Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Registry repair/still having issues [Solved]


  • This topic is locked This topic is locked
132 replies to this topic

#76 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 06 February 2014 - 11:34 AM

Yep.  That's the easiest way to do it. :thumbup:


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#77 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 01:32 PM

 
System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: BEAU
Windows Drive: C:\
Windows Path: C:\WINDOWS
Current Profile: C:\Documents and Settings\Beaub
Current Profile SID: S-1-5-21-1715567821-884357618-839522115-1004
Current Profile Classes: S-1-5-21-1715567821-884357618-839522115-1004_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Beaub\Local Settings\Application Data
--------------------------------------------------------------------------------
 
Starting Repairs...
   Start (2/7/2014 6:59:39 AM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (2/7/2014 6:59:39 AM)
   Running Repair Under Current User Account
   Done (2/7/2014 6:59:51 AM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (2/7/2014 6:59:51 AM)
   Running Repair Under System Account
   Done (2/7/2014 7:00:53 AM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (2/7/2014 7:00:53 AM)
   Running Repair Under System Account
   Done (2/7/2014 7:01:25 AM)
 
03 - Register System Files
   Start (2/7/2014 7:01:25 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:03:54 AM)
 
04 - Repair WMI
   Start (2/7/2014 7:03:54 AM)
   Running Repair Under Current User Account
   Done (2/7/2014 7:07:32 AM)
 
05 - Repair Windows Firewall
   Start (2/7/2014 7:07:32 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:07:43 AM)
 
06 - Repair Internet Explorer
   Start (2/7/2014 7:07:43 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:09:10 AM)
 
07 - Repair MDAC/MS Jet
   Start (2/7/2014 7:09:10 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:09:25 AM)
 
08 - Repair Hosts File
   Start (2/7/2014 7:09:25 AM)
   Running Repair Under System Account
   Done (2/7/2014 7:09:27 AM)
 
09 - Remove Policies Set By Infections
   Start (2/7/2014 7:09:28 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:09:32 AM)
 
11 - Repair Icons
   Start (2/7/2014 7:09:32 AM)
   Running Repair Under System Account
   Done (2/7/2014 7:09:34 AM)
 
12 - Repair Winsock & DNS Cache
   Start (2/7/2014 7:09:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:09:43 AM)
 
14 - Repair Proxy Settings
   Start (2/7/2014 7:09:43 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:09:48 AM)
 
16 - Repair Windows Updates
   Start (2/7/2014 7:09:48 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:10:15 AM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (2/7/2014 7:10:15 AM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (2/7/2014 7:10:15 AM)
 
18 - Repair Volume Shadow Copy Service
   Start (2/7/2014 7:10:15 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:10:32 AM)
 
20 - Repair MSI (Windows Installer)
   Start (2/7/2014 7:10:32 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:10:47 AM)
 
22.01 - Repair bat Association
   Start (2/7/2014 7:10:47 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:10:51 AM)
 
22.02 - Repair cmd Association
   Start (2/7/2014 7:10:51 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:10:56 AM)
 
22.03 - Repair com Association
   Start (2/7/2014 7:10:56 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:01 AM)
 
22.04 - Repair Directory Association
   Start (2/7/2014 7:11:01 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:05 AM)
 
22.05 - Repair Drive Association
   Start (2/7/2014 7:11:05 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:10 AM)
 
22.06 - Repair exe Association
   Start (2/7/2014 7:11:10 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:16 AM)
 
22.07 - Repair Folder Association
   Start (2/7/2014 7:11:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:21 AM)
 
22.08 - Repair inf Association
   Start (2/7/2014 7:11:21 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:26 AM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (2/7/2014 7:11:26 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:30 AM)
 
22.10 - Repair msc Association
   Start (2/7/2014 7:11:30 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:35 AM)
 
22.11 - Repair reg Association
   Start (2/7/2014 7:11:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:40 AM)
 
22.12 - Repair scr Association
   Start (2/7/2014 7:11:40 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:44 AM)
 
23 - Repair Windows Safe Mode
   Start (2/7/2014 7:11:44 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:11:49 AM)
 
