Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

"INTERNET SECURITY designed to protect" VIRUS

This is a discussion on "INTERNET SECURITY designed to protect" VIRUS within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. This correspondence is sent from username - crudeoil. Crudeoil’s infected laptop runs on XP and is a 32 bit computer.


Closed Thread
 
Thread Tools Search this Thread
Old 08-18-2013, 06:59 PM   #1
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



This correspondence is sent from username - crudeoil. Crudeoil’s infected laptop runs on XP and is a 32 bit computer. I am communicating to you from another laptop with all preliminary logs and reports. As such, all necessary downloads of log and reports scanning software and resulting text reports were transmitted to and from infected computer to corresponding computer via flash drive.


The virus on crudeoil’s computer is believed to be INTERNET SECURITY designed to protect. A window popped up containing the above name security program suspiciously soon after a previous window (believed to be a fake ADOBE FLASH PLAYER update ) popped up of which I may have inadvertently activated in passing over it with my mouse. Typically I use the “CTRL/ALT/DEL and end program” termination step for removal of suspected virus pop-up programs when they show up. It may have looked too authentic at the time and I just got lazy.


Also, there appears that another malware type security program already was existing on my computer titled ANTISPYWARE BY ANTISPYWARE LLC(shown to be installed in 2008) when I noticed the above named program in my “add and remove program” section during the “reduction to only one security program” step prior to the logging and reporting step. A Google search of the said program described it as a malware security program that would require a special removal technique. The assumption that it has been there results from the 2008 install date. The fact that it has been there since 2008 is perplexing since in May 2012, I had used TSF’S excellent services to resolve a fake MSE generated virus that caused an inability to connect to the internet. I feel like I would have removed ANTISPYWARE BY ANTISPYWARE LLC at that time in the “reduction to only one security program” step of that procedure. The only other possibility is that it may have been inadvertently installed after the 2012 virus removal procedure with a fake install date of 2008. I am just not sure.


Consequently, the log and reporting providing herein are with the ANTISPYWARE BY ANTISPYWARE LLCstill being shown in the “add and remove program” section of my hard drive. I did remove MSE however to meet the “only one virus program” requirement before logging and reporting.


I might add that all tasks were performed in SAFE MODE. One peculiar occurrence in SAFE MODE noteworthy in the initial attempt to generate the GMER report was the High Zoom view in all windows. While it didn’t seem to affect the DDS scan, in GMER the SAVE button was not seen below the COPY button anywhere on the page at the high magnification. After finding a procedure to reduce the zoom in SAFE MODE, the SAVE button was present and available for activation.


Pasted below is the copy of the text file “dds” generated by the DDS scan. The other DDS scan text file (that was zipped) entitled “attach” and “ark”(also zipped) from the GMER scan are provided as attachment.


Please let me know if you have any other questions that might assist in the resolution of my problem.


Thanking you in advance for you assistance.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by Ray at 22:31:00 on 2013-08-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1715 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GFI Backup 2009 - Home Edition] "c:\progra~1\gfi\gfibac~1\GFIAgent.exe"
uRun: [SanDiskSecureAccess_Manager.exe] c:\documents and settings\ray\application data\sandisk\SanDiskSecureAccess_Manager.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Internet Security] c:\documents and settings\all users\application data\madefender.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
S2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2009-7-8 440616]
S2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2009-7-8 1410856]
S2 gupdate1c9985165b5feae;Google Update Service (gupdate1c9985165b5feae);c:\program files\google\update\GoogleUpdate.exe [2009-2-26 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-1-25 245760]
S3 cpuz132;cpuz132;\??\c:\docume~1\ray\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ray\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
.
=============== File Associations ===============
.
FileExt: .reg: Regedit.Document - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
ShellExec: Acrobat.exe: print="c:\program files\adobe\acrobat 4.0\acrobat\Acrobat.exe"
ShellExec: Acrobat.exe: printto="c:\program files\adobe\acrobat 4.0\acrobat\Acrobat.exe"
.
=============== Created Last 30 ================
.
2013-08-17 21:59:48 -------- d-----w- C:\1bb7d858529563ae421b1949
2013-08-17 21:35:13 -------- d-----w- C:\571d9f75a08cda6038bb04987d9e6278
2013-08-14 00:20:57 843776 ----a-w- c:\documents and settings\all users\application data\madefender.exe
2013-08-13 16:46:59 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a990ef55-8bec-4560-9241-b2abc636d9ca}\mpengine.dll
2013-08-12 15:20:35 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2013-06-19 02:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 20:08:57 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 20:08:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 04:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-25 05:17:38 826880 ----a-w- c:\windows\system32\wmvdmod.dll
2010-06-24 20:08:26 69586 ----a-w- c:\program files\Halliburton_Log_Viewer.exe
2010-01-08 18:12:38 529288 ----a-w- c:\program files\smartdraw_10J_FCIXM_setup gantt chart.exe
2008-03-26 14:24:32 9575424 ----a-w- c:\program files\HalliburtonLogViewPro950Install.exe
.
============= FINISH: 22:33:40.68 ===============
Attached Files
File Type: zip ark.zip (25.8 KB, 57 views)
File Type: zip attach.zip (5.4 KB, 58 views)
crudeoil is offline  
Sponsored Links
Advertisement
 
Old 08-20-2013, 01:40 AM   #2
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please:
  • do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
  • do not run any tools or scans other than those requested;
  • follow all instructions in the order they are presented;
  • if you have problems with or do not understand the instructions, ask before continuing;
  • stay with this thread until given the All Clear, as absence of symptoms does not always mean the machine is clean;
  • do not attach any logs/reports, etc.. unless specifically requested to do so.
  • All logs/reports, etc.. must be posted in Notepad making sure the word wrap is unchecked. (In notepad click format, uncheck word wrap if it is checked.)
Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

====================

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud?

==========================

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. If you don't know how, you can get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal. For some infections, it may do this multiple times.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.
amateur is offline  
Old 08-20-2013, 05:47 PM   #3
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



Thanks Amateur for your reply and for you help.

Before I proceed on with the instructions, I have a few questions about them that I am unsure about. To be clear as to what part of your instructions I am in doubt about, I am going to copy the specific part of a task in question and enclose it in quotes. In total there are 3 instruction I need advice on.

Here goes

1."Please download ComboFix and Save it to your Desktop"

I WILL NOT BE ABLE TO DO THIS DIRECTLY FROM THE INTERNET TO THE INFECTED COMPUTER'S(IC) DESKTOP. INSTEAD, I WILL BE DOWNLOADING ALL PROGRAMS YOU REQUIRE ME TO USE IN THIS PROCESS TO AN UNINFECTED COMPUTER AND THEN SAVE THEM TO AN EXTERNAL FLASH DRIVE (EFD) FIRST. I WILL THEN CONNECT EFD TO THE IC AND NOW SAVE IT DIRECTLY TO THE IC'S DESKTOP.

IS THIS OKAY?

WHILE I WAS FAIRLY EXPLICIT ALREADY IN MY INITIAL CORRESPONDENCE THAT THE INITIAL DOWNLOADS AND REPORTS WERE DONE IN A SIMILAR FASHION(flash drive transfer of donloads and reports), THE REASON I HAD TO DO IT THIS WAS IS THAT MY INTERNET EXPLORER DOES NOT CONNECT IN SAFE MODE AND I AM PRESUMING THAT I SHOULD BE DOING THIS TROUBLESHOOTING WORK IN SAFE MODE ON MY IC.

IS THAT RIGHT THAT I SHOULD BE SAFE MODE ON THE IC?


2. "Disable all antivirus and antispyware programs. If you don't know how, you can get help here"


AS I STATED IN THE FIRST CORRESPONDENCE, THE ONLY ANTIVRUS PROGRAM ACKNOWLEDGED IN THE IC'S -ADD OR REMOVE PROGRAMS-SECTION IS ANTISPYWARE BY ANTISPYWARE LLC. (AbALLC)

I DID NOT REMOVE THIS ANTIVIRUS SOFTWARE IN THE FIRST INSTRUCTION BECAUSE I COULD NOT REMOVE IT WITH A SIMPLE CLICK ON THE -REMOVE BUTTON -. INSTEAD, WHEN IT WAS CLICKED THE FOLLOWING WINDOW'S MESSAGE APPEARED

THE WINDOW INSTALLER SERVICE COULD NOT BE ACCESSED. THIS OCCURS WHEN RUNNING IN SAFE MODE...

SINCE THE GOOGLE SEARCH OF AbALLC INDICATED IT HAVING MALWARE QUALITIES AND INITIAL REMOVAL TECHNIQUES THAT WERE SEARCHED SEEMED EXTENSIVE, I DID NOT WANT TO USE ANY OTHER REMOVAL PROCEDURES ALONG WITH TSF'S AS INSTRUCTED. INSTEAD I REMOVE THE WORKING ANTIVIRUS PROGRAM - MSE.

CONSEQUENTLY, I WILL NOT BE ABLE TO ACCOMODATE #2 ABOVE REGARDING AbALLC , UNLESS I AM GIVEN INSTRUCTIONS TO DO THIS.



PLEASE ADVISE ME WHAT TO DO HERE



3 “Please re-enable your antivirus before posting the ComboFix.txt log.”



THE ANTI VIRUS PROGRAM I WANT TO RE-ENABLE IS MSE.



WILL I BE ABLE TO DOWNLOAD AND TRANSFER MSE BY EFD?
crudeoil is offline  
Sponsored Links
Advertisement
 
Old 08-20-2013, 10:11 PM   #4
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Quote:
I WILL NOT BE ABLE TO DO THIS DIRECTLY FROM THE INTERNET TO THE INFECTED COMPUTER'S(IC) DESKTOP. INSTEAD, I WILL BE DOWNLOADING ALL PROGRAMS YOU REQUIRE ME TO USE IN THIS PROCESS TO AN UNINFECTED COMPUTER AND THEN SAVE THEM TO AN EXTERNAL FLASH DRIVE (EFD) FIRST. I WILL THEN CONNECT EFD TO THE IC AND NOW SAVE IT DIRECTLY TO THE IC'S DESKTOP.

IS THIS OKAY?
Yes, it's OK, although your dds log shows that it was run in Safe Mode with Networking, which should enable you to connect to the internet. You would not have internet connection in Safe Mode, but Safe Mode with Networking should work.

ANTISPYWARE BY ANTISPYWARE LLC. (AbALLC) is a rogue program. No need to try disabling it.

The only antivirus you need to disable is Microsoft Security Essentials.

Quote:
WILL I BE ABLE TO DOWNLOAD AND TRANSFER MSE BY EFD?
You don't need to download or install MSE, it's already installed on your system. All you need to do is to disable it before running Combofix and re-enable it after Combofix has completed its job and before you connect to the internet. A word of caution here.... Combofix may take a while to produce its log, please be patient and wait until it does so.

To disable MSE:

Right click on the system tray icon, and select "Open"
Click on the "Settings" tab
On the left side of the screen, click on "Real-time protection"
Uncheck "Turn on Real-time protection"
Click on "Save Changes"

To re-enable it, reverse the action and Check Turn on Real-time protection.
amateur is offline  
Old 08-21-2013, 06:44 PM   #5
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



Why do I not have IE while in Networking and safe mode.

I do not have MSE in the tray icons anymore. In fact I have no icons there.

I do see MSE as a line program in Programs, but when i open it an alert occurs that say

C:\Program Files\Microsoft Security Client\msseces.exe
This file can not be accessed by the system

If you say my MSE is active in my infected Laptop, how else can I reach it and disable to run the Combofix
crudeoil is offline  
Old 08-22-2013, 12:31 AM   #6
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer's desktop.

***************************************************

Download ComboFix.exe from here

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => How to obtain Windows XP Setup disks for a floppy boot installation

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






---------------------------------------------------------------------
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.



  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
amateur is offline  
Old 08-22-2013, 07:46 PM   #7
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



Sorry for the delay in my response.

Anyway I have attached Combofix.txt generated as per your instruction.
While I followed your instructions, all responses were not exactly as you explained



First I modified the name of Combofix that I loaded today, adding a date after it to differentiate it from an old combofix.exe file still on my flash drive from my 2012 computer problem.
I saw no problem until at some in the initial point of the combofix execution (I think while files were showing to be extracted) that a “window” appeared that said in effect “the added characters(8222013) to the file name of Combofix was in error and could only be alphanumerical”. I believe the inset screen that was showing the extraction of files during this part of Combofix became stationary yet was still inset on the Desktop screen. I think the only option in the “window” was an OK button.
At this point, the window disappeared and the Combofix icon now seemed to be titled “Combofix” without the date numeric that I had added. I did a right click on and it show it was just loaded so it had to be the one I had loaded.
I proceeded to hover the the Windows Service Pack 2 icon over the combofix icon and after releasing, I believe the stationary screen showing the extraction of files starting moving again.



Soon after in the same window where the file extracting progress was being shown, acknowldgement were being made in line messages statinf successive stage numbers were being completed.
I walked away from the computer momentarily until returning to find a txt type list entiled Combofix along with the following window alert
____________________________________________
Desktop


“Windows is running in safe mode”


“This special diagnostic mode of Windows enables you to fix a problem which may be caused by your network or hardware settings. Make sure these settings are correct in Control Panel, and then try starting Windows again. While in safe mode, some of your devices may not be available.”


“To proceed to work in safe mode, click yes. If you prefer to use System Restore to restore your computer to a previous state, click no.”
_____________________________________________


I CLICKED NO since the NO impled that Systen Restore would be used and I thought that is what was wanted.


Another window then appeared entitled


_________________________________________________
System Restore


“System Restore is not able to protect your computer. Please restart your computer, and then run System restore again”


The only option here again was an OK button


I CLICKED OK


I never got the exact window you showed in your last post to me. The one that was entitled

WHAT'S NEXT

That’s about it.


