Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help needed with system check malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help needed with system check malware removal

Unread postby pbellert » January 22nd, 2012, 1:31 pm

After 48 hours of hard work it looks like I finally got rid of system check malware. I've recovered all of my files, but have a question - how can I be sure my computer is now operating correctly. I'm not a pro, so any advise would be greatly appreciated. Thanks.

Run by user1 at 11:14:50 on 2012-01-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2367 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [FpNsnrTURn.exe] c:\documents and settings\all users\application data\FpNsnrTURn.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4987462097
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2C1EC29-71D3-4FEB-AA78-8DB19617A5E6} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user1\application data\mozilla\firefox\profiles\voxj3y0k.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-21 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-21 20464]
S1 aesjthxt;aesjthxt;\??\c:\windows\system32\drivers\aesjthxt.sys --> c:\windows\system32\drivers\aesjthxt.sys [?]
S2 6;6;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
.
=============== Created Last 30 ================
.
2012-01-22 17:03:44 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5c6bfb7-ec18-43a5-8662-d737bc252eb8}\offreg.dll
2012-01-22 15:52:28 -------- d-----w- c:\program files\AVAST Software
2012-01-22 15:52:28 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-01-21 21:47:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 21:47:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-21 21:10:22 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5c6bfb7-ec18-43a5-8662-d737bc252eb8}\mpengine.dll
2012-01-21 21:02:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-21 20:43:20 100848 ----a-w- c:\documents and settings\all users\application data\1327178440.bdinstall.bin
2012-01-21 20:40:39 30062 ----a-w- c:\documents and settings\all users\application data\1327178438.bdinstall.bin
2012-01-21 20:32:03 270633 ----a-w- c:\documents and settings\all users\application data\1327177343.bdinstall.bin
2012-01-21 19:38:29 -------- d-----w- c:\documents and settings\user1\application data\QuickScan
2012-01-21 19:38:08 1670 ----a-w- c:\documents and settings\all users\application data\1327174600.1200.bin
2012-01-21 19:37:16 5092 ----a-w- c:\documents and settings\all users\application data\1327174600.1892.bin
2012-01-21 19:37:16 32305 ----a-w- c:\documents and settings\all users\application data\1327174600.3064.bin
2012-01-21 19:37:16 -------- d-----w- c:\program files\Bitdefender
2012-01-21 19:36:54 1698 ----a-w- c:\documents and settings\all users\application data\1327174600.3280.bin
2012-01-21 19:36:46 9583 ----a-w- c:\documents and settings\all users\application data\1327174600.988.bin
2012-01-21 19:36:46 5467 ----a-w- c:\documents and settings\all users\application data\1327174600.468.bin
2012-01-21 19:36:40 46859 ----a-w- c:\documents and settings\all users\application data\1327174600.1324.bin
2012-01-21 19:36:40 288137 ----a-w- c:\documents and settings\all users\application data\1327174600.2988.bin
2012-01-21 19:36:40 11235 ----a-w- c:\documents and settings\all users\application data\1327174600.3236.bin
2012-01-21 19:35:08 -------- d-----w- c:\program files\common files\Bitdefender
2012-01-21 06:24:44 -------- d-----w- c:\documents and settings\user1\application data\Malwarebytes
2012-01-21 06:24:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-21 05:54:44 -------- d-----w- c:\windows\system32\GroupPolicy
2012-01-21 05:36:07 -------- d-----w- c:\program files\PC Tools Security
2012-01-21 05:36:07 -------- d-----w- c:\program files\common files\PC Tools
2012-01-21 05:31:27 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-01-07 20:00:35 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 20:00:35 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-07 20:00:35 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-07 20:00:34 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
.
==================== Find3M ====================
.
2012-01-22 17:03:38 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-22 17:03:35 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-21 23:05:44 64128 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2012-01-21 06:04:14 58288 ------w- c:\windows\system32\rpcnet.exe
2011-12-19 09:02:35 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-12-19 09:02:33 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-12-19 09:02:33 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-12-10 15:56:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-10 15:56:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-28 23:34:00 446160 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 19:59:40 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 01:20:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 11:15:33.84 ===============