24 - Repair Print Spooler
   Start (2/7/2014 7:11:49 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:12:00 AM)
 
25 - Restore Important Windows Services
   Start (2/7/2014 7:12:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:12:04 AM)
 
26 - Set Windows Services To Default Startup
   Start (2/7/2014 7:12:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/7/2014 7:12:19 AM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (2/7/2014 7:12:19 AM)
   Total Repair Time: 00:12:40
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account


#78 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 February 2014 - 01:39 PM

Great.  As it was going through the SFC procedure (that's the part where it wanted the disk) did it find any files that needed restored?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#79 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 01:45 PM

I'm not sure. I put it running and left for work.



#80 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 February 2014 - 01:47 PM

No problem.

 

Please run me a new set of DDS logs.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#81 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 01:53 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 12/30/2009 8:29:26 AM
System Uptime: 2/7/2014 1:44:18 PM (0 hours ago)
.
Motherboard: Dell Inc |  | 0UW457
Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2  | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 28.982 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.007 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 1669.267 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3008: 12/28/2013 4:00:24 AM - Software Distribution Service 3.0
RP3009: 12/29/2013 4:00:22 AM - Software Distribution Service 3.0
RP3010: 12/29/2013 4:18:54 AM - Software Distribution Service 3.0
RP3011: 12/29/2013 11:30:04 PM - Software Distribution Service 3.0
RP3012: 12/30/2013 4:00:21 AM - Software Distribution Service 3.0
RP3013: 12/31/2013 4:08:10 AM - Software Distribution Service 3.0
RP3014: 12/31/2013 10:33:08 AM - Software Distribution Service 3.0
RP3015: 1/1/2014 4:00:19 AM - Software Distribution Service 3.0
RP3016: 1/2/2014 4:00:21 AM - Software Distribution Service 3.0
RP3017: 1/2/2014 4:17:24 AM - Software Distribution Service 3.0
RP3018: 1/3/2014 4:00:24 AM - Software Distribution Service 3.0
RP3019: 1/4/2014 4:00:21 AM - Software Distribution Service 3.0
RP3020: 1/4/2014 4:16:47 AM - Software Distribution Service 3.0
RP3021: 1/5/2014 4:00:19 AM - Software Distribution Service 3.0
RP3022: 1/5/2014 10:47:58 AM - Software Distribution Service 3.0
RP3023: 1/6/2014 3:15:54 AM - Software Distribution Service 3.0
RP3024: 1/6/2014 4:13:43 AM - Software Distribution Service 3.0
RP3025: 1/7/2014 4:07:09 AM - Software Distribution Service 3.0
RP3026: 1/8/2014 4:06:49 AM - Software Distribution Service 3.0
RP3027: 1/8/2014 6:56:36 PM - Software Distribution Service 3.0
RP3028: 1/9/2014 4:07:10 AM - Software Distribution Service 3.0
RP3029: 1/10/2014 4:07:47 AM - Software Distribution Service 3.0
RP3030: 1/10/2014 1:23:43 PM - Software Distribution Service 3.0
RP3031: 1/11/2014 4:02:37 AM - Software Distribution Service 3.0
RP3032: 1/11/2014 6:37:20 PM - Software Distribution Service 3.0
RP3033: 1/12/2014 9:28:08 AM - Software Distribution Service 3.0
RP3034: 1/12/2014 5:05:21 PM - System Checkpoint
RP3035: 1/12/2014 11:04:42 PM - Software Distribution Service 3.0
RP3036: 1/13/2014 4:00:18 AM - Software Distribution Service 3.0
RP3037: 1/14/2014 4:00:19 AM - Software Distribution Service 3.0
RP3038: 1/14/2014 4:16:36 AM - Software Distribution Service 3.0
RP3039: 1/15/2014 4:00:30 AM - Software Distribution Service 3.0
RP3040: 1/16/2014 4:06:27 AM - Software Distribution Service 3.0
RP3041: 1/16/2014 9:20:10 PM - Software Distribution Service 3.0
RP3042: 1/17/2014 4:00:19 AM - Software Distribution Service 3.0
RP3043: 1/18/2014 4:00:20 AM - Software Distribution Service 3.0
RP3044: 1/18/2014 4:17:55 AM - Software Distribution Service 3.0
RP3045: 1/19/2014 4:00:24 AM - Software Distribution Service 3.0
RP3046: 1/19/2014 10:57:18 PM - Software Distribution Service 3.0
RP3047: 1/20/2014 4:00:19 AM - Software Distribution Service 3.0
RP3048: 1/21/2014 4:00:18 AM - Software Distribution Service 3.0
RP3049: 1/21/2014 4:16:10 AM - Software Distribution Service 3.0