Look forward to your response



ComboFix 13-08-22.01 - Ray 08/22/2013 20:15:46.5.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1728 [GMT -5:00]
Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ray\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Ray\LOCALS~1\APPLIC~1\Google\Desktop\Install
c:\docume~1\Ray\LOCALS~1\APPLIC~1\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\C3C1~1\01C8~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\@
c:\docume~1\Ray\LOCALS~1\APPLIC~1\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\C3C1~1\01C8~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\GoogleUpdate.exe
c:\documents and settings\All Users\Application Data\madefender.exe
c:\program files\explorer
c:\program files\explorer\AddressParser\AddressParserConfiguration.xml
c:\program files\explorer\AddressParser\parser_andorra.xml
c:\program files\explorer\AddressParser\parser_austria.xml
c:\program files\explorer\AddressParser\parser_belgium.xml
c:\program files\explorer\AddressParser\parser_canada.xml
c:\program files\explorer\AddressParser\parser_denmark.xml
c:\program files\explorer\AddressParser\parser_france.xml
c:\program files\explorer\AddressParser\parser_germany.xml
c:\program files\explorer\AddressParser\parser_ireland.xml
c:\program files\explorer\AddressParser\parser_italy.xml
c:\program files\explorer\AddressParser\parser_liechtenstein.xml
c:\program files\explorer\AddressParser\parser_luxembourg.xml
c:\program files\explorer\AddressParser\parser_monaco.xml
c:\program files\explorer\AddressParser\parser_netherlands.xml
c:\program files\explorer\AddressParser\parser_norway.xml
c:\program files\explorer\AddressParser\parser_portugal.xml
c:\program files\explorer\AddressParser\parser_spain.xml
c:\program files\explorer\AddressParser\parser_sweden.xml
c:\program files\explorer\AddressParser\parser_switzerland.xml
c:\program files\explorer\AddressParser\parser_uk.xml
c:\program files\explorer\AddressParser\parser_usa.xml
c:\program files\explorer\basemaps\basemaps.de.xml
c:\program files\explorer\basemaps\basemaps.es.xml
c:\program files\explorer\basemaps\basemaps.fr.xml
c:\program files\explorer\basemaps\basemaps.ja-jp.xml
c:\program files\explorer\basemaps\basemaps.xml
c:\program files\explorer\basemaps\basemaps.zh-CN.xml
c:\program files\explorer\basemaps\Server\basemap0.nmf
c:\program files\explorer\basemaps\Server\basemap0.png
c:\program files\explorer\basemaps\Server\basemap1.nmf
c:\program files\explorer\basemaps\Server\basemap1.png
c:\program files\explorer\basemaps\Server\basemap10.nmf
c:\program files\explorer\basemaps\Server\basemap10.png
c:\program files\explorer\basemaps\Server\basemap11.nmf
c:\program files\explorer\basemaps\Server\basemap11.png
c:\program files\explorer\basemaps\Server\basemap2.nmf
c:\program files\explorer\basemaps\Server\basemap2.png
c:\program files\explorer\basemaps\Server\basemap3.nmf
c:\program files\explorer\basemaps\Server\basemap3.png
c:\program files\explorer\basemaps\Server\basemap4.nmf
c:\program files\explorer\basemaps\Server\basemap4.png
c:\program files\explorer\basemaps\Server\basemap5.nmf
c:\program files\explorer\basemaps\Server\basemap5.png
c:\program files\explorer\basemaps\Server\basemap6.nmf
c:\program files\explorer\basemaps\Server\basemap6.png
c:\program files\explorer\basemaps\Server\basemap7.nmf
c:\program files\explorer\basemaps\Server\basemap7.png
c:\program files\explorer\basemaps\Server\basemap8.nmf
c:\program files\explorer\basemaps\Server\basemap8.png
c:\program files\explorer\basemaps\Server\basemap9.nmf
c:\program files\explorer\basemaps\Server\basemap9.png
c:\program files\explorer\basemaps\Server\basemaps.de.xml
c:\program files\explorer\basemaps\Server\basemaps.es.xml
c:\program files\explorer\basemaps\Server\basemaps.fr.xml
c:\program files\explorer\basemaps\Server\basemaps.ja-jp.xml
c:\program files\explorer\basemaps\Server\basemaps.xml
c:\program files\explorer\basemaps\Server\basemaps.zh-CN.xml
c:\program files\explorer\bin\3dAnalystUtil.dll
c:\program files\explorer\bin\3DSymbols.dll
c:\program files\explorer\bin\3DSymbolsLib.dll
c:\program files\explorer\bin\AfCore.dll
c:\program files\explorer\bin\AfUtil.dll
c:\program files\explorer\bin\AGSClient.dll
c:\program files\explorer\bin\aibase.dll
c:\program files\explorer\bin\aifeat.dll
c:\program files\explorer\bin\AISClient.dll
c:\program files\explorer\bin\AISGlobalLib.dll
c:\program files\explorer\bin\aishape.dll
c:\program files\explorer\bin\Animation.dll
c:\program files\explorer\bin\AnnoLayer.dll
c:\program files\explorer\bin\Annotation.dll
c:\program files\explorer\bin\AnnotationLib.dll
c:\program files\explorer\bin\AoInitializer.dll
c:\program files\explorer\bin\AppInitializerLib.dll
c:\program files\explorer\bin\ApplicationConfigurationManager.exe
c:\program files\explorer\bin\ArcGISExplorer.ISCConfig
c:\program files\explorer\bin\atl71.dll
c:\program files\explorer\bin\BasemapLayer.dll
c:\program files\explorer\bin\BasicRasterPicture.dll
c:\program files\explorer\bin\BGLAPI.dll
c:\program files\explorer\bin\BGLAPILib.dll
c:\program files\explorer\bin\BGLFontEngine.dll
c:\program files\explorer\bin\BGLGeomChestLib.dll
c:\program files\explorer\bin\BGLGeometricEffects.dll
c:\program files\explorer\bin\BGLImageCoders.dll
c:\program files\explorer\bin\BGLRasterizerLib.dll
c:\program files\explorer\bin\BGLRasterizerSW.dll
c:\program files\explorer\bin\BGLSymbols.dll
c:\program files\explorer\bin\BGLSymbolsLib.dll
c:\program files\explorer\bin\BGLToGDIHelper.dll
c:\program files\explorer\bin\bin.zreg
c:\program files\explorer\bin\CacheRasterDB.dll
c:\program files\explorer\bin\CadastralFabric.dll
c:\program files\explorer\bin\CadastralFabricLayer.dll
c:\program files\explorer\bin\CadEngine.dll
c:\program files\explorer\bin\CadFDB.dll
c:\program files\explorer\bin\CadLayer.dll
c:\program files\explorer\bin\CadWorkspaceFactory.dll
c:\program files\explorer\bin\Camera.dll
c:\program files\explorer\bin\CartoControlsLib.dll
c:\program files\explorer\bin\CartoConverter.dll
c:\program files\explorer\bin\CartoXLib.dll
c:\program files\explorer\bin\CIM.dll
c:\program files\explorer\bin\CIMLib.dll
c:\program files\explorer\bin\Color.dll
c:\program files\explorer\bin\ComplexSymbols.dll
c:\program files\explorer\bin\CompressedDataFile.dll
c:\program files\explorer\bin\Configuration\CATID\esri.catid.ecfg
c:\program files\explorer\bin\Configuration\CLSID\esri.clsid.ecfg
c:\program files\explorer\bin\DADFLib.dll
c:\program files\explorer\bin\DaeLib.dll
c:\program files\explorer\bin\DataConverterLib.dll
c:\program files\explorer\bin\dbghelp.dll
c:\program files\explorer\bin\de\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\de\DADFRes.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\de\ResToolkitPro.dll
c:\program files\explorer\bin\DECoreLib.dll
c:\program files\explorer\bin\DFORRT.DLL
c:\program files\explorer\bin\Display.dll
c:\program files\explorer\bin\DisplayFeedback.dll
c:\program files\explorer\bin\DisplayGraph.dll
c:\program files\explorer\bin\DisplayLib.dll
c:\program files\explorer\bin\DistributedGeodbLib.dll
c:\program files\explorer\bin\DynamicDisplay.dll
c:\program files\explorer\bin\e3.config.xml
c:\program files\explorer\bin\E3.exe
c:\program files\explorer\bin\E3.exe.config
c:\program files\explorer\bin\E3Control.dll
c:\program files\explorer\bin\E3EmailHelper.exe
c:\program files\explorer\bin\EngineGraphics.dll
c:\program files\explorer\bin\EnginePackager.dll
c:\program files\explorer\bin\es\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\es\DADFRes.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\es\ResToolkitPro.dll
c:\program files\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.Application.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll
c:\program files\explorer\bin\ESRI.DADF.Core.dll
c:\program files\explorer\bin\ESRI.DADF.dll
c:\program files\explorer\bin\esrizip.exe
c:\program files\explorer\bin\Export.dll
c:\program files\explorer\bin\ExtTopoEngine.dll
c:\program files\explorer\bin\FdaCore.dll
c:\program files\explorer\bin\FdaCoreLib.dll
c:\program files\explorer\bin\FdaRel.dll
c:\program files\explorer\bin\FeatureDataConverter.dll
c:\program files\explorer\bin\FeatureDataElements.dll
c:\program files\explorer\bin\FeatureLayer.dll
c:\program files\explorer\bin\FeatureLayerLib.dll
c:\program files\explorer\bin\FgdbRasterDB.dll
c:\program files\explorer\bin\FgdbUtilLib.dll
c:\program files\explorer\bin\FileDataElements.dll
c:\program files\explorer\bin\FileDBCoreLib.dll
c:\program files\explorer\bin\FileGDB.dll
c:\program files\explorer\bin\FileGDBWorkspaceFactory.dll
c:\program files\explorer\bin\fr\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\fr\DADFRes.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\fr\ResToolkitPro.dll
c:\program files\explorer\bin\FunctionRasterDB.dll
c:\program files\explorer\bin\gdal16.dll
c:\program files\explorer\bin\GdalRasterDB.dll
c:\program files\explorer\bin\GdbCatalog.dll
c:\program files\explorer\bin\GdbCore.dll
c:\program files\explorer\bin\GdbCoreLib.dll
c:\program files\explorer\bin\GdbNet.dll
c:\program files\explorer\bin\GdbTopo.dll
c:\program files\explorer\bin\GeoDataExtraction.dll
c:\program files\explorer\bin\GeoDataServer.dll
c:\program files\explorer\bin\GeoDataTransfer.dll
c:\program files\explorer\bin\Geometry.dll
c:\program files\explorer\bin\GeoprocessingLib.dll
c:\program files\explorer\bin\GeoProcessor.dll
c:\program files\explorer\bin\GeoRSSPlugin.dll
c:\program files\explorer\bin\glew32.dll
c:\program files\explorer\bin\Globe.dll
c:\program files\explorer\bin\GlobeCamera.dll
c:\program files\explorer\bin\GlobeClient.dll
c:\program files\explorer\bin\GlobeCoreLib.dll
c:\program files\explorer\bin\GlobeDisplay.dll
c:\program files\explorer\bin\GlobeLayers.dll
c:\program files\explorer\bin\GlobeServer.dll
c:\program files\explorer\bin\GlobeServerLayer.dll
c:\program files\explorer\bin\GlobeViewerCoreLib.dll
c:\program files\explorer\bin\GPClient.dll
c:\program files\explorer\bin\GpObjects.dll
c:\program files\explorer\bin\GpPythonCore.dll
c:\program files\explorer\bin\GPRasterFunctions.dll
c:\program files\explorer\bin\GraphicElements.dll
c:\program files\explorer\bin\hd420m.dll
c:\program files\explorer\bin\hdf5dll.dll
c:\program files\explorer\bin\hm420m.dll
c:\program files\explorer\bin\icudt40.dll
c:\program files\explorer\bin\icuin40.dll
c:\program files\explorer\bin\icuio40.dll
c:\program files\explorer\bin\icule40.dll
c:\program files\explorer\bin\icuuc40.dll
c:\program files\explorer\bin\ImageAccessLib.dll
c:\program files\explorer\bin\ImageClient.dll
c:\program files\explorer\bin\ImageServer.dll
c:\program files\explorer\bin\ImageServerLayer.dll
c:\program files\explorer\bin\IMSConnector.dll
c:\program files\explorer\bin\ImsFDB.dll
c:\program files\explorer\bin\IMSLayer.dll
c:\program files\explorer\bin\IMSLayerLib.dll
c:\program files\explorer\bin\IMSServiceLib.dll
c:\program files\explorer\bin\ImsWorkspaceFactory.dll
c:\program files\explorer\bin\InMemoryWorkspaceFactory.dll
c:\program files\explorer\bin\InputDevice3Dx.dll
c:\program files\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\ja-JP\DADFRes.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\ja-JP\ResToolkitPro.dll
c:\program files\explorer\bin\kdu61.dll
c:\program files\explorer\bin\KmlLayer.dll
c:\program files\explorer\bin\LabelPlacement.dll
c:\program files\explorer\bin\Layer.dll
c:\program files\explorer\bin\LayerLib.dll
c:\program files\explorer\bin\lcms117lib.dll
c:\program files\explorer\bin\libcollada14dom21.dll
c:\program files\explorer\bin\libcurl.dll
c:\program files\explorer\bin\lti_dsdk_dll.dll
c:\program files\explorer\bin\Map.dll
c:\program files\explorer\bin\MapClient.dll
c:\program files\explorer\bin\MapDB.dll