Below is the second log requested.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/16/2007 7:50:45 AM
System Uptime: 1/22/2012 11:02:45 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 125.184 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP129: 10/24/2011 10:20:18 AM - System Checkpoint
RP130: 10/24/2011 5:41:34 PM - Software Distribution Service 3.0
RP131: 10/25/2011 7:08:29 PM - Software Distribution Service 3.0
RP132: 10/26/2011 8:04:29 PM - System Checkpoint
RP133: 10/26/2011 10:10:31 PM - Software Distribution Service 3.0
RP134: 10/28/2011 7:50:11 AM - Software Distribution Service 3.0
RP135: 10/29/2011 8:00:55 AM - System Checkpoint
RP136: 10/29/2011 4:15:49 PM - Software Distribution Service 3.0
RP137: 10/30/2011 8:17:10 PM - Software Distribution Service 3.0
RP138: 10/31/2011 8:42:54 PM - System Checkpoint
RP139: 11/1/2011 7:45:47 AM - Software Distribution Service 3.0
RP140: 11/2/2011 8:35:57 AM - Software Distribution Service 3.0
RP141: 11/3/2011 9:11:56 AM - Software Distribution Service 3.0
RP142: 11/4/2011 9:32:44 AM - System Checkpoint
RP143: 11/4/2011 3:33:24 PM - Software Distribution Service 3.0
RP144: 11/5/2011 3:39:22 PM - Software Distribution Service 3.0
RP145: 11/6/2011 2:56:12 PM - System Checkpoint
RP146: 11/6/2011 5:28:45 PM - Software Distribution Service 3.0
RP147: 11/7/2011 6:40:34 PM - Software Distribution Service 3.0
RP148: 11/8/2011 7:47:49 PM - Software Distribution Service 3.0
RP149: 11/9/2011 7:40:04 AM - Software Distribution Service 3.0
RP150: 11/10/2011 8:55:17 AM - Software Distribution Service 3.0
RP151: 11/11/2011 7:46:02 AM - Software Distribution Service 3.0
RP152: 11/11/2011 9:16:45 AM - Software Distribution Service 3.0
RP153: 11/12/2011 1:04:29 PM - Software Distribution Service 3.0
RP154: 11/13/2011 1:20:20 PM - Software Distribution Service 3.0
RP155: 11/14/2011 2:46:46 PM - System Checkpoint
RP156: 11/14/2011 7:28:11 PM - Software Distribution Service 3.0
RP157: 11/15/2011 7:48:08 PM - System Checkpoint
RP158: 11/16/2011 4:05:29 AM - Software Distribution Service 3.0
RP159: 11/21/2011 4:45:29 PM - System Checkpoint
RP160: 11/21/2011 8:22:50 PM - Software Distribution Service 3.0
RP161: 11/23/2011 7:08:38 AM - Software Distribution Service 3.0
RP162: 11/24/2011 11:12:10 AM - Software Distribution Service 3.0
RP163: 11/25/2011 11:40:41 AM - System Checkpoint
RP164: 11/25/2011 3:37:16 PM - Software Distribution Service 3.0
RP165: 11/26/2011 6:14:14 PM - Software Distribution Service 3.0
RP166: 11/27/2011 6:48:34 PM - System Checkpoint
RP167: 11/28/2011 7:53:33 AM - Software Distribution Service 3.0
RP168: 11/29/2011 8:55:10 AM - Software Distribution Service 3.0
RP169: 11/30/2011 12:24:06 PM - Software Distribution Service 3.0
RP170: 12/1/2011 5:14:39 PM - Software Distribution Service 3.0
RP171: 12/3/2011 12:55:28 AM - Software Distribution Service 3.0
RP172: 12/4/2011 8:44:02 AM - Software Distribution Service 3.0
RP173: 12/5/2011 9:34:01 AM - Software Distribution Service 3.0
RP174: 12/6/2011 9:40:52 AM - System Checkpoint
RP175: 12/6/2011 6:03:37 PM - Software Distribution Service 3.0
RP176: 12/7/2011 8:32:40 PM - Software Distribution Service 3.0
RP177: 12/9/2011 8:57:14 AM - Software Distribution Service 3.0
RP178: 12/10/2011 9:28:07 AM - Software Distribution Service 3.0
RP179: 12/11/2011 10:20:02 AM - System Checkpoint
RP180: 12/11/2011 8:11:07 PM - Software Distribution Service 3.0
RP181: 12/12/2011 10:15:02 PM - Software Distribution Service 3.0
RP182: 12/13/2011 12:29:07 AM - Removed Skype™ 5.5
RP183: 12/14/2011 1:11:15 PM - Software Distribution Service 3.0
RP184: 12/15/2011 12:44:05 PM - Software Distribution Service 3.0
RP185: 12/16/2011 3:12:08 AM - Software Distribution Service 3.0
RP186: 12/17/2011 4:51:56 AM - Software Distribution Service 3.0
RP187: 12/19/2011 3:02:59 AM - Installed Windows XP Wdf01007.
RP188: 12/19/2011 3:17:14 AM - Software Distribution Service 3.0
RP189: 12/20/2011 8:41:17 AM - Software Distribution Service 3.0
RP190: 12/21/2011 10:14:29 AM - System Checkpoint
RP191: 12/21/2011 3:30:30 PM - Software Distribution Service 3.0
RP192: 12/22/2011 4:06:07 PM - System Checkpoint
RP193: 12/23/2011 2:33:42 AM - Software Distribution Service 3.0
RP194: 12/24/2011 2:44:41 AM - Software Distribution Service 3.0
RP195: 12/25/2011 4:40:17 PM - Software Distribution Service 3.0
RP196: 12/26/2011 10:52:04 PM - Software Distribution Service 3.0
RP197: 12/28/2011 2:20:45 AM - Software Distribution Service 3.0
RP198: 12/29/2011 3:21:59 AM - Software Distribution Service 3.0
RP199: 12/30/2011 4:00:18 AM - System Checkpoint
RP200: 12/30/2011 10:36:12 AM - Software Distribution Service 3.0
RP201: 12/31/2011 11:02:44 AM - Software Distribution Service 3.0
RP202: 1/1/2012 4:05:11 PM - System Checkpoint
RP203: 1/2/2012 1:32:54 AM - Software Distribution Service 3.0
RP204: 1/3/2012 8:45:33 AM - Software Distribution Service 3.0
RP205: 1/4/2012 4:23:20 PM - Software Distribution Service 3.0
RP206: 1/6/2012 2:40:39 AM - Software Distribution Service 3.0
RP207: 1/7/2012 4:36:56 AM - Software Distribution Service 3.0
RP208: 1/8/2012 7:05:09 AM - Software Distribution Service 3.0
RP209: 1/9/2012 8:35:17 AM - Software Distribution Service 3.0
RP210: 1/10/2012 10:04:58 AM - Software Distribution Service 3.0
RP211: 1/11/2012 4:45:32 AM - Software Distribution Service 3.0
RP212: 1/12/2012 10:29:50 AM - Software Distribution Service 3.0
RP213: 1/13/2012 11:49:46 AM - System Checkpoint
RP214: 1/13/2012 7:34:33 PM - Software Distribution Service 3.0
RP215: 1/14/2012 7:52:25 PM - System Checkpoint
RP216: 1/15/2012 7:40:08 AM - Software Distribution Service 3.0
RP217: 1/16/2012 8:05:23 AM - Software Distribution Service 3.0
RP218: 1/17/2012 9:38:47 AM - Software Distribution Service 3.0
RP219: 1/18/2012 9:54:49 AM - System Checkpoint
RP220: 1/18/2012 11:18:09 AM - Software Distribution Service 3.0
RP221: 1/18/2012 6:24:31 PM - Software Distribution Service 3.0
RP222: 1/19/2012 6:35:05 PM - Software Distribution Service 3.0
RP223: 1/20/2012 6:55:17 PM - Software Distribution Service 3.0
RP224: 1/21/2012 2:29:32 PM - Installed Windows XP Wdf01009.
RP225: 1/21/2012 2:53:47 PM - Software Distribution Service 3.0
RP226: 1/21/2012 3:10:05 PM - Software Distribution Service 3.0
RP227: 1/22/2012 9:52:28 AM - avast! Free Antivirus Setup
RP228: 1/22/2012 11:01:28 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
ArcSoft PhotoStudio 5.5
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
DVD Region+CSS Free 5.9.2.0
ffdshow v1.1.3611 [2010-10-06]
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
OZ776 SCR CardBus Windows Driver
OZ776 SCR Driver V1.1.4.202
PC Connectivity Solution Lite
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype™ 5.5
Sonic RecordNow! Plus
TouchChip USB Driver 2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/21/2012 4:56:38 PM, error: Service Control Manager [7023] - The 6 service terminated with the following error: The specified module could not be found.
1/21/2012 2:45:01 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the file specified.
1/21/2012 2:29:57 PM, error: Service Control Manager [7000] - The bdsandbox service failed to start due to the following error: The specified procedure could not be found.
1/21/2012 12:49:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/20/2012 7:35:44 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2012 11:54:13 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/20/2012 11:31:00 PM, error: Service Control Manager [7023] - The 6 service terminated with the following error: The specified procedure could not be found.
1/20/2012 11:31:00 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/20/2012 11:29:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2012 11:27:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter Tosrfcom
1/20/2012 11:11:20 PM, error: System Error [1003] - Error code 000000ea, parameter1 8acd6680, parameter2 8ab65008, parameter3 8a9177b0, parameter4 00000001.
1/20/2012 11:10:11 PM, error: System Error [1003] - Error code 000000ea, parameter1 88d0c020, parameter2 8ab2ab38, parameter3 8ab1a7d0, parameter4 00000001.
1/18/2012 8:40:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Multimedia mobilNET. OUC service to connect.
1/18/2012 8:40:36 AM, error: Service Control Manager [7000] - The Multimedia mobilNET. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm
Advertisement
Register to Remove

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 23rd, 2012, 6:47 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 9.4.6
Java(TM) 6 Update 22


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 24th, 2012, 12:36 am

I ran the scan with OTL. Everything seems to be working just fine.

1st log - OTL.txt

OTL logfile created on: 1/23/2012 10:26:03 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.14% Memory free
4.83 Gb Paging File | 4.36 Gb Available in Paging File | 90.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 125.06 Gb Free Space | 83.91% Space Free | Partition Type: NTFS

Computer Name: D6G2KCZ | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Sigmatel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll ()


========== Win32 Services (SafeList) ==========

SRV - (6) -- File not found
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (STacSV) -- C:\Program Files\Sigmatel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1935655697-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2000478354-1935655697-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2000478354-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 09:57:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 14:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/13 20:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/08/13 20:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/07 14:00:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 21:44:15 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O4 - HKLM..\Run: [FpNsnrTURn.exe] C:\Documents and Settings\All Users\Application Data\FpNsnrTURn.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1935655697-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2000478354-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4987462097 (WUWebControl Class)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2C1EC29-71D3-4FEB-AA78-8DB19617A5E6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/16 06:48:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5368ee33-2a20-11e1-94dc-001b77b16f55}\Shell - "" = AutoRun
O33 - MountPoints2\{5368ee33-2a20-11e1-94dc-001b77b16f55}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5368ee33-2a20-11e1-94dc-001b77b16f55}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{70fbc652-2a90-11e1-94df-001a6b89f9d3}\Shell - "" = AutoRun
O33 - MountPoints2\{70fbc652-2a90-11e1-94df-001a6b89f9d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{70fbc652-2a90-11e1-94df-001a6b89f9d3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a5a8c54-29c3-11e1-94db-001a6b89f9d3}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5a8c54-29c3-11e1-94db-001a6b89f9d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a5a8c54-29c3-11e1-94db-001a6b89f9d3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b57a1e34-d115-11e0-9385-001a6b89f9d3}\Shell - "" = AutoRun
O33 - MountPoints2\{b57a1e34-d115-11e0-9385-001a6b89f9d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b57a1e34-d115-11e0-9385-001a6b89f9d3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ddf634e2-e18b-11e0-93ca-001a6b89f9d3}\Shell - "" = AutoRun
O33 - MountPoints2\{ddf634e2-e18b-11e0-93ca-001a6b89f9d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ddf634e2-e18b-11e0-93ca-001a6b89f9d3}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{fa04fadc-a8fd-11e0-815e-806d6172696f}\Shell\Option1\Command - "" = D:\HBCD\Wintools\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 22:24:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2012/01/23 22:23:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/22 11:14:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Administrative Tools
[2012/01/22 09:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/22 09:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/21 15:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 15:47:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/21 15:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 15:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/21 14:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2012/01/21 13:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\QuickScan
[2012/01/21 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/01/21 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/01/21 00:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Malwarebytes
[2012/01/21 00:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/20 23:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/20 23:54:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/01/20 23:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/20 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/20 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/20 23:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/20 21:12:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Recent
[2012/01/20 20:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/20 19:53:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/01/20 19:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/20 19:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/01/20 19:24:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2012/01/08 08:43:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/07 09:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Photos Warsaw Wedding
[2012/01/02 14:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Photos Norway
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/23 22:24:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2012/01/23 18:25:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/23 18:25:10 | 000,313,048 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/23 18:25:10 | 000,040,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/23 18:21:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/23 18:21:09 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2012/01/23 18:21:07 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2012/01/23 18:20:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1935655697-725345543-1003.job
[2012/01/23 18:20:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/23 10:53:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/22 11:01:40 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/21 17:05:44 | 000,064,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\drivers\tosrfcom.sys
[2012/01/21 15:47:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 14:43:20 | 000,100,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327178440.bdinstall.bin
[2012/01/21 14:40:39 | 000,030,062 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327178438.bdinstall.bin
[2012/01/21 14:32:03 | 000,270,633 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327177343.bdinstall.bin
[2012/01/21 14:29:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/21 14:29:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/21 14:18:18 | 000,288,137 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.2988.bin
[2012/01/21 14:18:18 | 000,046,859 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1324.bin
[2012/01/21 13:57:47 | 000,011,235 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3236.bin
[2012/01/21 13:46:27 | 000,032,305 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3064.bin
[2012/01/21 13:43:40 | 000,005,467 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.468.bin
[2012/01/21 13:43:40 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1200.bin
[2012/01/21 13:38:08 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3280.bin
[2012/01/21 13:37:20 | 000,005,092 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1892.bin
[2012/01/21 13:36:54 | 000,009,583 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.988.bin
[2012/01/21 00:04:14 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2012/01/20 23:37:37 | 000,683,162 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/11 04:48:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/07 03:52:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1935655697-725345543-1003.job
[2012/01/02 17:16:14 | 1799,647,387 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\NY with Bury Family.m4v
[2011/12/29 15:31:56 | 018,316,850 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Scans-Rzeszow-12-25-2009-Copy-jpg.zip
[2011/12/25 03:03:36 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 22:05:43 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/21 22:05:43 | 000,002,063 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with RecordNow! Plus.lnk
[2012/01/21 22:05:43 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/01/21 22:05:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/21 22:05:43 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/21 22:05:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/21 22:05:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/21 22:05:43 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/01/21 22:05:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/21 22:05:41 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/21 22:05:41 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2012/01/21 22:05:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/21 22:05:41 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/21 22:05:41 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/21 21:50:42 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Internet Explorer.lnk
[2012/01/21 15:47:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 15:07:55 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/21 15:02:46 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/21 14:43:20 | 000,100,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327178440.bdinstall.bin
[2012/01/21 14:40:39 | 000,030,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327178438.bdinstall.bin
[2012/01/21 14:32:03 | 000,270,633 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327177343.bdinstall.bin
[2012/01/21 14:29:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/21 14:29:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/21 13:38:08 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1200.bin
[2012/01/21 13:37:16 | 000,032,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3064.bin
[2012/01/21 13:37:16 | 000,005,092 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1892.bin
[2012/01/21 13:36:54 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3280.bin
[2012/01/21 13:36:46 | 000,009,583 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.988.bin
[2012/01/21 13:36:46 | 000,005,467 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.468.bin
[2012/01/21 13:36:40 | 000,288,137 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.2988.bin
[2012/01/21 13:36:40 | 000,046,859 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1324.bin
[2012/01/21 13:36:40 | 000,011,235 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3236.bin
[2012/01/20 23:37:28 | 000,683,162 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/02 22:15:23 | 1799,647,387 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\NY with Bury Family.m4v
[2011/12/29 15:17:55 | 018,316,850 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Scans-Rzeszow-12-25-2009-Copy-jpg.zip
[2011/09/03 09:31:12 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2011/09/03 08:49:39 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/09/03 08:49:39 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2011/09/02 12:28:56 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 20:53:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/02 10:01:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/02 10:00:04 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2011/02/02 09:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2011/01/12 15:37:49 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011/01/12 15:03:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/19 11:33:01 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/03/19 11:32:45 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007/03/16 07:28:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/03/16 06:50:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/03/16 06:44:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/15 12:18:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/15 12:17:02 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/21 17:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 17:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/09/22 13:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,313,048 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,040,912 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby pbellert » January 24th, 2012, 12:40 am

2nd log - Extra.txt

OTL Extras logfile created on: 1/23/2012 10:26:03 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.14% Memory free
4.83 Gb Paging File | 4.36 Gb Available in Paging File | 90.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 125.06 Gb Free Space | 83.91% Space Free | Partition Type: NTFS

Computer Name: D6G2KCZ | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2000478354-1935655697-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{52675D00-AD10-49F7-B129-BEA9FED1C610}" = Nokia Connectivity Cable Driver
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi Software
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CC1ACF58-CD2D-4F36-9195-F13D13962E15}" = PC Connectivity Solution Lite
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.2.0
"ffdshow_is1" = ffdshow v1.1.3611 [2010-10-06]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2011 11:04:08 AM | Computer Name = D6G2KCZ | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module comctl32.dll, version 6.0.2900.6028, fault address 0x0004dbe4.

Error - 10/27/2011 11:18:40 AM | Computer Name = D6G2KCZ | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module comctl32.dll, version 6.0.2900.6028, fault address 0x00010e19.

Error - 11/20/2011 11:49:17 PM | Computer Name = D6G2KCZ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/21/2011 6:37:42 PM | Computer Name = D6G2KCZ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/30/2011 11:55:33 PM | Computer Name = D6G2KCZ | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module wiashext.dll, version 5.1.2600.5512, fault address 0x0000d3ff.

Error - 12/8/2011 11:03:31 PM | Computer Name = D6G2KCZ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 12/9/2011 12:46:01 PM | Computer Name = D6G2KCZ | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module wiashext.dll, version 5.1.2600.5512, fault address 0x0000d3ff.

Error - 12/19/2011 5:00:23 AM | Computer Name = D6G2KCZ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2011 5:07:28 AM | Computer Name = D6G2KCZ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2011 11:01:31 AM | Computer Name = D6G2KCZ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/22/2012 1:03:49 PM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 1/22/2012 1:03:49 PM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7023
Description = The 6 service terminated with the following error: %%126

Error - 1/22/2012 9:54:45 PM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 1/22/2012 9:54:45 PM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7023
Description = The 6 service terminated with the following error: %%126

Error - 1/23/2012 9:23:35 AM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 1/23/2012 9:23:35 AM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7023
Description = The 6 service terminated with the following error: %%126

Error - 1/23/2012 11:26:02 AM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 1/23/2012 11:26:02 AM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7023
Description = The 6 service terminated with the following error: %%126

Error - 1/23/2012 8:21:12 PM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 1/23/2012 8:21:12 PM | Computer Name = D6G2KCZ | Source = Service Control Manager | ID = 7023
Description = The 6 service terminated with the following error: %%126


< End of report >
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 24th, 2012, 7:02 am

Hi. :)

I ran the scan with OTL. Everything seems to be working just fine.
OK and thanks for the update, lets proceed as follows shall we...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Temp Disable MBAM's Protection Module:

This is so it will not hinder the custom OTL script below, it will automatically start again after your machine is rebooted.

Right-click on the Malwarebytes Anti-Malware System Tray icon >> Enable Protection

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
SRV - (6) -- File not found
IE - HKU\S-1-5-21-2000478354-1935655697-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
[2011/08/13 20:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O4 - HKLM..\Run: [FpNsnrTURn.exe] C:\Documents and Settings\All Users\Application Data\FpNsnrTURn.exe File not found
O4 - HKLM..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/22 09:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/22 09:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/21 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/01/21 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/01/20 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/20 23:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/20 19:53:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/01/21 14:43:20 | 000,100,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327178440.bdinstall.bin
[2012/01/21 14:40:39 | 000,030,062 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327178438.bdinstall.bin
[2012/01/21 14:32:03 | 000,270,633 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327177343.bdinstall.bin
[2012/01/21 14:18:18 | 000,288,137 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.2988.bin
[2012/01/21 14:18:18 | 000,046,859 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1324.bin
[2012/01/21 13:57:47 | 000,011,235 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3236.bin
[2012/01/21 13:46:27 | 000,032,305 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3064.bin
[2012/01/21 13:43:40 | 000,005,467 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.468.bin
[2012/01/21 13:43:40 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1200.bin
[2012/01/21 13:38:08 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3280.bin
[2012/01/21 13:37:20 | 000,005,092 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1892.bin
[2012/01/21 13:36:54 | 000,009,583 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.988.bin
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 
C:\WINDOWS\system32\drivers\etc\hosts

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 24th, 2012, 3:56 pm

Update: I created the registry backup, I temporarily disabled MBAM, but could not finish OTL Run Fix with Custom Script - I tried twice, let it run for about 1hr (I'm not sure how long it should take) and each time ended up with program not responding message. I ran Malwarebytes quick scan (log below; while I was running it, Microsoft Security Essentials which was turned on detected and removed Exploit:Java/CVE-2011-3544.U).

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user1 :: D6G2KCZ [administrator]

Protection: Enabled

1/24/2012 1:26:10 PM
mbam-log-2012-01-24 (13-26-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197077
Time elapsed: 17 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 24th, 2012, 6:13 pm

Hi. :)

Microsoft Security Essentials which was turned on detected and removed Exploit:Java/CVE-2011-3544.U).
That is fine and not a problem as MSE is doing its job.

I temporarily disabled MBAM, but could not finish OTL Run Fix with Custom Script - I tried twice, let it run for about 1hr (I'm not sure how long it should take) and each time ended up with program not responding message.
OK temp disable MBAM again if it is now active and use the below modified custom OTL script instead please, as I suspect it was hanging on a missing service entry I had marked for removal...

Code: Select all
:OTL
IE - HKU\S-1-5-21-2000478354-1935655697-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
[2011/08/13 20:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O4 - HKLM..\Run: [FpNsnrTURn.exe] C:\Documents and Settings\All Users\Application Data\FpNsnrTURn.exe File not found
O4 - HKLM..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/22 09:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/22 09:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/21 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/01/21 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/01/20 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/20 23:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/20 19:53:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/01/21 14:43:20 | 000,100,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327178440.bdinstall.bin
[2012/01/21 14:40:39 | 000,030,062 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327178438.bdinstall.bin
[2012/01/21 14:32:03 | 000,270,633 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327177343.bdinstall.bin
[2012/01/21 14:18:18 | 000,288,137 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.2988.bin
[2012/01/21 14:18:18 | 000,046,859 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1324.bin
[2012/01/21 13:57:47 | 000,011,235 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3236.bin
[2012/01/21 13:46:27 | 000,032,305 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3064.bin
[2012/01/21 13:43:40 | 000,005,467 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.468.bin
[2012/01/21 13:43:40 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1200.bin
[2012/01/21 13:38:08 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.3280.bin
[2012/01/21 13:37:20 | 000,005,092 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.1892.bin
[2012/01/21 13:36:54 | 000,009,583 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1327174600.988.bin
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 
C:\WINDOWS\system32\drivers\etc\hosts

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 24th, 2012, 8:07 pm

This isn't working either. Hourglass sign is on, killing processes, do not interrupt message is on, besides that, nothing else is happening.
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 25th, 2012, 5:52 am

Hi. :)

This isn't working either. Hourglass sign is on, killing processes, do not interrupt message is on, besides that, nothing else is happening.
Most unfortunate, as it stands I can see no reason why this is still occurring. Though it may be due to malware and your machine does appear to have had a problem with explorer.exe.
However if not the aforementioned such will happen with anyone machine and something will just not work.

Did you have to perform a cold shut-down to stop OTL and or did you use Task Manager to do so?

Anyway not to worry we can work around this if the need. In the meantime please run the two below scans for myself and post the resulting logs for my review, also let me know how you stopped OTL. Then we will go from there, thank you.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan With RKUnHooker:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Note: You may get this warning it is OK, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 25th, 2012, 12:08 pm

Hi, I had to do a cold shut-down. Once I hit OTL Run Fix, task bar and desktop icons were gone.

Here is the first log:

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-25 07:36:02
-----------------------------
07:36:02.140 OS Version: Windows 5.1.2600 Service Pack 3
07:36:02.140 Number of processors: 2 586 0xF0A
07:36:02.140 ComputerName: D6G2KCZ UserName: user1
07:36:02.859 Initialize success
07:36:19.390 AVAST engine defs: 12012101
07:36:26.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
07:36:26.125 Disk 0 Vendor: WDC_WD1600BEVS-00VAT0 11.01A11 Size: 152627MB BusType: 3
07:36:26.140 Disk 0 MBR read successfully
07:36:26.140 Disk 0 MBR scan
07:36:26.218 Disk 0 Windows XP default MBR code
07:36:26.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
07:36:26.234 Disk 0 scanning sectors +312576705
07:36:26.312 Disk 0 scanning C:\WINDOWS\system32\drivers
07:36:48.531 Service scanning
07:36:48.890 Service MpKsl61a5b6a1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9A94460-79EB-44F4-9C03-90577AE6F693}\MpKsl61a5b6a1.sys **LOCKED** 32
07:36:49.562 Modules scanning
07:36:54.500 Disk 0 trace - called modules:
07:36:54.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
07:36:54.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad3b030]
07:36:54.546 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ad43030]
07:36:55.046 AVAST engine scan C:\WINDOWS
07:37:12.250 AVAST engine scan C:\WINDOWS\system32
07:40:14.015 AVAST engine scan C:\WINDOWS\system32\drivers
07:40:34.593 AVAST engine scan C:\Documents and Settings\user1
07:44:40.328 AVAST engine scan C:\Documents and Settings\All Users
07:45:16.453 Scan finished successfully
07:45:55.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
07:45:55.375 The log file has been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-25 09:22:09
-----------------------------
09:22:09.218 OS Version: Windows 5.1.2600 Service Pack 3
09:22:09.218 Number of processors: 2 586 0xF0A
09:22:09.218 ComputerName: D6G2KCZ UserName: user1
09:22:09.812 Initialize success
09:22:21.796 AVAST engine defs: 12012101
09:22:25.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
09:22:25.187 Disk 0 Vendor: WDC_WD1600BEVS-00VAT0 11.01A11 Size: 152627MB BusType: 3
09:22:25.218 Disk 0 MBR read successfully
09:22:25.218 Disk 0 MBR scan
09:22:25.296 Disk 0 Windows XP default MBR code
09:22:25.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
09:22:25.328 Disk 0 scanning sectors +312576705
09:22:25.406 Disk 0 scanning C:\WINDOWS\system32\drivers
09:22:56.687 Service scanning
09:22:57.296 Service MpKslb543c5d8 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9A94460-79EB-44F4-9C03-90577AE6F693}\MpKslb543c5d8.sys **LOCKED** 32
09:22:57.968 Modules scanning
09:23:02.734 Disk 0 trace - called modules:
09:23:02.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
09:23:02.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad3aab8]
09:23:02.765 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ad88d98]
09:23:03.453 AVAST engine scan C:\WINDOWS
09:23:21.828 AVAST engine scan C:\WINDOWS\system32
09:26:47.734 AVAST engine scan C:\WINDOWS\system32\drivers
09:27:06.234 AVAST engine scan C:\Documents and Settings\user1
09:31:24.812 AVAST engine scan C:\Documents and Settings\All Users
09:32:01.453 Scan finished successfully
09:33:27.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
09:33:27.125 The log file has been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBR.txt"
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby pbellert » January 25th, 2012, 12:08 pm

Second log:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9775000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6279168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xB939E000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3633152 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA8F4B000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xA8E01000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA8D4E000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9E12000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8B8E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB91D2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8C73000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7ED4000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA7B4B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA8EF3000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB92D0000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8044000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DE5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9373000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xA77D8000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8BFE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9715000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA8C4B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA8CFF000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xA8B68000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8F27000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB973D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA77B5000 C:\WINDOWS\system32\drivers\aec.sys 143360 bytes (Microsoft Corporation, Microsoft Acoustic Echo Canceller)
0xB9350000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8C29000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA8A7F000 C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 135168 bytes (TOSHIBA CORPORATION, Bluetooth RF Bus Driver)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EDB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB9DCB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F13000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA89DC000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EFB000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9EB2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9311000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA83E7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9761000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8CCC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xA8A1C000 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 77824 bytes (TOSHIBA Corporation., Bluetooth HID Driver from TOSHIBA)
0xB9E9F000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9EC9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9300000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB92A0000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0F8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9280000 C:\WINDOWS\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xBA238000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA278000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA128000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA268000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA86D4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA308000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA108000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA794B000 C:\WINDOWS\system32\drivers\swmidi.sys 57344 bytes (Microsoft Corporation, Microsoft GS Wavetable Synthesizer)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA7BEC000 C:\WINDOWS\system32\drivers\DMusic.sys 53248 bytes (Microsoft Corporation, Microsoft Kernel DLS Synthesizer)
0xBA228000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA791B000 C:\DOCUME~1\user1\LOCALS~1\Temp\aswMBR.sys 49152 bytes
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA198000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA298000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 45056 bytes (TOSHIBA CORPORATION, Bluetooth USB Miniport Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA2E8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB9290000 C:\WINDOWS\System32\Drivers\tcusb.sys 40960 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA79DB000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA7E6C000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA188000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB92C0000 C:\WINDOWS\System32\Drivers\tosrfbnp.sys 36864 bytes (TOSHIBA Corporation, Bluetooth RFBNEP Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xBA430000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA488000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA410000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA450000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9A94460-79EB-44F4-9C03-90577AE6F693}\MpKslb543c5d8.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA478000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA480000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA420000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA340000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA428000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA490000 C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 20480 bytes (TOSHIBA Corporation., Bluetooth BNEP Driver)
0xBA4A8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA88C8000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xA8079000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9DA7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA884C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA8B40000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA8A73000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9171000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA8848000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA612000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA62E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA610000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA614000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA616000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA62C000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xBA5C6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5CA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6E9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7FC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7BB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[1672]realsched.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->EC810004 [unknown_code_page]
[3276]firefox.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->51981CE2 [DVDShell.dll]
[3276]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->0125B750 [xul.dll]
[604]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[604]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[604]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[604]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->51981CE2 [DVDShell.dll]
[604]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[604]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[604]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[604]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[604]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 25th, 2012, 7:54 pm

Hi. :)

I had to do a cold shut-down
OK and thank you for the clarification, we can address this, check your hard-drive for any errors in due course.

Any particular reason you chose to run aswMBR twice with the actual Anti-Virus component selected? Not a problem I will further add, merely curious as to why.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done...

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • A new DDS Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 26th, 2012, 1:57 am

Hi, regarding aswMBR - I ran it twice accidentally (could not locate the log the first time I ran it).
Everything seems to be working fine, there are no new symptoms and/or problems.

Combo Fix log:

ComboFix 12-01-23.02 - user1 01/25/2012 23:29:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2638 [GMT -6:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1327174600.3236.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB23771$
c:\windows\$NtUninstallKB23771$\131388990
c:\windows\$NtUninstallKB23771$\1818833074\@
c:\windows\$NtUninstallKB23771$\1818833074\bckfg.tmp
c:\windows\$NtUninstallKB23771$\1818833074\cfg.ini
c:\windows\$NtUninstallKB23771$\1818833074\Desktop.ini
c:\windows\$NtUninstallKB23771$\1818833074\keywords
c:\windows\$NtUninstallKB23771$\1818833074\kwrd.dll
c:\windows\$NtUninstallKB23771$\1818833074\L\nztaoluv
c:\windows\$NtUninstallKB23771$\1818833074\lsflt7.ver
c:\windows\$NtUninstallKB23771$\1818833074\U\00000001.@
c:\windows\$NtUninstallKB23771$\1818833074\U\00000002.@
c:\windows\$NtUninstallKB23771$\1818833074\U\00000004.@
c:\windows\$NtUninstallKB23771$\1818833074\U\80000000.@
c:\windows\$NtUninstallKB23771$\1818833074\U\80000004.@
c:\windows\$NtUninstallKB23771$\1818833074\U\80000032.@
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-25 20:51 . 2012-01-06 02:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AB25D7CF-DCC4-4288-8911-546AF5780FEF}\mpengine.dll
2012-01-25 13:49 . 2012-01-25 13:49 -------- d-----w- c:\program files\File Type Assistant
2012-01-24 16:09 . 2012-01-24 16:09 -------- d-----w- C:\_OTL
2012-01-24 16:03 . 2012-01-24 16:04 -------- d-----w- c:\program files\ERUNT
2012-01-23 02:08 . 2012-01-06 02:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-22 15:52 . 2012-01-22 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-22 15:52 . 2012-01-22 15:52 -------- d-----w- c:\program files\AVAST Software
2012-01-21 21:47 . 2012-01-21 21:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-21 21:47 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 21:02 . 2012-01-21 21:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-21 20:43 . 2012-01-21 20:43 100848 ----a-w- c:\documents and settings\All Users\Application Data\1327178440.bdinstall.bin
2012-01-21 20:40 . 2012-01-21 20:40 30062 ----a-w- c:\documents and settings\All Users\Application Data\1327178438.bdinstall.bin
2012-01-21 20:32 . 2012-01-21 20:32 270633 ----a-w- c:\documents and settings\All Users\Application Data\1327177343.bdinstall.bin
2012-01-21 19:38 . 2012-01-21 19:38 -------- d-----w- c:\documents and settings\user1\Application Data\QuickScan
2012-01-21 19:38 . 2012-01-21 19:43 1670 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.1200.bin
2012-01-21 19:37 . 2012-01-21 20:44 -------- d-----w- c:\program files\Bitdefender
2012-01-21 19:37 . 2012-01-21 19:46 32305 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.3064.bin
2012-01-21 19:37 . 2012-01-21 19:37 5092 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.1892.bin
2012-01-21 19:36 . 2012-01-21 19:38 1698 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.3280.bin
2012-01-21 19:36 . 2012-01-21 19:43 5467 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.468.bin
2012-01-21 19:36 . 2012-01-21 19:36 9583 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.988.bin
2012-01-21 19:36 . 2012-01-21 20:18 46859 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.1324.bin
2012-01-21 19:36 . 2012-01-21 20:18 288137 ----a-w- c:\documents and settings\All Users\Application Data\1327174600.2988.bin
2012-01-21 19:35 . 2012-01-21 20:43 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-01-21 06:24 . 2012-01-21 06:24 -------- d-----w- c:\documents and settings\user1\Application Data\Malwarebytes
2012-01-21 06:24 . 2012-01-21 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-21 05:54 . 2012-01-21 05:54 -------- d-----w- c:\windows\system32\GroupPolicy
2012-01-21 05:36 . 2012-01-21 06:02 -------- d-----w- c:\program files\PC Tools Security
2012-01-21 05:36 . 2012-01-21 06:02 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-21 05:31 . 2012-01-21 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-21 01:28 . 2012-01-21 01:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-07 20:00 . 2012-01-07 20:00 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 20:00 . 2012-01-07 20:00 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 20:00 . 2012-01-07 20:00 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 20:00 . 2012-01-07 20:00 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 05:40 . 2009-03-19 17:32 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-26 05:40 . 2009-03-19 17:48 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-21 23:05 . 2011-02-02 15:11 64128 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2012-01-21 06:04 . 2009-03-19 17:48 58288 ------w- c:\windows\system32\rpcnet.exe
2012-01-04 09:26 . 2010-05-27 20:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 09:02 . 2005-05-13 23:27 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-12-19 09:02 . 2011-12-19 09:02 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-12-19 09:02 . 2011-12-19 09:02 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-12-10 15:56 . 2010-10-06 19:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-10 15:56 . 2010-10-06 19:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-28 23:34 . 2011-11-28 23:34 446160 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-11-25 21:57 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 19:59 . 2011-11-25 19:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 10:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 01:20 . 2011-08-14 02:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 10:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2012-01-07 20:00 . 2011-08-14 02:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-10 296056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\6]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-06-23 19:00 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-06-23 19:00 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2008-08-20 21:09 1191936 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2008-08-20 21:27 1368064 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 22:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-06-23 19:00 142360 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 16:22 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2012 3:47 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2012 3:47 PM 20464]
S1 aesjthxt;aesjthxt;\??\c:\windows\system32\drivers\aesjthxt.sys --> c:\windows\system32\drivers\aesjthxt.sys [?]
S2 6;6;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 AM 14336]
S3 EE1ACEED;EE1ACEED;c:\windows\system32\EE1ACEED.exe --> c:\windows\system32\EE1ACEED.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
6
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2012-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1935655697-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1935655697-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\voxj3y0k.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Samsung Common SM - c:\windows\Samsung\ComSMMgr\ssmmgr.exe
HKLM-Run-FpNsnrTURn.exe - c:\documents and settings\All Users\Application Data\FpNsnrTURn.exe
SafeBoot-78844676.sys
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6]
"servicedll"="\\.\globalroot\Device\HarddiskVolume1\DOCUME~1\user1\LOCALS~1\Temp\6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-01-25 23:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-26 05:44
.
Pre-Run: 135,732,264,960 bytes free
Post-Run: 137,134,047,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9354CE89715FE0EB2DFEC7A463A933AF
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby pbellert » January 26th, 2012, 2:00 am