RP3050: 1/22/2014 4:00:18 AM - Software Distribution Service 3.0
RP3051: 1/23/2014 4:00:20 AM - Software Distribution Service 3.0
RP3052: 1/23/2014 4:17:06 AM - Software Distribution Service 3.0
RP3053: 1/24/2014 4:06:45 AM - Software Distribution Service 3.0
RP3054: 1/24/2014 7:24:26 AM - Software Distribution Service 3.0
RP3055: 1/25/2014 4:06:23 AM - Software Distribution Service 3.0
RP3056: 1/25/2014 7:33:15 AM - Software Distribution Service 3.0
RP3057: 1/26/2014 8:45:07 AM - Software Distribution Service 3.0
RP3058: 1/26/2014 9:04:18 AM - Software Distribution Service 3.0
RP3059: 1/26/2014 11:23:41 PM - Software Distribution Service 3.0
RP3060: 1/27/2014 4:00:18 AM - Software Distribution Service 3.0
RP3061: 1/28/2014 4:00:19 AM - Software Distribution Service 3.0
RP3062: 1/28/2014 4:16:35 AM - Software Distribution Service 3.0
RP3063: 1/29/2014 4:00:22 AM - Software Distribution Service 3.0
RP3064: 1/30/2014 4:00:19 AM - Software Distribution Service 3.0
RP3065: 1/30/2014 4:17:12 AM - Software Distribution Service 3.0
RP3066: 1/31/2014 7:22:21 AM - System Checkpoint
RP3067: 1/31/2014 7:16:56 PM - Malwarebytes Anti-Rootkit Restore Point
RP3068: 2/1/2014 4:00:17 AM - Software Distribution Service 3.0
RP3069: 2/1/2014 3:34:09 PM - Software Distribution Service 3.0
RP3070: 2/2/2014 4:00:18 AM - Software Distribution Service 3.0
RP3071: 2/2/2014 7:46:05 PM - Software Distribution Service 3.0
RP3072: 2/2/2014 11:20:35 PM - Software Distribution Service 3.0
RP3073: 2/3/2014 4:00:18 AM - Software Distribution Service 3.0
RP3074: 2/4/2014 4:00:18 AM - Software Distribution Service 3.0
RP3075: 2/4/2014 4:16:48 AM - Software Distribution Service 3.0
RP3076: 2/5/2014 4:00:17 AM - Software Distribution Service 3.0
RP3077: 2/6/2014 4:00:17 AM - Software Distribution Service 3.0
RP3078: 2/6/2014 4:16:07 AM - Software Distribution Service 3.0
RP3079: 2/7/2014 4:00:22 AM - Software Distribution Service 3.0
RP3080: 2/7/2014 6:55:37 AM - Software Distribution Service 3.0
RP3081: 2/7/2014 6:58:34 AM - Tweaking.com - Windows Repair
RP3082: 2/7/2014 6:59:08 AM - Tweaking.com - Windows Repair
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.2 (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player 12 ActiveX
Adobe Photoshop 7.0
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AI-Aircraft Editor Version 2.1.0.23
AIO_Scan
AMR to MP3 Converter 1.4
AnyToISO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Mover
ArcSoft Panorama Maker 4
ASPCA Reminder by We-Care.com v4.1.22.1
Athlon 64 Processor Driver
Avanquest update
AviSynth 2.5
Bing Bar
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
BufferChm
C5200
C5200_doccd
c5200_Help
CardRd81
CCleaner
CCScore
ClipGrab 3.3.0.2
Compatibility Pack for the 2007 Office system
Content Transfer
Copy
CR2
Critical Security Update
CustomerResearchQFolder
CutePDF Writer 3.0
Dealio Toolbar v8.2
Defraggler
Delta Force - Black Hawk Down
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
EditVoicepack
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Expstudio Audio Editor FREE
Fax
File Uploader
Fisher-Price Photo Software
Flight Deck 6 for FS2004
Free M4a to MP3 Converter 7.1
Free Mp3 Wma Converter V 1.9
Glary Utilities 4.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Officejet 6700 Product Improvement Study
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
I.R.I.S. OCR
iTunes
Java Auto Updater
Java™ 6 Update 21
K-Lite Codec Pack 7.0.0 (Standard)
KATL Atlanta
KEDDS
Kodak EasyShare digital display software
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Military AI Works - RAF Lakenheath 48th FW 
MobileMe Control Panel
Motorola Driver Installation 4.5.0
Mouse Suite for Desktop Computers
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASCAR® Racing 2007 Season
netbrdg
Nikon Message Center
Nikon Transfer
NNC Series Mod
NRatings
NVIDIA Drivers
OfotoXMI
PanoStandAlone
PGA Championship Golf 2000
Picasa 3
Prop-Liners Collection
PS Panels 737NG Version 1.1
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Scan
Secunia PSI (3.0.0.9015)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982802)
SFR
SHASTA
SigmaTel Audio
SimCity 2000® Special Edition
skin0001
SKINXSDK
SolutionCenter
Sonic Activation Module
Spy Sweeper
staticcr
Status
swMSM
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toolbox
tooltips
TrayApp
Tweaking.com - Windows Repair (All in One)
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB971029)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WD SmartWare
WebFldrs XP
WebReg
WinDirStat 1.1.2
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.1.2
WinX Free AVI to WMV Converter 4.0.15
WinX Free FLV to MP3 Converter 2.0.7
WinX Free FLV to WMV Converter 4.1.9
WinX Free MOV to MP4 Converter 4.1.11
WinX Free MOV to WMV Converter 4.1.11
WinX Free MP4 to AVI Converter 4.1.12
WinX Free MP4 to WMV Converter 4.1.10
WinZip 14.5
WIRELESS
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
2/3/2014 1:55:45 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
2/1/2014 4:06:23 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).
2/1/2014 4:06:23 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).
2/1/2014 4:04:16 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
2/1/2014 4:01:03 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).
2/1/2014 3:21:08 PM, error: sptd [4]  - Driver detected an internal error in its data structures for .
2/1/2014 10:10:00 AM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  General access denied error
1/31/2014 8:40:00 PM, error: Schedule [7901]  - The At2.job command failed to start due to the following error:  General access denied error
1/31/2014 7:19:37 PM, error: Service Control Manager [7000]  - The Process creation detector. service failed to start due to the following error:  The system cannot find the file specified.
1/31/2014 7:19:36 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  atapi PCIIde
1/31/2014 7:19:23 PM, error: Print [23]  - Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.
1/31/2014 7:17:00 PM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  Access is denied.
1/31/2014 6:21:39 AM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/31/2014 2:00:00 PM, error: Schedule [7901]  - The At4.job command failed to start due to the following error:  General access denied error
1/31/2014 1:14:00 PM, error: Schedule [7901]  - The At3.job command failed to start due to the following error:  General access denied error
.
==== End Of File ===========================
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Beaub at 13:52:22 on 2014-02-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.1082 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Glary Utilities 4\Integrator.exe
C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [FPPhotoMiddleWare] c:\program files\fisher-price\photo software\util\Fisher-Price Photo Software Middleware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BackupNoCDBurning = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262200055895
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369003957641
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{67A097C5-EA5A-4A00-B984-FC00705A6157} : DHCPNameServer = 192.168.2.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\beaub\application data\mozilla\firefox\profiles\0ixibutj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2013-11-29 13504]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 214696]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-6 37664]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-29 16512]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-8-20 30464]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys --> c:\windows\system32\drivers\revoflt.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-9 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
.
=============== Created Last 30 ================
.
2014-02-07 19:43:25 115880 ------w- c:\windows\system32\pxinsi64.exe
2014-02-07 19:43:25 114856 ------w- c:\windows\system32\pxcpyi64.exe
2014-02-07 19:36:23 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14c7d5c5-c9b0-4206-8dac-7bf61bdedc48}\mpengine.dll
2014-02-07 12:56:27 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2014-02-07 12:56:24 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2014-02-07 12:56:22 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2014-02-07 12:56:19 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2014-02-07 12:56:15 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2014-02-07 12:56:06 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2014-02-07 12:56:02 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2014-02-07 12:56:01 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2014-02-07 12:55:57 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2014-02-07 12:55:56 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2014-02-07 12:55:55 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2014-02-07 12:55:33 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2014-02-07 12:55:27 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2014-02-07 12:55:23 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2014-02-07 12:55:16 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2014-02-07 12:55:11 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2014-02-07 12:55:08 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2014-02-07 12:55:03 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2014-02-07 12:55:02 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2014-02-07 12:55:01 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2014-02-07 12:53:57 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2014-02-07 12:52:59 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2014-02-07 12:51:59 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2014-02-07 12:50:59 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2014-02-07 12:49:59 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2014-02-07 12:48:58 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2014-02-07 12:47:59 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2014-02-07 12:46:59 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2014-02-07 12:45:59 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2014-02-07 12:44:54 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2014-02-07 12:43:57 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2014-02-07 12:42:57 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2014-02-07 12:41:59 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2014-02-07 12:40:59 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2014-02-07 12:39:57 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2014-02-07 12:38:51 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2014-02-07 12:37:53 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2014-02-07 12:36:58 101376 -c--a-w- c:\windows\system32\dllcache\hpgt34.dll
2014-02-07 12:35:58 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2014-02-07 12:34:59 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys
2014-02-07 12:33:59 26698 -c--a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2014-02-07 12:32:59 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys
2014-02-06 10:16:10 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-03 19:17:54 -------- d-----w- c:\documents and settings\all users\application data\Doctor Web
2014-02-03 19:17:53 -------- d-----w- c:\documents and settings\beaub\Doctor Web
2014-02-01 21:14:11 -------- d-----w- c:\program files\Tweaking.com
2014-02-01 16:16:48 -------- d-----w- C:\FRST
2014-01-31 19:07:02 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-31 19:02:01 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-31 03:59:24 98816 ----a-w- c:\windows\sed.exe
2014-01-31 03:59:24 256000 ----a-w- c:\windows\PEV.exe
2014-01-31 03:59:24 208896 ----a-w- c:\windows\MBR.exe
2014-01-26 03:35:34 -------- d-----w- c:\program files\CCleaner
2014-01-17 03:23:22 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M  ====================
.
2014-01-24 21:27:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-24 21:27:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-11 09:01:26 9272200 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 19:25:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-19 03:57:02 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-11-18 01:18:34 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-12 20:33:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-52 -> Harddisk0\DR0 -> \Device\00000063 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A4975D0]<< 
_asm { MOV EAX, 0x8a4974f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a439b9c; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\Harddisk0\DR0[0x8A43A8D8]
\Driver\Disk[0x8A436A60] -> IRP_MJ_CREATE -> 0x8A4975D0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8a4975d0
user & kernel MBR OK 
Warning: possible MBR rootkit infection !
.
============= FINISH: 13:54:30.26 ===============
 


#82 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 February 2014 - 02:36 PM

I believe things are OK now... let's run a double check.

 

MBRCheck
Please download MBRCheck.exe to your desktop.
 

  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#83 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 05:00 PM

mbr check.JPG



#84 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 05:01 PM

not sure if this is an unknown bootcode or not??



#85 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 February 2014 - 05:07 PM

Nope.  It appears to me to say "Windows XP MBR code detected"... which is a good thing.  I don't know why gmer's tool keeps saying there might be a MBR problem with ntkrnlpa.exem but it seems to check out fine.

 

How are things running now?   If you haven't done so, give it a test drive and then let me know.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#86 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 05:09 PM

MBRCheck, version 1.2.3
© 2010, AD
 
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005c
 
Kernel Drivers (total 140):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F79000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB9F68000 pci.sys
  0xBA0A8000 isapnp.sys
  0xB9E95000 sptd.sys
  0xB9E7D000 \WINDOWS\System32\Drivers\SPTD4733.SYS
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA0B8000 MountMgr.sys
  0xB9E5E000 ftdisk.sys
  0xBA330000 PartMgr.sys
  0xBA0C8000 VolSnap.sys
  0xB9E46000 atapi.sys
  0xB9E2C000 nvata.sys
  0xBA338000 cercsr6.sys
  0xB9E14000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
  0xBA0D8000 disk.sys
  0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9DF4000 fltmgr.sys
  0xB9DE2000 sr.sys
  0xB9DB2000 MpFilter.sys
  0xB9D9C000 DRVMCDB.SYS
  0xBA0F8000 PxHelp20.sys
  0xB9D85000 KSecDD.sys
  0xB9D72000 WudfPf.sys
  0xB9CE5000 Ntfs.sys
  0xB9CB8000 NDIS.sys
  0xB9C9E000 Mup.sys
  0xBA5AC000 BootDefragDriver.sys
  0xBA218000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xB8DFB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB8DE7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xBA3C0000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xB8DC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xBA228000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xBA238000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA248000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB8DA0000 \SystemRoot\system32\DRIVERS\ks.sys
  0xBA3D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xBA258000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
  0xB8D6C000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
  0xB8C6D000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
  0xB8BC6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xBA3D8000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB8B9E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xBA7CA000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB94D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB9C5A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB8B87000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB94C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB94B6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB8B76000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB94A6000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xBA3F0000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB9496000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xBA3F8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA5F2000 \SystemRoot\system32\DRIVERS\serscan.sys
  0xBA5F4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB8B18000 \SystemRoot\system32\DRIVERS\update.sys
  0xB9C52000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB8994000 \SystemRoot\system32\drivers\sthda.sys
  0xB8970000 \SystemRoot\system32\drivers\portcls.sys
  0xB9486000 \SystemRoot\system32\drivers\drmk.sys
  0xB9476000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB9466000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xBA604000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0xBA606000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA710000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA608000 \SystemRoot\System32\Drivers\Beep.SYS
  0xBA428000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0xB9446000 \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
  0xBA430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xBA438000 \SystemRoot\System32\drivers\vga.sys
  0xBA60A000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA60C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB91DE000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB6378000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB631F000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB62F7000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB91DA000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xB62D5000 \SystemRoot\System32\drivers\afd.sys
  0xBA278000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xBA450000 \SystemRoot\System32\Drivers\StarOpen.SYS
  0xB62AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB6212000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB61EC000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xBA2A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xBA458000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xBA570000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0xBA460000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xBA468000 \SystemRoot\system32\DRIVERS\HPZius12.sys
  0xBA470000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xBA158000 \SystemRoot\system32\DRIVERS\HPZid412.sys
  0xBA574000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
  0xBA578000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xBA188000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xBA580000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xBA584000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xBA1B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB610A000 \SystemRoot\System32\Drivers\dump_nvata.sys
  0xBA61A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB9C6E000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA490000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA735000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBF45C000 \SystemRoot\System32\ATMFD.DLL
  0xB616C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0xBA7F2000 \SystemRoot\System32\DLA\DLADResM.SYS
  0xB51AA000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0xBA4A8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0xBA620000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0xBA4B0000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0xBA348000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0xB5194000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0xB517D000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xB509D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB3E48000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB4FAD000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB3709000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB3832000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xB3689000 \SystemRoot\system32\DRIVERS\srv.sys
  0xBA488000 \SystemRoot\system32\drivers\npf.sys
  0xBA4A0000 \??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\mbr.sys
  0xB397A000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14C7D5C5-C9B0-4206-8DAC-7BF61BDEDC48}\MpKsl233f5647.sys
  0xAF4D3000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll
 
Processes (total 51):
       0 System Idle Process
       4 System
     388 C:\WINDOWS\system32\smss.exe
     436 csrss.exe
     460 C:\WINDOWS\system32\winlogon.exe
     504 C:\WINDOWS\system32\services.exe
     516 C:\WINDOWS\system32\lsass.exe
     676 C:\WINDOWS\system32\svchost.exe
     736 svchost.exe
     800 C:\Program Files\Microsoft Security Client\MsMpEng.exe
     840 C:\WINDOWS\system32\svchost.exe
     884 C:\WINDOWS\system32\svchost.exe
    1060 svchost.exe
    1108 svchost.exe
    1196 C:\WINDOWS\system32\spoolsv.exe
    1444 C:\WINDOWS\explorer.exe
    1552 C:\Program Files\Creative\Mixer\CTSVolFE.exe
    1568 C:\Program Files\Glary Utilities 4\Integrator.exe
    1584 C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe
    1604 C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    1640 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    1696 C:\Program Files\real\realplayer\Update\realsched.exe
    1748 C:\Program Files\iTunes\iTunesHelper.exe
    1756 C:\Program Files\Microsoft Security Client\msseces.exe
    1776 C:\WINDOWS\system32\ctfmon.exe
    1888 C:\Program Files\WinZip\WZQKPICK.EXE
     796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1024 C:\Program Files\Bonjour\mDNSResponder.exe
     992 C:\WINDOWS\system32\svchost.exe
    1076 C:\Program Files\Google\Update\GoogleUpdate.exe
    1964 C:\WINDOWS\system32\svchost.exe
    1992 C:\Program Files\Java\jre7\bin\jqs.exe
    2096 C:\WINDOWS\system32\svchost.exe
    2284 C:\WINDOWS\system32\nvsvc32.exe
    2300 C:\WINDOWS\system32\svchost.exe
    2324 C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2336 C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2416 C:\Program Files\Secunia\PSI\sua.exe
    2624 C:\WINDOWS\system32\svchost.exe
    2636 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    2688 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    2776 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    2872 wmpnetwk.exe
    3348 C:\Program Files\iPod\bin\iPodService.exe
    3728 alg.exe
    3336 C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2464 C:\WINDOWS\system32\wuauclt.exe
    1104 C:\WINDOWS\system32\notepad.exe
    2536 C:\WINDOWS\system32\notepad.exe
     376 C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
     704 C:\Documents and Settings\Beaub\Desktop\MBRCheck.exe
 
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000  (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
 
PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-52
PhysicalDrive1 Model Number: WDCWD20EZRX-00D8PB0, Rev: 80.00A80
 
      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
   1863 GB  \\.\PhysicalDrive1   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
 
 
Done!


#87 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 05:10 PM

It does seem to be running better



#88 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 February 2014 - 05:30 PM

I think we are finally ready to clean you up and let you get back to your regularly scheduled life.

 

Time for some housekeeping

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox  and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Combofix_uninstall_image.jpg

The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

 

Clean up with delfix:

  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process


Please re-enable any security that was disabled.

 

If you have any tools or logs left... just delete them.

 

The following is my standard advice for the future.  Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing.  Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware" 
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions.  Otherwise, this thread will be closed Resolved.  :thumbup:
 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#89 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 07 February 2014 - 05:48 PM

I have read and understand.

I happen to put in a thumb drive to see if that issue was fixed, and nothing. No detection that it is there???



#90 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 February 2014 - 06:40 PM

Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
    Copy and Paste everything from the Quote box into Notepad:

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    "UpperFilters"=-
    "LowerFilters"=-


    Make sure there are NO blank lines before REGEDIT4

    Go to File > Save As
    Save File name as Fix.reg
    Change Save as Type to All Files and save the file to your desktop.

    Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.
After reboot, let me know if it can now see your thumb drive.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users