c:\program files\explorer\bin\MapElements.dll
c:\program files\explorer\bin\MaplexEngineLib.dll
c:\program files\explorer\bin\MapLib.dll
c:\program files\explorer\bin\MappingCore.dll
c:\program files\explorer\bin\MappingCoreLib.dll
c:\program files\explorer\bin\MappingServicesLib.dll
c:\program files\explorer\bin\MapServer.dll
c:\program files\explorer\bin\MapServerLayer.dll
c:\program files\explorer\bin\Marker3DFile.dll
c:\program files\explorer\bin\MessageSupport.dll
c:\program files\explorer\bin\Microsoft.VC90.ATL\atl90.dll
c:\program files\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest
c:\program files\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest
c:\program files\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest
c:\program files\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll
c:\program files\explorer\bin\MosaicDB.dll
c:\program files\explorer\bin\msvcp71.dll
c:\program files\explorer\bin\msvcr71.dll
c:\program files\explorer\bin\Navigation.dll
c:\program files\explorer\bin\NetEngine80.dll
c:\program files\explorer\bin\Network.dll
c:\program files\explorer\bin\NetworkAnalystSolvers.dll
c:\program files\explorer\bin\NetworkDataset.dll
c:\program files\explorer\bin\OGCClient.dll
c:\program files\explorer\bin\OleFDB.dll
c:\program files\explorer\bin\OutputLib.dll
c:\program files\explorer\bin\PageLayout.dll
c:\program files\explorer\bin\pe.dll
c:\program files\explorer\bin\PlugInDataSource.dll
c:\program files\explorer\bin\PlugInWorkspaceFactory.dll
c:\program files\explorer\bin\PrintOut.dll
c:\program files\explorer\bin\RasterAnalysisUtilLib.dll
c:\program files\explorer\bin\RasterCatalog.dll
c:\program files\explorer\bin\RasterCoreLib.dll
c:\program files\explorer\bin\RasterDB.dll
c:\program files\explorer\bin\RasterEngine.dll
c:\program files\explorer\bin\RasterFormats.dat
c:\program files\explorer\bin\RasterGraphicElements.dll
c:\program files\explorer\bin\RasterIO.dll
c:\program files\explorer\bin\RasterLayer.dll
c:\program files\explorer\bin\RasterRenderer.dll
c:\program files\explorer\bin\RasterWorkspaceFactory.dll
c:\program files\explorer\bin\Renderers.dll
c:\program files\explorer\bin\RepresentationDB.dll
c:\program files\explorer\bin\RepresentationEffects.dll
c:\program files\explorer\bin\RepresentationLayer.dll
c:\program files\explorer\bin\RepresentationLib.dll
c:\program files\explorer\bin\RepresentationSymbols.dll
c:\program files\explorer\bin\SceneFilters.dll
c:\program files\explorer\bin\SceneGraph.dll
c:\program files\explorer\bin\sdcdbx.dll
c:\program files\explorer\bin\SDCPlugIn.dll
c:\program files\explorer\bin\sde.dll
c:\program files\explorer\bin\SdeFDB.dll
c:\program files\explorer\bin\SdeRasterDB.dll
c:\program files\explorer\bin\sdesetup.dll
c:\program files\explorer\bin\SdeWorkspaceFactory.dll
c:\program files\explorer\bin\ServerStyleGallery.dll
c:\program files\explorer\bin\sg.dll
c:\program files\explorer\bin\ShapefileFDB.dll
c:\program files\explorer\bin\ShapefileWorkspaceFactory.dll
c:\program files\explorer\bin\SimpleDataConverter.dll
c:\program files\explorer\bin\StyleGalleryClasses.dll
c:\program files\explorer\bin\SystemUIUtil.dll
c:\program files\explorer\bin\Terrain.dll
c:\program files\explorer\bin\TerrainLayer.dll
c:\program files\explorer\bin\TextFileWorkspaceFactory.dll
c:\program files\explorer\bin\TextureCookerService.exe
c:\program files\explorer\bin\TinDb.dll
c:\program files\explorer\bin\TinEngine.dll
c:\program files\explorer\bin\TinLayer.dll
c:\program files\explorer\bin\TinRenderer.dll
c:\program files\explorer\bin\TinWorkspaceFactory.dll
c:\program files\explorer\bin\ViewerCoreLib.dll
c:\program files\explorer\bin\VpfFDB.dll
c:\program files\explorer\bin\VpfWorkspaceFactory.dll
c:\program files\explorer\bin\WebServices.dll
c:\program files\explorer\bin\WMSLayer.dll
c:\program files\explorer\bin\xerces-c_2_7.dll
c:\program files\explorer\bin\XmlSupport.dat
c:\program files\explorer\bin\XMLSupport.dll
c:\program files\explorer\bin\XYEvents.dll
c:\program files\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll
c:\program files\explorer\bin\zh-CN\DADFRes.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\zh-CN\ResToolkitPro.dll
c:\program files\explorer\bin\zlib1.dll
c:\program files\explorer\bin\zlibwapi.dll
c:\program files\explorer\ColorProfiles\esriGray22.icc
c:\program files\explorer\ColorProfiles\Lab2Lab.icm
c:\program files\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc
c:\program files\explorer\ColorProfiles\USWebCoatedSWOP.icc
c:\program files\explorer\ColorProfiles\Xyz2Xyz.icm
c:\program files\explorer\com\com.zreg
c:\program files\explorer\com\esriE3.olb
c:\program files\explorer\license\ExplorerEnglishLicense.pdf
c:\program files\explorer\license\ExplorerFrenchLicense.pdf
c:\program files\explorer\license\ExplorerGermanLicense.pdf
c:\program files\explorer\license\ExplorerJapaneseLicense.pdf
c:\program files\explorer\license\ExplorerSimplChineseLicense.pdf
c:\program files\explorer\license\ExplorerSpanishLicense.pdf
c:\program files\explorer\PackageTemplates\ArcGISExplorer.stylesheet
c:\program files\explorer\PackageTemplates\Package931.template
c:\program files\explorer\pedata\gdaldata\coordinate_axis.csv
c:\program files\explorer\pedata\gdaldata\cubewerx_extra.wkt
c:\program files\explorer\pedata\gdaldata\ecw_cs.dat
c:\program files\explorer\pedata\gdaldata\ellipsoid.csv
c:\program files\explorer\pedata\gdaldata\epsg.wkt
c:\program files\explorer\pedata\gdaldata\esri_extra.wkt
c:\program files\explorer\pedata\gdaldata\gcs.csv
c:\program files\explorer\pedata\gdaldata\gdal_datum.csv
c:\program files\explorer\pedata\gdaldata\gdalicon.png
c:\program files\explorer\pedata\gdaldata\pcs.csv
c:\program files\explorer\pedata\gdaldata\prime_meridian.csv
c:\program files\explorer\pedata\gdaldata\projop_wparm.csv
c:\program files\explorer\pedata\gdaldata\s57attributes.csv
c:\program files\explorer\pedata\gdaldata\s57expectedinput.csv
c:\program files\explorer\pedata\gdaldata\s57objectclasses.csv
c:\program files\explorer\pedata\gdaldata\seed_2d.dgn
c:\program files\explorer\pedata\gdaldata\seed_3d.dgn
c:\program files\explorer\pedata\gdaldata\stateplane.csv
c:\program files\explorer\pedata\gdaldata\unit_of_measure.csv
c:\program files\explorer\plugins\explorerCore.ecfg
c:\program files\explorer\schemas\ExplorerAddIn.xsd
c:\program files\explorer\schemas\ExplorerGeometry.xsd
c:\program files\explorer\schemas\NmfDocument.xsd
c:\program files\explorer\Styles\default.css
c:\program files\explorer\Styles\Directions\CheckeredFlag16.png
c:\program files\explorer\Styles\Directions\GreenFlag16.png
c:\program files\explorer\Styles\Directions\Print16.png
c:\program files\explorer\Styles\ExplorerColors.de.xml
c:\program files\explorer\Styles\ExplorerColors.es.xml
c:\program files\explorer\Styles\ExplorerColors.fr.xml
c:\program files\explorer\Styles\ExplorerColors.ja-JP.xml
c:\program files\explorer\Styles\ExplorerColors.xml
c:\program files\explorer\Styles\ExplorerColors.zh-CN.xml
c:\program files\explorer\Styles\ExplorerSymbols.de.xml
c:\program files\explorer\Styles\ExplorerSymbols.es.xml
c:\program files\explorer\Styles\ExplorerSymbols.fr.xml
c:\program files\explorer\Styles\ExplorerSymbols.ja-JP.xml
c:\program files\explorer\Styles\ExplorerSymbols.xml
c:\program files\explorer\Styles\ExplorerSymbols.zh-CN.xml
c:\program files\explorer\Styles\kml.css
c:\program files\explorer\Styles\KMLIcons\american-flag.png
c:\program files\explorer\Styles\KMLIcons\arrow.png
c:\program files\explorer\Styles\KMLIcons\asian-flag.png
c:\program files\explorer\Styles\KMLIcons\auto-service.png
c:\program files\explorer\Styles\KMLIcons\auto.png
c:\program files\explorer\Styles\KMLIcons\bang.png
c:\program files\explorer\Styles\KMLIcons\bars.png
c:\program files\explorer\Styles\KMLIcons\building.png
c:\program files\explorer\Styles\KMLIcons\coffee_house_16.png
c:\program files\explorer\Styles\KMLIcons\crosshair.png
c:\program files\explorer\Styles\KMLIcons\dining.png
c:\program files\explorer\Styles\KMLIcons\dining_16.png
c:\program files\explorer\Styles\KMLIcons\dot.png
c:\program files\explorer\Styles\KMLIcons\fast-food.png
c:\program files\explorer\Styles\KMLIcons\four-dollars.png
c:\program files\explorer\Styles\KMLIcons\french-flag.png
c:\program files\explorer\Styles\KMLIcons\hand.png
c:\program files\explorer\Styles\KMLIcons\high_res_places.png
c:\program files\explorer\Styles\KMLIcons\highway_16.png
c:\program files\explorer\Styles\KMLIcons\italian-flag.png
c:\program files\explorer\Styles\KMLIcons\large_traffic_count_16.png
c:\program files\explorer\Styles\KMLIcons\mexican-flag.png
c:\program files\explorer\Styles\KMLIcons\misc_dining.png
c:\program files\explorer\Styles\KMLIcons\note.png
c:\program files\explorer\Styles\KMLIcons\one-dollar.png
c:\program files\explorer\Styles\KMLIcons\palette-2.png
c:\program files\explorer\Styles\KMLIcons\palette-3.png
c:\program files\explorer\Styles\KMLIcons\palette-4.png
c:\program files\explorer\Styles\KMLIcons\palette-5.png
c:\program files\explorer\Styles\KMLIcons\parks.png
c:\program files\explorer\Styles\KMLIcons\recreation.png
c:\program files\explorer\Styles\KMLIcons\school_16.png
c:\program files\explorer\Styles\KMLIcons\search.png
c:\program files\explorer\Styles\KMLIcons\streamed_layer.png
c:\program files\explorer\Styles\KMLIcons\streamed_layers.png
c:\program files\explorer\Styles\KMLIcons\terrain_16.png
c:\program files\explorer\Styles\KMLIcons\three-dollars.png
c:\program files\explorer\Styles\KMLIcons\transportation.png
c:\program files\explorer\Styles\KMLIcons\two-dollars.png
c:\program files\explorer\Styles\KMLIcons\webcam_16.png
c:\program files\explorer\Styles\SlideTitleStyles.de.xml
c:\program files\explorer\Styles\SlideTitleStyles.es.xml
c:\program files\explorer\Styles\SlideTitleStyles.fr.xml
c:\program files\explorer\Styles\SlideTitleStyles.ja-JP.xml
c:\program files\explorer\Styles\SlideTitleStyles.xml
c:\program files\explorer\Styles\SlideTitleStyles.zh-CN.xml
c:\program files\explorer\Styles\StyleSheet.xsl
c:\program files\explorer\Styles\SymbolImages\Civic\ATM.png
c:\program files\explorer\Styles\SymbolImages\Civic\Bank.png
c:\program files\explorer\Styles\SymbolImages\Civic\Bell.png
c:\program files\explorer\Styles\SymbolImages\Civic\Cemetery.png
c:\program files\explorer\Styles\SymbolImages\Civic\City.png
c:\program files\explorer\Styles\SymbolImages\Civic\Clue.png
c:\program files\explorer\Styles\SymbolImages\Civic\Crowd.png
c:\program files\explorer\Styles\SymbolImages\Civic\GhostTown.png
c:\program files\explorer\Styles\SymbolImages\Civic\Horn.png
c:\program files\explorer\Styles\SymbolImages\Civic\Housing.png
c:\program files\explorer\Styles\SymbolImages\Civic\MailPost.png
c:\program files\explorer\Styles\SymbolImages\Civic\Office.png
c:\program files\explorer\Styles\SymbolImages\Civic\Radioactive.png
c:\program files\explorer\Styles\SymbolImages\Civic\School.png
c:\program files\explorer\Styles\SymbolImages\Civic\StarsStripes.png
c:\program files\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\GreenFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\RedFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\WhiteFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\YellowFlag.png
c:\program files\explorer\Styles\SymbolImages\Health\AidStation.png
c:\program files\explorer\Styles\SymbolImages\Health\Ambulance.png
c:\program files\explorer\Styles\SymbolImages\Health\Doctor.png
c:\program files\explorer\Styles\SymbolImages\Health\Health.png
c:\program files\explorer\Styles\SymbolImages\Health\Hospital.png
c:\program files\explorer\Styles\SymbolImages\Health\Pharmacy.png
c:\program files\explorer\Styles\SymbolImages\Marine\AmberBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BlackBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BlueBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png
c:\program files\explorer\Styles\SymbolImages\Marine\ControlledArea.png
c:\program files\explorer\Styles\SymbolImages\Marine\Danger.png
c:\program files\explorer\Styles\SymbolImages\Marine\DiverDown.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\PersonOverboard.png
c:\program files\explorer\Styles\SymbolImages\Marine\RadioBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png
c:\program files\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png
c:\program files\explorer\Styles\SymbolImages\Marine\VioletBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\Wreck.png
c:\program files\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Capital1.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Capital2.png
c:\program files\explorer\Styles\SymbolImages\Placemark\CircleX.png
c:\program files\explorer\Styles\SymbolImages\Placemark\CrossHair.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated1.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated2.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated3.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated4.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated5.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated6.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated7.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Star.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Bar.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Camera.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Coffee.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dam.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dining.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\FastFood.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Forest.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Globe.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Information.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\LandLine.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Light.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Mine.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Museum.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\News.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Note.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\OilWell.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pizza.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pub.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Question.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Restroom.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shopping.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shower.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Stadium.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Zoo.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Burglary.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireFighter.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireStation.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireTruck.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Homicide.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Police.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Theft.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Beach.png
c:\program files\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Bowling.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Camping.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Deer.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Fishing.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Geocache.png
c:\program files\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Gliding.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Golf.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Hiking.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Mountain.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Park.png
c:\program files\explorer\Styles\SymbolImages\Recreation\RestArea.png
c:\program files\explorer\Styles\SymbolImages\Recreation\RVPark.png
c:\program files\explorer\Styles\SymbolImages\Recreation\SkyDiving.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Sports.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Swimming.png
c:\program files\explorer\Styles\SymbolImages\Recreation\TrackBack.png
c:\program files\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png
c:\program files\explorer\Styles\SymbolImages\Sphere\BlueSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\GreenSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\RedSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\YellowSphere.png
c:\program files\explorer\Styles\SymbolImages\Square\BlackWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Square\BlueWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png
c:\program files\explorer\Styles\SymbolImages\Transparent\Transparent.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Airplane.png
c:\program files\explorer\Styles\SymbolImages\Transportation\AirStrip.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Breakdown.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Bus.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRental.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRepair.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Crossing.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Fuel.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Landingpad.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Lodging.png
c:\program files\explorer\Styles\SymbolImages\Transportation\MileMarker.png
c:\program files\explorer\Styles\SymbolImages\Transportation\MountainPass.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Overpass.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Parking.png
c:\program files\explorer\Styles\SymbolImages\Transportation\PrivateField.png
c:\program files\explorer\Styles\SymbolImages\Transportation\RoadClosure.png
c:\program files\explorer\Styles\SymbolImages\Transportation\RoadWork.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Sailing.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Scales.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Seaplane.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Tank.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Toll.png
c:\program files\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Tunnel.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Ultralight.png
c:\program files\explorer\Styles\SymbolImages\Transportation\WarningRed.png
c:\program files\explorer\Styles\SymbolImages\Transportation\WarningYellow.png
c:\program files\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png
c:\program files\explorer\Styles\SymbolImages\Weather\Cloudy.png
c:\program files\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png
c:\program files\explorer\Styles\SymbolImages\Weather\Lightning.png
c:\program files\explorer\Styles\SymbolImages\Weather\PartlySunny.png
c:\program files\explorer\Styles\SymbolImages\Weather\Rain.png
c:\program files\explorer\Styles\SymbolImages\Weather\Snow.png
c:\program files\explorer\Styles\SymbolImages\Weather\Sunny.png
c:\program files\explorer\Styles\Template.ncfg
c:\program files\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml
c:\program files\explorer\TilingSchemes\GoogleMapsVersions.xml
c:\program files\explorer\TilingSchemes\Yahoo.xml
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\@
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\L\[email protected]
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\U\[email protected]
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\U\[email protected]
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\U\[email protected]
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\U\[email protected]
c:\program files\Google\Desktop\Install\{9a4c2295-5282-08c7-e67b-877e27be270b}\0103~1\0103~1\CFFE~1\{9a4c2295-5282-08c7-e67b-877e27be270b}\U\[email protected]
.
.
((((((((((((((((((((((((( Files Created from 2013-07-23 to 2013-08-23 )))))))))))))))))))))))))))))))
.
.
2013-08-17 21:59 . 2013-08-17 21:59 -------- d-----w- C:\1bb7d858529563ae421b1949
2013-08-17 21:35 . 2013-08-17 21:35 -------- d-----w- C:\571d9f75a08cda6038bb04987d9e6278
2013-08-14 22:01 . 2013-08-14 22:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-08-13 16:46 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A990EF55-8BEC-4560-9241-B2ABC636D9CA}\mpengine.dll
2013-08-12 15:20 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 02:50 . 2011-04-18 18:18 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 20:08 . 2012-04-22 01:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 20:08 . 2012-04-22 01:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 04:55 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-10 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-10 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-10 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-25 05:17 . 2004-08-10 12:00 826880 ----a-w- c:\windows\system32\wmvdmod.dll
2010-06-24 20:08 . 2010-06-24 19:58 69586 ----a-w- c:\program files\Halliburton_Log_Viewer.exe
2010-01-08 18:12 . 2010-01-08 18:12 529288 ----a-w- c:\program files\smartdraw_10J_FCIXM_setup gantt chart.exe
2008-03-26 14:24 . 2008-03-26 14:24 9575424 ----a-w- c:\program files\HalliburtonLogViewPro950Install.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-02 169472]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-09-11 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2012-4-15 82026]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-2 24576]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2006-6-12 299008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [7/8/2009 3:48 PM 440616]
S2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [7/8/2009 3:48 PM 1410856]
S2 gupdate1c9985165b5feae;Google Update Service (gupdate1c9985165b5feae);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2009 3:32 PM 133104]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/25/2013 6:05 PM 245760]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 20:09]
.
2013-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-12 01:27]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 20:32]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 20:32]
.
2013-08-10 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-04-19 07:15]
.
2013-08-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-01-08 16:21]
.
2013-08-20 c:\windows\Tasks\User_Feed_Synchronization-{933C1E9B-CCED-49BD-B3FC-E8FA76368C20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-08-22 20:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-458396208-2465111547-1707193820-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-08-22 20:45:23
ComboFix-quarantined-files.txt 2013-08-23 01:45
ComboFix2.txt 2012-06-19 13:34
.
Pre-Run: 10,090,393,600 bytes free
Post-Run: 11,700,297,728 bytes free
.
- - End Of File - - ACBE7143E523539A5CA37D0BB930629C
DEA9E81F0228B68C9ADAF84C9B0CF931
Attached Files
File Type: txt ComboFix.txt (50.9 KB, 36 views)
crudeoil is offline  
Old 08-22-2013, 09:54 PM   #8
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Quote:
First I modified the name of Combofix that I loaded today, adding a date after it to differentiate it from an old combofix.exe file still on my flash drive from my 2012 computer problem
Combofix is frequently updated, sometimes several times a day. Therefore, it's best not to keep old copies of Combofix. Also, Combofix would have asked you if you wanted the old copy replaced with the new one. So, there was no need to rename it.

It appears that the Recovery Console was installed when you ran Combofix the last time.

Combofix has removed some files which appear to belong to ArcGIS Explorer Desktop, as it has installed itself in a way that mimics malware. Are you using this program?

Are you able to boot to Normal Mode now? If so, please double click on Combofix.exe and run the program one more time from the Normal Mode and post the Combofix.txt in your next reply.
amateur is offline  
Old 08-23-2013, 02:33 PM   #9
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



I
am currently not using ArcGIS Explorer Desktop. I haven't for quite a while. If I need to I will probably need to update it anyway.

Regarding Normal Mode booting, I have always been able to boot up in this mode and it showed that I had internet connection. The only concern I had was that each time i did the darn malware virus ISdtp window would always open up and I just thought that having this active while running Combofix would interfere with the cleanup process.

SOME GOOD NEWS TO REPORT. THIS TIME WHEN BOOTING UP IN NORMAL MODE infected computer(or may be not infected)), NO ISdtp window POPPED UP. YOUR ASSISTANCE APPEARS TO HAVE RID ME OF THE MALWARE THAT STARTED THIS JOURNEY.

THANKS A BUNCH!!!!!!!!

Anyway, attached is the Combofix.txt from the the previously infected computer done in NORMAL MODE.

Awaiting further instructions.

ComboFix 13-08-22.01 - Ray 08/23/2013 11:07:54.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1270 [GMT -5:00]
Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-23 to 2013-08-23 )))))))))))))))))))))))))))))))
.
.
2013-08-23 16:02 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC427AA0-3681-4EA3-B3A1-292C50A16272}\mpengine.dll
2013-08-23 15:52 . 2013-08-23 15:52 -------- d-----w- c:\windows\LastGood
2013-08-17 21:59 . 2013-08-17 21:59 -------- d-----w- C:\1bb7d858529563ae421b1949
2013-08-17 21:35 . 2013-08-17 21:35 -------- d-----w- C:\571d9f75a08cda6038bb04987d9e6278
2013-08-14 22:01 . 2013-08-14 22:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-08-13 16:46 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 02:50 . 2011-04-18 18:18 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 20:08 . 2012-04-22 01:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 20:08 . 2012-04-22 01:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 04:55 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-10 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-10 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-10 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 20:08 . 2010-06-24 19:58 69586 ----a-w- c:\program files\Halliburton_Log_Viewer.exe
2010-01-08 18:12 . 2010-01-08 18:12 529288 ----a-w- c:\program files\smartdraw_10J_FCIXM_setup gantt chart.exe
2008-03-26 14:24 . 2008-03-26 14:24 9575424 ----a-w- c:\program files\HalliburtonLogViewPro950Install.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-02 169472]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-09-11 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2012-4-15 82026]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-2 24576]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2006-6-12 299008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [7/8/2009 3:48 PM 440616]
S2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [7/8/2009 3:48 PM 1410856]
S2 gupdate1c9985165b5feae;Google Update Service (gupdate1c9985165b5feae);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2009 3:32 PM 133104]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/25/2013 6:05 PM 245760]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 20:09]
.
2013-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-12 01:27]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 20:32]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 20:32]
.
2013-08-10 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-04-19 07:15]
.
2013-08-23 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-01-08 16:21]
.
2013-08-23 c:\windows\Tasks\User_Feed_Synchronization-{933C1E9B-CCED-49BD-B3FC-E8FA76368C20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-08-23 11:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-458396208-2465111547-1707193820-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WININET.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-08-23 11:31:30
ComboFix-quarantined-files.txt 2013-08-23 16:31
ComboFix2.txt 2013-08-23 01:45
ComboFix3.txt 2012-06-19 13:34
.
Pre-Run: 9,345,130,496 bytes free
Post-Run: 9,341,554,688 bytes free
.
- - End Of File - - 7264D8A61581A23E9A5452C1BD29C65C
DEA9E81F0228B68C9ADAF84C9B0CF931
Attached Files
File Type: txt combofix.txt (10.2 KB, 42 views)
crudeoil is offline  
Old 08-24-2013, 12:37 AM   #10
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

You're welcome. The main infection has been dealt with. Is MSE working now? Time to look for remnants, if any.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note:

**Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

=====================

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

Your java is out of date.

Please go to Start > Control Panel > Programs and Features and remove the Java program(s) installed.
Next, download the latest Java, version 7 update 25 from the following link
Download Free Java Software

======================

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
amateur is offline  
Old 08-26-2013, 06:58 PM   #11
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



Hi AMATUER

I am very sorry for the long delay in reply. I had just too many things happening on the weekend. Also, the last scan ESET took about 8+ hours and caused me to let it finish during the early morning hours when I was asleep.

Shown below are the scan logs you’ve requested. I am reporting these directly in the reply and not as an attachment. I believe that’s how you want it. You didn’t exactly ask for the MBAB log but I included it anyway

Some flukes, for lack of a better word, did occur during the tasks.

One gripe I always have in downloading software is that there are so many software programs being marketed on the same page that it is sometimes difficult and time consuming in finding the right download button for the actual software I want to download. Now that I got that off my chest.


During the download of the updated Java software, I did get back two error messages. The first one I was able to jot it down and its content is shown below as best as I can decipher my own handwriting;

Downloaded file C:\Documents & Settings\Data\Sun\Java\Jre1.70_25
Java_Sp.dll is corrupt

I am somewhat unsure of the correctness of that which is underlined but I think all the characters are correct, I am just unsure of the spaces and alphamerics.

For the second error, I was only able to get the Window name. The name was

Error-Java Installer

It was not a long definition but the window disappeared before I could write anything down.

Other than the long scan time of ESET, the only other delays were caused by two BLUESCREENS. This is an occurrence that has been happening to me every once in a while. I just haven’t taken the time to resolve it.

__________________________________________________________
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.24.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ray :: AGGIELAND [administrator]
8/24/2013 2:17:08 PM
MBAM-log-2013-08-24 (15-00-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267854
Time elapsed: 32 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{108A39BF-4ED1-4293-B11A-06BD521FB8F7} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7} (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache (PUP.Optional.Tarma.A) -> No action taken.
Files Detected: 14
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20100628211932.log (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz (PUP.Optional.Tarma.A) -> No action taken.
(end)

___________________________________________________________
# AdwCleaner v3.001 - Report created 24/08/2013 at 16:04:41
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ray - AGGIELAND
# Running from : C:\Documents and Settings\Ray\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found C:\Documents and Settings\All Users\Application Data\Premium
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\myBabylon_English
Folder Found C:\Documents and Settings\Ray\IECompatCache
Folder Found C:\Documents and Settings\Ray\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Ray\Local Settings\Application Data\ConduitEngine
Folder Found C:\Documents and Settings\Ray\Local Settings\Application Data\myBabylon_English
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Free Offers from Freeze.com
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\myBabylon_English
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1486055-DF58-4F25-AFF7-2E1DE5758666}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12A90E5E-59F4-4BB1-B00D-8A3D317C8CC7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA612688-6266-4BB5-B591-EEB07EFB5DC1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB76F55C-9B42-408D-B4C5-7612E8221823}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\myBabylon_English Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F1486055-DF58-4F25-AFF7-2E1DE5758666}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\myBabylon_English
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702

*************************
AdwCleaner[R0].txt - [9001 octets] - [24/08/2013 16:04:41]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9061 octets] ##########

_____________________________________________________________
C:\Documents and Settings\Ray\Application Data\D9358A550FA30F192E2CEA67EA42EA0E\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Ray\Application Data\D9358A550FA30F192E2CEA67EA42EA0E\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Ray\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\f6cc253-32fceee4 a variant of Java/Exploit.Agent.PDE trojan
C:\Documents and Settings\Ray\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\7\27dfd747-738de51b a variant of Java/Exploit.CVE-2012-0507.FU trojan
C:\Documents and Settings\Ray\My Documents\CD Burner\CD Burner.exe a variant of Win32/InstallIQ.A application
C:\RECYCLER\S-1-5-21-458396208-2465111547-1707193820-1005\Dc1.exe Win32/DownloadAdmin.G application
crudeoil is offline  
Old 08-27-2013, 12:51 AM   #12
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

No worries about the delay. Online scans can take time depending on what's on the machine.

ESET is flagging the CD Burner.exe because it's an installation application. If you're not going to use it again, you may delete it.

C:\Documents and Settings\Ray\My Documents\CD Burner\CD Burner.exe

==========================

Mawarebytes has detected Tarma Installer which is a PUP (Potentiall Unwanted Program) . It doesn't necessarily mean malware.

If you installed Tarma yourself willingly, then you can ignore this detection. If you were not aware this was installed or don't know the program, then it means it was probably installed without your notice (because you would be aware of it otherwise). In that case, you can let Malwarebytes delete what it has found.


===========================

Quote:
Downloaded file C:\Documents & Settings\Data\Sun\Java\Jre1.70_25
Java_Sp.dll is corrupt
Try the offline installation here:

Java Downloads for All Operating Systems

Select the Windows Offline 32-bit and download it to your desktop.

Go to Start>Control Panel>Add or Remove Programs and remove Java 7 Update 11.

Then run the offline Java installation.

If it's still giving you the error, right click on the Java Installer on your desktop, and select Properties from the menu.

Select the Compatibility tab.

Check the "Run This Program in Compatibility Mode for" check box and select Windows XP (Service Pack 3) from the pull down.

Under Privilege Level, check the "Run This Program as an Administrator" box. Then hit OK.

Now, try running the installer again.

Once the installation is complete, Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

This will remove the ESET detections in the Java cache as well.

========================

Let's use Combofix to remove the remaining detections:

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

===========================
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Disable your Security Applications

Code:
File::
C:\Documents and Settings\Ray\Application Data\D9358A550FA30F192E2CEA67EA42EA0E\enemies-names.txt 
C:\Documents and Settings\Ray\Application Data\D9358A550FA30F192E2CEA67EA42EA0E\local.ini
C:\RECYCLER\S-1-5-21-458396208-2465111547-1707193820-1005\Dc1.exe
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.


==========================

Quote:
One gripe I always have in downloading software is that there are so many software programs being marketed on the same page that it is sometimes difficult and time consuming in finding the right download button for the actual software I want to download.
You're absolutely right. It's very annoying, but there is nothing we can do about that. You'll just have to be very careful about not downloading anything else, and also unchecking any other software that's included with the download.

==========================

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


===========================


Quote:
Other than the long scan time of ESET, the only other delays were caused by two BLUESCREENS. This is an occurrence that has been happening to me every once in a while. I just haven’t taken the time to resolve it.
Let's have another tool to check for rootkits.

When you run this tool, it's important to remember to choose Skip not 'Cure' if it finds something. We are interested in a scan only, not a fix.
  • Download TDSSKiller.exe
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, Change the action to Skip. Do NOT allow it to Cure anything.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller<version_date_time>log.txt
  • Attach that log, please.
amateur is offline  
Old 09-01-2013, 02:36 PM   #13
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



Finally able to get to a point to get my reports to you. The combination of computer interruptions occurring in the midst of scans as well as some personal delays, as in car drive belt failure/repair, have really delayed my response to your last directives. I will try to include as much detail in what has occur as possible to assist you in assisting me in my continuing diagnosis and resolution.

I was able to complete all tasks up to TSSkiller execution. At the moment I am having trouble again in connecting to the internet through my wireless network, the AT&T 2Wire gateway. I do get a listing of the the networks available to connect to and when I click connect it tries but then retries to connect and this keeps going on and on and on.

Let me start at the beginning

Since i don't use CDburner I went ahead and deleted it. My only problem in this step was that I was not able able to just delete the Folder. Whne I tried doing this it kept giveing me an IN USE rejection to delete. Instead, I was allowed to delete the files and folders in the the Burner folder. Now I just have an empty cdburner folder.

I also updated my MBAM to remove the Tarma malware but after running a quick scan, it did not find any Tarma malware there.

I was successful in installing the updated JAVA by the offline process. Prior to completing this I did have a bluescreen occurrence while I was uninstalling the update java that did get install last time. Any way after hard shut down during bluescreen, every thing progressed exactly in the manner suggested in the procedure after I restarted the computer.

I had to do the Combofix/CFScript scan twice because I got another bluescreen during the scanning process. Also when I saved the CFScript file as type "all files" it did not have the .txt after its name like shown in the instruction. Anyway, after a second run i did get a scan log.

The ADWCleaner scan completed successfully.

Since it was getting late after ADWCleaner scan finished I did not attempt to do the TDSSkiller scan until the next morning. It was at this time that I encountered my wireless connection attempt cycling. I hit the connect buttion but it fails to connect and the button seems to go from connect to disconnect on its own

I am providing the Combofix/CFScript and ADWCleaner scan below.
I hope this is helpful

___________________________________________________
ComboFix 13-08-29.02 - Ray 08/29/2013 20:41:37.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1311 [GMT -5:00]
Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ray\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Ray\Application Data\D9358A550FA30F192E2CEA67EA42EA0E\enemies-names.txt"
"c:\documents and settings\Ray\Application Data\D9358A550FA30F192E2CEA67EA42EA0E\local.ini"
"c:\recycler\S-1-5-21-458396208-2465111547-1707193820-1005\Dc1.exe"
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-30 )))))))))))))))))))))))))))))))
.
.
2013-08-30 01:31 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3543733D-47BB-466A-91AB-23D67A051368}\mpengine.dll
2013-08-28 22:19 . 2013-08-28 22:19 -------- d-----w- c:\documents and settings\Ray\.jinit
2013-08-28 17:37 . 2013-08-28 17:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-28 17:37 . 2013-08-28 17:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-28 17:33 . 2013-08-28 17:33 -------- d-----w- C:\Sun
2013-08-28 15:28 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-26 17:13 . 2013-08-29 22:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-24 21:03 . 2013-08-24 21:05 -------- d-----w- C:\AdwCleaner
2013-08-24 19:11 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-23 17:07 . 2013-08-23 17:07 17139080 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-08-17 21:59 . 2013-08-17 21:59 -------- d-----w- C:\1bb7d858529563ae421b1949
2013-08-17 21:35 . 2013-08-17 21:35 -------- d-----w- C:\571d9f75a08cda6038bb04987d9e6278
2013-08-14 22:01 . 2013-08-14 22:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-28 17:36 . 2012-06-11 20:39 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-28 17:36 . 2010-07-02 19:03 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-23 17:08 . 2012-04-22 01:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-23 17:08 . 2012-04-22 01:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-31 22:20 . 2004-08-10 12:00 827392 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-26 02:47 . 2004-08-10 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2004-08-10 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2004-08-10 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-19 02:50 . 2011-04-18 18:18 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-04 07:23 . 2004-08-10 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-10 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 20:08 . 2010-06-24 19:58 69586 ----a-w- c:\program files\Halliburton_Log_Viewer.exe
2010-01-08 18:12 . 2010-01-08 18:12 529288 ----a-w- c:\program files\smartdraw_10J_FCIXM_setup gantt chart.exe
2008-03-26 14:24 . 2008-03-26 14:24 9575424 ----a-w- c:\program files\HalliburtonLogViewPro950Install.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-02 169472]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-09-11 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2012-4-15 82026]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-2 24576]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2006-6-12 299008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 MpKsl7421789a;MpKsl7421789a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAD4817-7E57-45B2-9993-1C01F87870C2}\MpKsl7421789a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAD4817-7E57-45B2-9993-1C01F87870C2}\MpKsl7421789a.sys [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/24/2013 2:11 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/24/2013 2:11 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/24/2013 2:11 PM 22856]
S2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [7/8/2009 3:48 PM 440616]
S2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [7/8/2009 3:48 PM 1410856]
S2 gupdate1c9985165b5feae;Google Update Service (gupdate1c9985165b5feae);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2009 3:32 PM 133104]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/25/2013 6:05 PM 245760]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/26/2013 12:13 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 17:08]
.
2013-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-12 01:27]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 20:32]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 20:32]
.
2013-08-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 23:05]
.
2013-08-28 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-04-19 07:15]
.
2013-08-30 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-01-08 16:21]
.
2013-08-30 c:\windows\Tasks\User_Feed_Synchronization-{933C1E9B-CCED-49BD-B3FC-E8FA76368C20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-08-29 21:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-458396208-2465111547-1707193820-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\WININET.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-08-29 21:09:49
ComboFix-quarantined-files.txt 2013-08-30 02:09
ComboFix2.txt 2013-08-23 16:31
ComboFix3.txt 2013-08-23 01:45
ComboFix4.txt 2012-06-19 13:34
.
Pre-Run: 8,722,006,016 bytes free
Post-Run: 8,808,255,488 bytes free
.
- - End Of File - - 207F4FAB0DB00D31E41B081640B4D6E7
DEA9E81F0228B68C9ADAF84C9B0CF931
__________________________________________________
# AdwCleaner v3.001 - Report created 29/08/2013 at 22:31:02
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ray - AGGIELAND
# Running from : C:\Documents and Settings\Ray\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\myBabylon_English
Folder Deleted : C:\Documents and Settings\Ray\IECompatCache
Folder Deleted : C:\Documents and Settings\Ray\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Ray\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Ray\Local Settings\Application Data\myBabylon_English
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1486055-DF58-4F25-AFF7-2E1DE5758666}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\myBabylon_English
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\myBabylon_English
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\myBabylon_English Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702

*************************
AdwCleaner[R0].txt - [9141 octets] - [24/08/2013 16:04:41]
AdwCleaner[R1].txt - [9201 octets] - [29/08/2013 22:16:46]
AdwCleaner[S0].txt - [6629 octets] - [29/08/2013 22:31:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6689 octets] ##########
crudeoil is offline  
Old 09-02-2013, 01:51 AM   #14
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Quote:
Since i don't use CDburner I went ahead and deleted it. My only problem in this step was that I was not able able to just delete the Folder. Whne I tried doing this it kept giveing me an IN USE rejection to delete. Instead, I was allowed to delete the files and folders in the the Burner folder. Now I just have an empty cdburner folder.
That's fine. You should be able to delete the folder now. Alternately, you can delete it in Safe Mode.

Quote:
I was successful in installing the updated JAVA by the offline process.
Good.

Quote:
Also when I saved the CFScript file as type "all files" it did not have the .txt after its name like shown in the instruction
If your system is set not to show file extension, you won't be able to see it.

The blue screen issue may not be related to malware though. Have you been able to run TDSSKiller later? Let's try another scanner to rule out rootkit.

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.


Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.
  • Check for Updates, then Scan your system for malware.
  • If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. Also, If you get AppInit_Dlls rootkit warning, please do not select to fix it. Just continue with the scan. When completed you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt .

Please post the contents of that log in your next reply.
amateur is offline  
Old 09-03-2013, 07:19 PM   #15
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



I had a lot more narrative here but when I hit send reply, my response time had expired and I lost my explanation. I wish I would have saved it but I am just too brain dead now to try to remember it. I wish I would saved it first to WORD before I hit REPLY

Anyway the eseence is that I still have the wireless connection attempt cycling problem still occurring. Still not able to get to the internet. Maybe that is what eventually is causing my more frequent BSs now.

The TDSKiller scan located no threats. I have attached a screen shot of the window report after the scan was complete.

The MBAR scal log is copied to the reply below. I do not know if there was any maware located because the compluter had a shut down and retsart while I was away but it seemed to have saved a log of the scan. I did see the window regarding the AppInit_Dlls rootkit warning and I clicked on the NO.

I am going to attach a WORD doc to show you what occurs regarding the cycling wireless connection attempt.

Look forward to your reply


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1440636928
Host not found
Initializing...
=======================================
------------ Kernel report ------------
09/02/2013 21:24:56
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\hiber_WMILIB.SYS
\SystemRoot\system32\drivers\63461599.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8a38c900
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8a3a9ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6eaab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a6ee940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6eaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6ca930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6eaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6ee940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 143508645
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 143605035 Numsec = 9735390
Disk Size: 78518522880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-153336490-153356490)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a38c900, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3a1020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a38c900, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3a9ea0, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 16 Numsec = 7813104
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4000317440 bytes
Sector size: 512 bytes
Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1479725056
=======================================
Initializing...
------------ Kernel report ------------
09/03/2013 11:52:49
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR6
Upper Device Object: 0xffffffff8891e5b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xffffffff8a252838
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a708ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a70b940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a708ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6cb930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a708ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a70b940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
crudeoil is offline  
Old 09-04-2013, 01:57 AM   #16
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

MBAR log appears to be cut off. Are you sure you posted the entire content of the log?

Open the Malwarebytes Anti-Rootkit folder.
Locate fixdamage.exe within the \mbar\Plugins folder and double click on it. In Windows Vista and Windows 7, approve the UAC prompt
fixdamage.exe will open a command window.
You will be asked if you want to continue. Type y if you do.
A reboot request may be made after the fix. Type y in the command prompt, and allow the computer to be rebooted.
Even if a reboot request was not made after running FixDamage.exe please restart the computer.

Once back in Windows, please send the following logs as attachments to your reply. These logs are located in the Malwarebytes Anti-Rootkit folder.
  • mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
  • system-log.txt
amateur is offline  
Old 09-04-2013, 06:49 PM   #17
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



In my previous reply, I did copy the entire MBAR scan system-log.txt from the first MBAR scan I ran. The reason why all of it was not there might be due to the possible premature stoppage of the scan due to a BlueScreen (BS) event. One did occur at a time during the first run when I was away from the computer. However, because the MBAR folder was saved in the system tray to the lower left, I just assumed that the scan finished completely.

Another indicator it might have been incomplete was the absence if the file mbar-log-2013-xx-xx(xx-xx-xx).txt that you requested in your last reply to me. The only text file the the first MBAR produce was the system-log.txt.

Consequently, I decided to re-download MBAR today via Flash drive to my computer and rerun it again. Before I did this I did do the fixdamage.exe step and all other steps.

I did have to run the MBAR twice due to another BS occurrence during the first attempt today. I did monitor the scan closer the second time and was able to see that the MBAR scan went to completion on the second scan today and the result was that "NO MALWARE FOUND".
Shown below are the scans you requested.

Maybe in time you will assist me what to do in getting my wireless connection made. Refering to the attachment I sent last time that shows the actions and windows appearing when the computer tries to make connection I have gone a little further in trying to understand what needs to be done.

One thing is that the wi-fi device name Belkin suggested in being used from the drop down list of that particular window maybe the 2wire ATT gateway that I have. At least in checking google, belkin now may have combined with ATT. The only problem to proceed further I need to know the device ownership password. Google search suggests the password is on the gateway. when you start inputting the 10 character PW, it declares that Checksum validation fails before all password 3s are put in. Others on google suggest it must be a 7 character PW. I just don't know what it is or how to find it.

Anyway the information you requested is below

I look forward to your reply

_______________________________________________________
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.07.26.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ray :: AGGIELAND [administrator]
9/4/2013 3:35:50 PM
mbar-log-2013-09-04 (15-35-50).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 266617
Time elapsed: 2 hour(s), 1 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

_________________________________________________

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1440636928
Host not found
Initializing...
=======================================
------------ Kernel report ------------
09/02/2013 21:24:56
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\hiber_WMILIB.SYS
\SystemRoot\system32\drivers\63461599.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8a38c900
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8a3a9ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6eaab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a6ee940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6eaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6ca930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6eaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6ee940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 143508645
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 143605035 Numsec = 9735390
Disk Size: 78518522880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-153336490-153356490)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a38c900, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3a1020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a38c900, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3a9ea0, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 16 Numsec = 7813104
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4000317440 bytes
Sector size: 512 bytes
Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1479725056
=======================================
Initializing...
------------ Kernel report ------------
09/03/2013 11:52:49
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR6
Upper Device Object: 0xffffffff8891e5b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xffffffff8a252838
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a708ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a70b940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a708ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6cb930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a708ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a70b940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 143508645
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 143605035 Numsec = 9735390
Disk Size: 78518522880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-153336490-153356490)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8891e5b8, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88916e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8891e5b8, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a252838, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 16 Numsec = 7813104
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4000317440 bytes
Sector size: 512 bytes
Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1416732672
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1437458432
Host not found
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1403957248
Host not found
Initializing...
=======================================
------------ Kernel report ------------
09/04/2013 14:50:34
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR8
Upper Device Object: 0xffffffff886b7838
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xffffffff8876cea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6f2ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a6f6940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6f2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6ca930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6f2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6f6940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 143508645
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 143605035 Numsec = 9735390
Disk Size: 78518522880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-153336490-153356490)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff886b7838, DeviceName: \Device\Harddisk1\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88802020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff886b7838, DeviceName: \Device\Harddisk1\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8876cea0, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR8\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 16 Numsec = 7813104
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4000317440 bytes
Sector size: 512 bytes
Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1684709376
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2137382912, free: 1427353600
Host not found
=======================================
Initializing...
------------ Kernel report ------------
09/04/2013 15:35:37
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff88cbeab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff88e04548
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6c4ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a6c8940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6c4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6f4930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6c4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6c8940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 143508645
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 143605035 Numsec = 9735390
Disk Size: 78518522880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-153336490-153356490)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff88cbeab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88e642a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff88cbeab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88e04548, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 16 Numsec = 7813104
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4000317440 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_96390_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
crudeoil is offline  
Old 09-05-2013, 05:40 AM   #18
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

The logs are not showing any rootkit, or any other malware. The BSODs you're experiencing may be due to hardware/sofware issues. You might like to have our Windows XP section of the forum to have a look at your BSOD problem. They are the experts in that field and are doing an excellent job. Please tell them that you've been cleared of malware.

Quote:
One thing is that the wi-fi device name Belkin suggested in being used from the drop down list of that particular window maybe the 2wire ATT gateway that I have. At least in checking google, belkin now may have combined with ATT. The only problem to proceed further I need to know the device ownership password.
I'm sorry but we cannot help with passwords. You can contact your ISP and try to reset the router with them. You can also ask for help in the Networking section of the forum. They won't be able to provide you with password help, but see if the issue is something other than password.

Having said that, I would like to check for any missing services.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
amateur is offline  
Old 09-05-2013, 08:53 AM   #19
Registered Member
 
Join Date: May 2012
Posts: 57
OS: Xp



I hope you are sitting down because I am actually repsponding the quickest I have ever. In the past there has been so many interruptions. This time everything fell into place. It was also not a big assignment.

In all seriousness, I am so grateful for your patience and help.

Thank you for letting me know where the other areas of TSF I can check for my wireless connection problem.

The Farbar scan is below:


Farbar Service Scanner Version: 05-09-2013
Ran by Ray (administrator) on 05-09-2013 at 10:41:10
Running from "D:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(11) Gpc(6) IPSec(4) NetBT(12) PSched(7) Tcpip(3) Tcpip6(13)
0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.
**** End of log ****
crudeoil is offline  
Old 09-05-2013, 09:25 AM   #20
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



You're welcome. The services look fine too. As I mentioned earlier, it's time to contact your ISP, and try to resolve the internet connection problem with them.
amateur is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help..xp bsod when i run virus scan.
Hi, this is Troy, i have windows xp with sp3 and i everytime i run a virus scan and have run multiple kinds from windows to maleware bytes...you name it. I get to a point in the scan where i get a blue screen and then computer shuts down. When i run it with out doing a scan the computer stays on....
sootherlol Virus/Trojan/Spyware Help 0 02-18-2013 05:31 PM
IE7 cannot connect with secure sites
Hi...my problem with IE7 may well be part of a bigger problem. However at the moment every time I try to connect with microsoft.com or other M/soft sites I get the message "Internet Explorer cannot display the web page". The same applies with any site resembling anti virus s/ware or other...
raringer Internet Explorer & Edge Forum 6 05-21-2012 11:27 AM
happili.com virus
Hi, I wrote yesterday that believe i have the happili.com virus and cannot remove it. I was told to follow the pre-post instructions. However, I could not run dds.scr. It would open ans tell me to wait. It said the scan should not last more than 3 minutes. But it never ended and I could not close...
sharkfan12 Resolved HJT Threads 23 04-17-2012 12:38 PM
Internet Explorer & Dr.Watson has encountered...
Hello, I can't open most of my folders without my computer freezing up and my computer telling me that "Internet Explorer has encountered a problem and needs to close" and "Dr. Watson Postmortem Debugger has encountered a problem and needs to close". Now, I've been using Google...
JCVerkler Virus/Trojan/Spyware Help 3 11-18-2011 12:27 PM
Probably Phished; Avira scans incomplete; Winpatrol stalls while"verifying startup pr
Hi there, E here. Probably got Phished while signing into redbox.com located via google search vice saved link :( Multiple Avira scans incomplete; Winpatrol stalls while "verifying startup programs" forcing reboot; linking attach.zip to post also froze pc requiring reboot. 2nd attempt at...
ebernheisel Resolved HJT Threads 50 09-29-2011 11:27 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:37 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts