User Tag List

Help!

This is a discussion on Help! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Im unable to complete the gmer scan. It wont allow me to copy the results of the scan to submit


 
 
Thread Tools Search this Thread
Old 08-20-2013, 06:13 PM   #1
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



Im unable to complete the gmer scan. It wont allow me to copy the results of the scan to submit to you guys. What do I do now?
REDLEG is offline  
Sponsored Links
Advertisement
 
Old 08-21-2013, 07:25 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

What happens if you click 'Save...'?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-23-2013, 04:23 PM   #3
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



When I click Save, the save box comes up but nothing is on it. I see the frame of the box but nothing shows up inside of it. In addition to that, if i try to copy it to clipboard it won't allow me to access the clipboard. Its almost as if the virus is denying it!
REDLEG is offline  
Sponsored Links
Advertisement
 
Old 08-23-2013, 06:12 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello REDLEG.
  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.06.1.1005.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • If malware is found, do NOT press the' Cleanup' button yet. Click 'Exit'.
  • Please post the contents of the log created by the tool within the folder from which it was run.
The log will be named system-log.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-25-2013, 02:48 PM   #5
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



attach.txt

dds.txt

system-log.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Owner at 9:28:02 on 2013-08-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.486.109 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uProxyOverride = 192.168.*.*;*.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CHotkey] zHotkey.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315078698218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373119348625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1131B48D-47AA-4357-B33E-1327CFABF635} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C66C42FC-74C6-440B-953F-F0D06A7AD506} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\SymDS.sys [2013-7-28 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys [2013-7-28 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-28 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys [2013-7-28 134744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys [2013-7-28 175264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-6 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\ipsdefs\20130806.001\IDSXpx86.sys [2013-8-6 373728]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2012-4-14 57440]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\virusdefs\20130807.002\NAVENG.SYS [2013-8-7 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\virusdefs\20130807.002\NAVEX15.SYS [2013-8-7 1611992]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-4-14 1759584]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-8 40776]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys --> c:\windows\system32\drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
.
=============== Created Last 30 ================
.
2013-08-06 13:41:35 -------- d-----w- c:\windows\system32\NtmsData
2013-08-06 13:40:02 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2013-08-03 22:36:36 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-08-03 21:19:06 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-08-03 21:18:12 -------- d-----w- c:\documents and settings\owner\AppData
2013-08-03 21:17:23 -------- d-----w- c:\documents and settings\all users\application data\IObit
2013-08-03 21:17:20 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-08-03 21:16:34 -------- d-----w- c:\documents and settings\owner\application data\IObit
2013-08-03 21:12:27 -------- d-----w- c:\program files\IObit
2013-08-02 18:05:18 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0501000.01A
2013-08-02 18:05:18 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2013-08-02 18:04:54 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2013-08-02 16:31:27 -------- d-----w- c:\documents and settings\owner\local settings\application data\NPE
2013-08-01 16:27:05 -------- d-----w- c:\program files\iPod
2013-08-01 16:26:12 -------- d-----w- c:\program files\iTunes
2013-08-01 16:26:12 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-01 16:11:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-08-01 16:11:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-01 16:11:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-01 16:11:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-01 16:11:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-01 16:11:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-07-28 14:55:42 396760 ----a-r- c:\windows\system32\drivers\n360\1404000.028\symtdi.sys
2013-07-28 14:55:42 352344 ----a-r- c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys
2013-07-28 14:55:42 339544 ----a-r- c:\windows\system32\drivers\n360\1404000.028\symnets.sys
2013-07-28 14:55:42 21400 ----a-r- c:\windows\system32\drivers\n360\1404000.028\SymELAM.sys
2013-07-28 14:55:41 934488 ----a-r- c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys
2013-07-28 14:55:41 603224 ----a-r- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys
2013-07-28 14:55:41 367704 ----a-r- c:\windows\system32\drivers\n360\1404000.028\SymDS.sys
2013-07-28 14:55:41 32344 ----a-r- c:\windows\system32\drivers\n360\1404000.028\srtspx.sys
2013-07-28 14:55:41 175264 ----a-r- c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys
2013-07-28 14:55:41 134744 ----a-r- c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys
2013-07-28 14:55:03 14818 ----a-r- c:\windows\system32\drivers\n360\1404000.028\SymVTcer.dat
2013-07-28 14:55:01 -------- d-----w- c:\windows\system32\drivers\n360\1404000.028
2013-07-15 00:46:18 -------- d-----w- c:\windows\system32\MRT
2013-07-09 23:22:24 1167512 ----a-w- c:\windows\is-AF2VC.exe
2013-07-09 23:21:26 54016 ----a-w- c:\windows\system32\drivers\vhwxp.sys
2013-07-08 22:58:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-08 22:46:34 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2013-07-08 22:44:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2013-08-03 22:10:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-03 22:10:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 14:57:17 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-07 14:12:03 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-07 14:12:01 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-07 14:12:00 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-07 14:12:00 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 04:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:29:20.48 ===============
REDLEG is offline  
Old 08-25-2013, 02:49 PM   #6
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



Malwarebytes showed nothing to clean up. but the problems are still there.
REDLEG is offline  
Old 08-25-2013, 03:27 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, REDLEG.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-30-2013, 06:10 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, REDLEG?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-31-2013, 07:51 AM   #9
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



Yes Sir!
REDLEG is offline  
Old 09-07-2013, 09:20 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, REDLEG? While I understand real life is most important, it's difficult to work on your issue with your replies so far apart. It also keeps me from helping others, as I don't take on an unlimited number of threads at one time. Please try to be more prompt in your replies, so we can resolve this issue in a more rapid fashion. Thanks.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-08-2013, 01:05 PM   #11
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



OK thanks for your patience. Ive given up on trying to save my music, but i have irreplaceable pictures that im trying to save. My burner wont work either and im trying to save them to a thumb drive and its no recognising it. Please bear with me.
REDLEG is offline  
Old 09-21-2013, 03:03 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, REDLEG. While I understand real life is most important, I can't keep this thread open indefinitely. Please carry out my previous instructions and post the requested log.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-27-2013, 06:27 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-05-2013, 06:10 AM   #14
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



https://www.techsupportforum.com/foru...ml#post4296697
REDLEG is offline  
Old 11-08-2013, 08:16 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, REDLEG. I need to see fresh logs from dds and gmer.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-14-2013, 07:06 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, REDLEG? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-14-2013, 02:15 PM   #17
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



Im using the computer Im working on its been a nightmare!!!
REDLEG is offline  
Old 11-18-2013, 11:39 AM   #18
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Owner at 11:09:22 on 2013-11-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.230.71 [GMT -6:00]
.
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = 192.168.*.*;*.local
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [SanDiskSecureAccess_Manager.exe] c:\documents and settings\owner\application data\sandisk\SanDiskSecureAccess_Manager.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CHotkey] zHotkey.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315078698218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373119348625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C66C42FC-74C6-440B-953F-F0D06A7AD506} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-11-14 23:20:28 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-03 03:08:24 -------- d-----w- C:\ComboFix
2013-10-31 06:02:13 -------- d-sha-r- C:\cmdcons
2013-10-31 05:34:20 208896 ----a-w- c:\windows\MBR.exe
2013-10-31 05:34:19 256000 ----a-w- c:\windows\PEV.exe
2013-10-31 05:34:18 98816 ----a-w- c:\windows\sed.exe
2013-10-30 02:40:03 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-30 02:39:40 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-30 02:39:40 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-30 02:35:50 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-30 02:35:50 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-30 02:35:50 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-22 02:16:53 -------- d-----w- c:\documents and settings\owner\My Vaults
.
==================== Find3M ====================
.
2013-11-14 22:59:33 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-18 23:02:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-18 23:02:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-31 00:08:04 73728 ----a-w- c:\windows\ALCFDRTM.VER
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:10:59.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/3/2011 3:44:07 PM
System Uptime: 11/18/2013 7:51:06 AM (4 hours ago)
.
Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 182 GiB total, 114.864 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.264 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&14E6004F&0&08F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&14E6004F&0&08F0
Service: RT2500
.
==== System Restore Points ===================
.
RP242: 11/17/2013 11:07:20 AM - Software Distribution Service 3.0
RP243: 11/18/2013 3:11:56 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
America Online (Choose which version to remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Digital Media Reader
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 27
Learn2 Player (Uninstall Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2005
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MotoHelper MergeModules
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Keyboard Driver
NETGEAR WNA1100 N150 Wireless USB Adapter
Norton 360
Norton Bootable Recovery Tool Wizard
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
SanDiskSecureAccess_Manager.exe
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/17/2013 4:24:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80010108: Update for Outlook 2003 Junk E-mail Filter (KB2849999).
11/17/2013 4:24:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80010108: Security Update for Windows XP (KB2868626).
11/17/2013 4:24:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80010108: Security Update for Windows XP (KB2862152).
11/17/2013 4:24:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80010108: Security Update for Office 2003 (KB2760494).
11/17/2013 4:24:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80010108: Cumulative Security Update for ActiveX Killbits for Windows XP (KB2900986).
11/17/2013 12:58:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
11/14/2013 4:21:04 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
11/14/2013 4:03:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/14/2013 4:03:20 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2013 4:03:19 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/14/2013 3:17:56 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\System32\cscui.dll. Reference error message: The operation completed successfully. .
11/11/2013 5:29:09 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
REDLEG is offline  
Old 11-18-2013, 01:12 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, REDLEG. Please describe the problems you are having with your computer.

------------------------------------------------------

It appears you ran ComboFix. I need to see the log.

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\ComboFix.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Are you still unable to get a log from gmer? If so...

I need to see another scan from MBAR:
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the' Cleanup' button yet. Click 'Exit'.
  • Please post the contents of the logs created by the tool within the folder from which it was run.
The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-18-2013, 01:29 PM   #20
Registered Member
 
Join Date: Aug 2013
Posts: 25
OS: xp sp3



ComboFix 13-11-01.03 - Owner 11/03/2013 7:29:39.2.2 - x86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Administrator.DADDY\WINDOWS
C:\Documents and Settings\Default User\WINDOWS
C:\Documents and Settings\Guest\WINDOWS
C:\Documents and Settings\Owner\WINDOWS
C:\WINDOWS\system32\config\systemprofile\WINDOWS

((((((((((((((((((((((((( Files Created from 2013-10-03 to 2013-11-03 )))))))))))))))))))))))))))))))

2013-11-03 02:53:46 . 2013-11-03 03:08:28 -------- d-----w- C:\32788R22FWJFW
2013-10-30 02:40:03 . 2013-07-03 02:12:52 25088 -c----w- C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-30 02:39:40 . 2013-07-17 00:58:17 123008 -c----w- C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-30 02:39:40 . 2013-07-17 00:58:03 60160 -c----w- C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-30 02:35:50 . 2013-08-09 00:55:08 144128 -c----w- C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-30 02:35:50 . 2013-08-09 00:55:06 5376 -c----w- C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-30 02:35:50 . 2009-03-18 11:02:23 30336 -c----w- C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-22 02:16:53 . 2013-10-22 02:16:53 -------- d-----w- C:\Documents and Settings\Owner\My Vaults
2013-10-11 21:47:15 . 2013-10-11 21:47:57 -------- d-----w- C:\Documents and Settings\Owner\Application Data\SanDisk
2013-10-11 05:30:28 . 2013-10-11 05:30:28 -------- d-----w- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-09-23 18:33:58 . 2004-08-26 16:12:21 920064 ----a-w- C:\WINDOWS\system32\wininet.dll
2013-09-23 18:33:57 . 2004-08-26 16:11:58 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2013-09-23 18:33:57 . 2004-08-26 16:11:57 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2013-09-23 18:33:56 . 2004-08-26 16:11:46 18944 ----a-w- C:\WINDOWS\system32\corpol.dll
2013-09-23 1848 . 2004-08-26 16:11:56 385024 ----a-w- C:\WINDOWS\system32\html.iec
2013-09-18 23:02:03 . 2012-03-30 17:04:01 692616 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-18 23:02:00 . 2011-09-03 21:30:06 71048 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-31 00:08:04 . 2012-03-12 23:19:48 73728 ----a-w- C:\WINDOWS\ALCFDRTM.VER
2013-08-29 01:31:44 . 2004-08-26 16:12:21 1878656 ----a-w- C:\WINDOWS\system32\win32k.sys
2013-08-24 01:19:48 . 2013-08-24 01:19:48 35144 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2013-08-09 01:56:45 . 2004-08-26 16:12:18 386560 ----a-w- C:\WINDOWS\system32\themeui.dll
2013-08-09 00:55:08 . 2004-08-04 06:08:44 144128 ----a-w- C:\WINDOWS\system32\drivers\usbport.sys
2013-08-09 00:55:07 . 2011-09-07 17:18:59 32384 ----a-w- C:\WINDOWS\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 . 2001-08-17 21:03:02 5376 ----a-w- C:\WINDOWS\system32\drivers\usbd.sys
2013-08-06 13:40:21 . 2013-08-06 13:40:02 5 ----a-w- C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.


















[7] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
[7] 2004-08-04 19:00:00 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[7] 2008-04-14 00:12:10 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 00:12:10 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2help.dll
[7] 2004-08-04 19:00:00 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll
[7] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[7] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 19:00:00 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 00:12:32 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\regedit.exe
[7] 2008-04-14 00:12:32 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 19:00:00 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[7] 2004-08-04 19:00:00 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\I386\REGEDIT.EXE
[7] 2013-08-05 13:30:32 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435 (xpsp_sp3_qfe.130803-0418)] . . C:\WINDOWS\system32\ole32.dll
[7] 2013-08-05 13:30:32 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435 (xpsp_sp3_qfe.130803-0418)] . . C:\WINDOWS\system32\dllcache\ole32.dll
[7] 2011-11-01 16:07:10 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168 (xpsp_sp3_gdr.111101-1829)] . . C:\WINDOWS\$NtUninstallKB2876217$\ole32.dll
[7] 2011-11-01 16:05:38 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168 (xpsp_sp3_qfe.111101-1828)] . . C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[7] 2010-07-16 12:05:55 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll
[7] 2010-07-16 12:04:26 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010 (xpsp_sp3_qfe.100712-1633)] . . C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 00:12:02 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 00:12:02 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\ole32.dll
[7] 2004-08-04 19:00:00 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ole32.dll
[7] 2013-07-10 10:37:53 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421 (xpsp_sp3_qfe.130709-0421)] . . C:\WINDOWS\system32\usp10.dll
[7] 2013-07-10 10:37:53 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421 (xpsp_sp3_qfe.130709-0421)] . . C:\WINDOWS\system32\dllcache\usp10.dll
[7] 2010-04-16 15:36:56 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\$NtUninstallKB2850869$\usp10.dll
[7] 2010-04-16 15:29:45 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969 (xpsp_sp3_qfe.100416-1736)] . . C:\WINDOWS\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 00:12:08 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 00:12:08 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 19:00:00 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\usp10.dll
[7] 2008-04-14 00:11:56 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 00:11:56 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ksuser.dll
[7] 2004-08-04 05:56:44 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll
[7] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[7] 2004-08-04 19:00:00 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[7] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\shsvcs.dll
[7] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll
[7] 2009-07-27 22:13:09 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853 (xpsp_sp3_qfe.090727-1747)] . . C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[7] 2004-08-04 19:00:00 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
[7] 2008-04-14 00:11:59 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\msimg32.dll
[7] 2008-04-14 00:11:59 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\msimg32.dll
[7] 2004-08-04 19:00:00 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll
[7] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[7] 2004-08-04 19:00:00 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll


[7] 2008-04-14 00:10:06 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\msctfime.ime
[7] 2008-04-14 00:10:06 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\msctfime.ime
[7] 2004-08-04 19:00:00 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msctfime.ime
[7] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
[7] 2004-08-04 19:00:00 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[7] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
[7] 2004-08-04 19:00:00 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ipsec.sys
[7] 2004-08-04 19:00:00 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[7] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
[7] 2004-08-04 19:00:00 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll
[7] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
[7] 2004-08-04 19:00:00 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll
[7] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
[7] 2004-08-04 19:00:00 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll
[7] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
[7] 2004-08-04 19:00:00 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:11:54 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 00:11:54 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\hnetcfg.dll
[7] 2004-08-04 19:00:00 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll
[7] 2004-08-04 19:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys
[7] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
[7] 2004-08-04 05:39:38 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[7] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys
[7] 2004-08-04 13:07:42 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[7] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
[7] 2004-08-04 19:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
[7] 2010-09-18 07:18:30 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\mfc40u.dll
[7] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
[-] 2004-08-04 19:00:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . C:\WINDOWS\$NtServicePackUninstall$\mfc40u.dll
[7] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
[7] 2004-08-04 19:00:00 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll
[7] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[7] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll
[7] 2004-08-11 08:45:04 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2004-08-11 08:45:04 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 19:00:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2013-07-04 02:08:30 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)] . . C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

[7] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
[7] 2004-08-04 19:00:00 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
[7] 2008-04-14 00:11:51 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 00:11:51 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\d3d9.dll
[7] 2004-08-04 19:00:00 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
[7] 2008-04-14 00:11:51 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 00:11:51 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ddraw.dll
[7] 2004-08-04 19:00:00 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
[7] 2008-04-14 00:12:02 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12:02 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\olepro32.dll
[7] 2004-08-04 19:00:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll
[7] 2008-04-14 00:12:02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 00:12:02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\perfctrs.dll
[7] 2004-08-04 19:00:00 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll
[7] 2008-04-14 00:12:08 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\version.dll
[7] 2008-04-14 00:12:08 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\version.dll
[7] 2004-08-04 19:00:00 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\version.dll
[7] 2009-03-08 19:09:26 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\system32\dllcache\iexplore.exe
[7] 2008-04-14 00:12:22 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-04 19:00:00 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\ie8\iexplore.exe
[7] 2013-07-04 03:03:25 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)] . . C:\WINDOWS\system32\ntoskrnl.exe
[7] 2013-07-04 02:59:11 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)] . . C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[7] 2013-07-04 02:59:11 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)] . . C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[7] 2013-05-03 01:30:20 . 0F1ECE75329996EBDCF2774F9E46623D . 2149888 . . [5.1.2600.6387 (xpsp_sp3_qfe.130503-0418)] . . C:\WINDOWS\$NtUninstallKB2859537$\ntoskrnl.exe
[7] 2012-08-21 13:48:40 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284 (xpsp_sp3_qfe.120821-1630)] . . C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[7] 2012-08-21 13:33:26 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)] . . C:\WINDOWS\$NtUninstallKB2839229$\ntoskrnl.exe
[7] 2012-04-11 13:22:15 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206 (xpsp_sp3_qfe.120411-1615)] . . C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[7] 2012-04-11 13:14:41 . A144D60B35E6DD14CCB9649B5E0D1092 . 2148352 . . [5.1.2600.6206 (xpsp_sp3_gdr.120411-1615)] . . C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe
[7] 2011-10-25 13:37:08 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)] . . C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe
[7] 2011-10-25 13:34:49 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165 (xpsp_sp3_qfe.111025-1623)] . . C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 13:43:18 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055 (xpsp_sp3_qfe.101209-1646)] . . C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2013-07-07 13:16:09 1591808]
"SanDiskSecureAccess_Manager.exe"="C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2012-02-15 05:39:36 30705792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42:26 212992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55:14 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 22:51:14 118784]
"CHotkey"="zHotkey.exe" [2004-05-18 01:30:04 543232]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 02:42:40 32768]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 02:43:52 59720]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 12:32:50 253816]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2013-05-01 08:59:04 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2013-08-16 14:07:58 152392]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R3 BTCFilterService;USB Networking Driver Filter Service;C:\WINDOWS\system32\DRIVERS\motfilt.sys [x]
R3 EraserUtilDrv11310;EraserUtilDrv11310;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11310.sys [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 21:08:36 360529]
R3 mbamchameleon;mbamchameleon;C:\WINDOWS\system32\drivers\mbamchameleon.sys [2013-08-24 01:19:48 35144]
R3 motandroidusb;Mot ADB Interface Driver;C:\WINDOWS\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;C:\WINDOWS\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;C:\WINDOWS\system32\DRIVERS\motusbdevice.sys [x]
S0 SymDS;Symantec Data Store;C:\WINDOWS\system32\drivers\N360\1404000.028\SYMDS.SYS [2013-05-21 05:02:00 367704]
S0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\N360\1404000.028\SYMEFA.SYS [2013-05-23 05:25:28 934488]
S1 BHDrvx86;BHDrvx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx86.sys [2013-09-03 22:26:28 1097816]
S1 ccSet_N360;Norton 360 Settings Manager;C:\WINDOWS\system32\drivers\N360\1404000.028\ccSetx86.sys [2013-04-16 02:41:14 134744]
S1 SymIRON;Symantec Iron Driver;C:\WINDOWS\system32\drivers\N360\1404000.028\Ironx86.SYS [2013-03-05 01:39:19 175264]
S2 N360;Norton 360;C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 04:44:22 144368]
S2 WSWNA1100;WSWNA1100;C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 19:44:24 266240]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-10-01 02:15:00 1759584]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-27 01:41:52 108120]
S3 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSxpx86.sys [2013-10-29 04:02:50 380824]
S3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-09-25 23:07:00 57440]

Contents of the 'Scheduled Tasks' folder
2013-11-03 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:04:01 . 2013-09-18 23:03:51]
2013-10-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57:16 . 2011-06-01 22:57:16]

------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
SafeBoot-Wdf01000.sys
REDLEG is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:52 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts