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/04/26 14:22:51 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\UnEnvyNT.dll
[2010/04/26 14:10:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/04/26 14:08:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/04/24 22:27:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/23 06:47:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/22 15:43:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 15:36:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/22 08:29:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/22 08:28:16 | 000,094,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/11 08:38:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/11 08:38:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/11 08:38:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/11 04:50:18 | 000,174,819 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/04/14 07:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 09:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 06:00:00 | 000,393,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 06:00:00 | 000,059,468 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/05/24 16:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/04/01 10:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jCg24512gBkMh24512
[2010/06/24 17:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/06/24 17:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2012/01/30 00:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/05/29 11:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PictureMover
[2011/05/29 11:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens PictureMover
[2010/04/28 11:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\MSNInstaller
[2011/05/29 13:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\PictureMover
[2011/03/01 14:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\SecondLife
[2010/05/30 23:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chels\Application Data\FCSB000062215
[2011/05/31 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chels\Application Data\PictureMover
[2011/07/01 21:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lexie\Application Data\PictureMover

========== Purity Check ==========



< End of report >


=======================================================================================


OTL Extras logfile created on: 2/1/2012 4:21:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Amy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 82.65% Memory free
1.94 Gb Paging File | 1.88 Gb Available in Paging File | 96.92% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 4.59 Gb Free Space | 24.64% Space Free | Partition Type: NTFS

Computer Name: ---------- | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{113DE59D-B57A-4075-9D4F-5803DFA69EB7}" = Walgreens PictureMover
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Combat Arms" = Combat Arms
"Envy24HF Setup Program" = UnInstall Envy24 Family Audio Device Driver
"Foxit Reader_is1" = Foxit Reader 5.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2011 8:18:29 PM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.1, faulting module
jaucheck.exe, version 2.0.2.1, fault address 0x0000c940.

Error - 8/29/2011 3:09:21 PM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.18702, fault address 0x0001fd06.

Error - 8/29/2011 3:15:42 PM | Computer Name = ---------- | Source = .NET Runtime | ID = 0
Description =

Error - 8/29/2011 4:13:49 PM | Computer Name = ---------- | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.0.4240, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2012 7:55:30 PM | Computer Name = ---------- | Source = Windows Product Activation | ID = 1000
Description = An error occurred while the wizard was checking the current Windows
product license. Error Code: 0x80070002

Error - 1/30/2012 1:48:57 AM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x33c7e26d.

Error - 1/31/2012 2:34:13 AM | Computer Name = ---------- | Source = Application Hang | ID = 1002
Description = Hanging application ssflwbox.scr, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2012 4:56:22 PM | Computer Name = ---------- | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/31/2012 4:56:22 PM | Computer Name = ---------- | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/31/2012 9:45:53 PM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

[ System Events ]
Error - 1/31/2012 9:58:26 PM | Computer Name = ---------- | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/31/2012 9:58:41 PM | Computer Name = ---------- | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/31/2012 10:06:04 PM | Computer Name = ---------- | Source = Service Control Manager | ID = 7022
Description = The Panda Cloud Antivirus Service service hung on starting.

Error - 1/31/2012 10:07:06 PM | Computer Name = ---------- | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/31/2012 10:07:06 PM | Computer Name = ---------- | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/1/2012 4:32:14 AM | Computer Name = ---------- | Source = Service Control Manager | ID = 7022
Description = The Panda Cloud Antivirus Service service hung on starting.

Error - 2/1/2012 1:52:34 PM | Computer Name = ---------- | Source = Service Control Manager | ID = 7022
Description = The Panda Cloud Antivirus Service service hung on starting.

Error - 2/1/2012 5:02:14 PM | Computer Name = ---------- | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Fips PSINKNC

Error - 2/1/2012 5:02:24 PM | Computer Name = ---------- | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/1/2012 5:15:20 PM | Computer Name = ---------- | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

#20 Broni Re: [Inactive] working with another dirty win xp desktop

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 12:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 12h 18m 57s

Posted 01 February 2012 - 10:14 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/04/01 10:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jCg24512gBkMh24512
[2010/05/30 23:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chels\Application Data\FCSB000062215

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.

Posted Image Posted Image


Back to Virus, Spyware and Malware Removal · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


This topic has been visited by 11 user(s)

  1. Smartest Computing
  2. > Security
  3. > Virus, Spyware and Malware Removal
  4. SmartestComputing rules