DDS logs:
1st:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user1 at 23:48:47 on 2012-01-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2340 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4987462097
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2C1EC29-71D3-4FEB-AA78-8DB19617A5E6} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user1\application data\mozilla\firefox\profiles\voxj3y0k.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-21 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-21 20464]
S1 aesjthxt;aesjthxt;\??\c:\windows\system32\drivers\aesjthxt.sys --> c:\windows\system32\drivers\aesjthxt.sys [?]
S2 6;6;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 EE1ACEED;EE1ACEED;c:\windows\system32\ee1aceed.exe --> c:\windows\system32\EE1ACEED.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
.
=============== Created Last 30 ================
.
2012-01-26 05:22:12 -------- d-sha-r- C:\cmdcons
2012-01-26 05:20:00 98816 ----a-w- c:\windows\sed.exe
2012-01-26 05:20:00 518144 ----a-w- c:\windows\SWREG.exe
2012-01-26 05:20:00 256000 ----a-w- c:\windows\PEV.exe
2012-01-26 05:20:00 208896 ----a-w- c:\windows\MBR.exe
2012-01-25 20:51:32 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ab25d7cf-dcc4-4288-8911-546af5780fef}\mpengine.dll
2012-01-25 13:49:21 -------- d-----w- c:\program files\File Type Assistant
2012-01-24 16:09:18 -------- d-----w- C:\_OTL
2012-01-23 02:08:09 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-22 15:52:28 -------- d-----w- c:\program files\AVAST Software
2012-01-22 15:52:28 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-01-21 21:47:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 21:47:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-21 21:02:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-21 20:43:20 100848 ----a-w- c:\documents and settings\all users\application data\1327178440.bdinstall.bin
2012-01-21 20:40:39 30062 ----a-w- c:\documents and settings\all users\application data\1327178438.bdinstall.bin
2012-01-21 20:32:03 270633 ----a-w- c:\documents and settings\all users\application data\1327177343.bdinstall.bin
2012-01-21 19:38:29 -------- d-----w- c:\documents and settings\user1\application data\QuickScan
2012-01-21 19:38:08 1670 ----a-w- c:\documents and settings\all users\application data\1327174600.1200.bin
2012-01-21 19:37:16 5092 ----a-w- c:\documents and settings\all users\application data\1327174600.1892.bin
2012-01-21 19:37:16 32305 ----a-w- c:\documents and settings\all users\application data\1327174600.3064.bin
2012-01-21 19:37:16 -------- d-----w- c:\program files\Bitdefender
2012-01-21 19:36:54 1698 ----a-w- c:\documents and settings\all users\application data\1327174600.3280.bin
2012-01-21 19:36:46 9583 ----a-w- c:\documents and settings\all users\application data\1327174600.988.bin
2012-01-21 19:36:46 5467 ----a-w- c:\documents and settings\all users\application data\1327174600.468.bin
2012-01-21 19:36:40 46859 ----a-w- c:\documents and settings\all users\application data\1327174600.1324.bin
2012-01-21 19:36:40 288137 ----a-w- c:\documents and settings\all users\application data\1327174600.2988.bin
2012-01-21 19:35:08 -------- d-----w- c:\program files\common files\Bitdefender
2012-01-21 06:24:44 -------- d-----w- c:\documents and settings\user1\application data\Malwarebytes
2012-01-21 06:24:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-21 05:54:44 -------- d-----w- c:\windows\system32\GroupPolicy
2012-01-21 05:36:07 -------- d-----w- c:\program files\PC Tools Security
2012-01-21 05:36:07 -------- d-----w- c:\program files\common files\PC Tools
2012-01-21 05:31:27 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-01-07 20:00:35 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 20:00:35 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-07 20:00:35 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-07 20:00:34 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
.
==================== Find3M ====================
.
2012-01-26 05:40:59 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-26 05:40:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-21 23:05:44 64128 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2012-01-21 06:04:14 58288 ------w- c:\windows\system32\rpcnet.exe
2012-01-04 09:26:22 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 09:02:35 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-12-19 09:02:33 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-12-19 09:02:33 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-12-10 15:56:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-10 15:56:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-28 23:34:00 446160 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 19:59:40 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 01:20:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 23:48:59.18 ===============


2nd log:
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby pbellert » January 26th, 2012, 2:02 am

Here is the 2nd DDS log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/16/2007 7:50:45 AM
System Uptime: 1/25/2012 11:40:13 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 127.74 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP133: 10/26/2011 10:10:31 PM - Software Distribution Service 3.0
RP134: 10/28/2011 7:50:11 AM - Software Distribution Service 3.0
RP135: 10/29/2011 8:00:55 AM - System Checkpoint
RP136: 10/29/2011 4:15:49 PM - Software Distribution Service 3.0
RP137: 10/30/2011 8:17:10 PM - Software Distribution Service 3.0
RP138: 10/31/2011 8:42:54 PM - System Checkpoint
RP139: 11/1/2011 7:45:47 AM - Software Distribution Service 3.0
RP140: 11/2/2011 8:35:57 AM - Software Distribution Service 3.0
RP141: 11/3/2011 9:11:56 AM - Software Distribution Service 3.0
RP142: 11/4/2011 9:32:44 AM - System Checkpoint
RP143: 11/4/2011 3:33:24 PM - Software Distribution Service 3.0
RP144: 11/5/2011 3:39:22 PM - Software Distribution Service 3.0
RP145: 11/6/2011 2:56:12 PM - System Checkpoint
RP146: 11/6/2011 5:28:45 PM - Software Distribution Service 3.0
RP147: 11/7/2011 6:40:34 PM - Software Distribution Service 3.0
RP148: 11/8/2011 7:47:49 PM - Software Distribution Service 3.0
RP149: 11/9/2011 7:40:04 AM - Software Distribution Service 3.0
RP150: 11/10/2011 8:55:17 AM - Software Distribution Service 3.0
RP151: 11/11/2011 7:46:02 AM - Software Distribution Service 3.0
RP152: 11/11/2011 9:16:45 AM - Software Distribution Service 3.0
RP153: 11/12/2011 1:04:29 PM - Software Distribution Service 3.0
RP154: 11/13/2011 1:20:20 PM - Software Distribution Service 3.0
RP155: 11/14/2011 2:46:46 PM - System Checkpoint
RP156: 11/14/2011 7:28:11 PM - Software Distribution Service 3.0
RP157: 11/15/2011 7:48:08 PM - System Checkpoint
RP158: 11/16/2011 4:05:29 AM - Software Distribution Service 3.0
RP159: 11/21/2011 4:45:29 PM - System Checkpoint
RP160: 11/21/2011 8:22:50 PM - Software Distribution Service 3.0
RP161: 11/23/2011 7:08:38 AM - Software Distribution Service 3.0
RP162: 11/24/2011 11:12:10 AM - Software Distribution Service 3.0
RP163: 11/25/2011 11:40:41 AM - System Checkpoint
RP164: 11/25/2011 3:37:16 PM - Software Distribution Service 3.0
RP165: 11/26/2011 6:14:14 PM - Software Distribution Service 3.0
RP166: 11/27/2011 6:48:34 PM - System Checkpoint
RP167: 11/28/2011 7:53:33 AM - Software Distribution Service 3.0
RP168: 11/29/2011 8:55:10 AM - Software Distribution Service 3.0
RP169: 11/30/2011 12:24:06 PM - Software Distribution Service 3.0
RP170: 12/1/2011 5:14:39 PM - Software Distribution Service 3.0
RP171: 12/3/2011 12:55:28 AM - Software Distribution Service 3.0
RP172: 12/4/2011 8:44:02 AM - Software Distribution Service 3.0
RP173: 12/5/2011 9:34:01 AM - Software Distribution Service 3.0
RP174: 12/6/2011 9:40:52 AM - System Checkpoint
RP175: 12/6/2011 6:03:37 PM - Software Distribution Service 3.0
RP176: 12/7/2011 8:32:40 PM - Software Distribution Service 3.0
RP177: 12/9/2011 8:57:14 AM - Software Distribution Service 3.0
RP178: 12/10/2011 9:28:07 AM - Software Distribution Service 3.0
RP179: 12/11/2011 10:20:02 AM - System Checkpoint
RP180: 12/11/2011 8:11:07 PM - Software Distribution Service 3.0
RP181: 12/12/2011 10:15:02 PM - Software Distribution Service 3.0
RP182: 12/13/2011 12:29:07 AM - Removed Skype™ 5.5
RP183: 12/14/2011 1:11:15 PM - Software Distribution Service 3.0
RP184: 12/15/2011 12:44:05 PM - Software Distribution Service 3.0
RP185: 12/16/2011 3:12:08 AM - Software Distribution Service 3.0
RP186: 12/17/2011 4:51:56 AM - Software Distribution Service 3.0
RP187: 12/19/2011 3:02:59 AM - Installed Windows XP Wdf01007.
RP188: 12/19/2011 3:17:14 AM - Software Distribution Service 3.0
RP189: 12/20/2011 8:41:17 AM - Software Distribution Service 3.0
RP190: 12/21/2011 10:14:29 AM - System Checkpoint
RP191: 12/21/2011 3:30:30 PM - Software Distribution Service 3.0
RP192: 12/22/2011 4:06:07 PM - System Checkpoint
RP193: 12/23/2011 2:33:42 AM - Software Distribution Service 3.0
RP194: 12/24/2011 2:44:41 AM - Software Distribution Service 3.0
RP195: 12/25/2011 4:40:17 PM - Software Distribution Service 3.0
RP196: 12/26/2011 10:52:04 PM - Software Distribution Service 3.0
RP197: 12/28/2011 2:20:45 AM - Software Distribution Service 3.0
RP198: 12/29/2011 3:21:59 AM - Software Distribution Service 3.0
RP199: 12/30/2011 4:00:18 AM - System Checkpoint
RP200: 12/30/2011 10:36:12 AM - Software Distribution Service 3.0
RP201: 12/31/2011 11:02:44 AM - Software Distribution Service 3.0
RP202: 1/1/2012 4:05:11 PM - System Checkpoint
RP203: 1/2/2012 1:32:54 AM - Software Distribution Service 3.0
RP204: 1/3/2012 8:45:33 AM - Software Distribution Service 3.0
RP205: 1/4/2012 4:23:20 PM - Software Distribution Service 3.0
RP206: 1/6/2012 2:40:39 AM - Software Distribution Service 3.0
RP207: 1/7/2012 4:36:56 AM - Software Distribution Service 3.0
RP208: 1/8/2012 7:05:09 AM - Software Distribution Service 3.0
RP209: 1/9/2012 8:35:17 AM - Software Distribution Service 3.0
RP210: 1/10/2012 10:04:58 AM - Software Distribution Service 3.0
RP211: 1/11/2012 4:45:32 AM - Software Distribution Service 3.0
RP212: 1/12/2012 10:29:50 AM - Software Distribution Service 3.0
RP213: 1/13/2012 11:49:46 AM - System Checkpoint
RP214: 1/13/2012 7:34:33 PM - Software Distribution Service 3.0
RP215: 1/14/2012 7:52:25 PM - System Checkpoint
RP216: 1/15/2012 7:40:08 AM - Software Distribution Service 3.0
RP217: 1/16/2012 8:05:23 AM - Software Distribution Service 3.0
RP218: 1/17/2012 9:38:47 AM - Software Distribution Service 3.0
RP219: 1/18/2012 9:54:49 AM - System Checkpoint
RP220: 1/18/2012 11:18:09 AM - Software Distribution Service 3.0
RP221: 1/18/2012 6:24:31 PM - Software Distribution Service 3.0
RP222: 1/19/2012 6:35:05 PM - Software Distribution Service 3.0
RP223: 1/20/2012 6:55:17 PM - Software Distribution Service 3.0
RP224: 1/21/2012 2:29:32 PM - Installed Windows XP Wdf01009.
RP225: 1/21/2012 2:53:47 PM - Software Distribution Service 3.0
RP226: 1/21/2012 3:10:05 PM - Software Distribution Service 3.0
RP227: 1/22/2012 9:52:28 AM - avast! Free Antivirus Setup
RP228: 1/22/2012 11:01:28 AM - avast! Free Antivirus Setup
RP229: 1/22/2012 8:07:50 PM - Software Distribution Service 3.0
RP230: 1/23/2012 9:51:03 PM - System Checkpoint
RP231: 1/23/2012 10:23:39 PM - Removed Adobe Reader 9.4.6.
RP232: 1/23/2012 10:24:23 PM - Removed Java(TM) 6 Update 22
RP233: 1/24/2012 10:03:47 AM - Software Distribution Service 3.0
RP234: 1/25/2012 2:51:23 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.5
ArcSoft PhotoStudio 5.5
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
DVD Region+CSS Free 5.9.2.0
ERUNT 1.1j
ffdshow v1.1.3611 [2010-10-06]
File Type Assistant
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
OZ776 SCR CardBus Windows Driver
OZ776 SCR Driver V1.1.4.202
PC Connectivity Solution Lite
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype™ 5.5
Sonic RecordNow! Plus
TouchChip USB Driver 2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/25/2012 9:50:32 AM, error: Service Control Manager [7000] - The EE1ACEED service failed to start due to the following error: Access is denied.
1/24/2012 10:09:19 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/24/2012 10:09:19 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
1/24/2012 10:09:19 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
1/24/2012 10:09:18 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/21/2012 9:56:17 AM, error: Service Control Manager [7023] - The 6 service terminated with the following error: The specified procedure could not be found.
1/21/2012 9:56:17 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/21/2012 4:56:38 PM, error: Service Control Manager [7023] - The 6 service terminated with the following error: The specified module could not be found.
1/21/2012 2:45:01 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the file specified.
1/21/2012 2:29:57 PM, error: Service Control Manager [7000] - The bdsandbox service failed to start due to the following error: The specified procedure could not be found.
1/21/2012 12:59:09 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/21/2012 12:49:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/20/2012 7:35:44 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2012 11:29:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2012 11:27:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter Tosrfcom
1/20/2012 11:11:20 PM, error: System Error [1003] - Error code 000000ea, parameter1 8acd6680, parameter2 8ab65008, parameter3 8a9177b0, parameter4 00000001.
1/20/2012 11:10:11 PM, error: System Error [1003] - Error code 000000ea, parameter1 88d0c020, parameter2 8ab2ab38, parameter3 8ab1a7d0, parameter4 00000001.
.
==== End Of File ===========================
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware