Inactive Poor perfromance - various issues

Status
Not open for further replies.
J

JAllman

Posts: 17   +0
The PC is acting buggy again. It locks up frequently, sometimes it boots up to no icons on the desktop. I get an error about high memory use by svchost.exe

I appreciate any help you can offer. Here are the logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6174

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/26/2011 10:08:47 AM
mbam-log-2011-03-26 (10-08-47).txt

Scan type: Quick scan
Objects scanned: 204584
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-27 19:10:19
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3200822AS rev.3.02
Running: lzcgnt2n.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ugldipow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A32C27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A32C27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A32C27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A32C27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-1b 8A32C27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-13 8A32C27F
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskST3200822AS_____________________________3.02____#5&22185c32&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 19:16:16.06 on Sun 03/27/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407.947 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mianotes5.notes.assurant.com/dwa85W.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mianotes5.notes.assurant.com/iNotes6W.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mianotes5.notes.assurant.com/dwa8W.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
Filter: text/html - {658bb697-7be1-4711-9739-4f7f78ea3636} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 63.135.80.49 ilovemrsyoubear.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\13zt6r9k.default user\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1205000.07d\symds.sys [2010-12-27 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1205000.07d\symefa.sys [2010-12-27 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-14 800376]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1205000.07d\ironx86.sys [2010-12-27 136312]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.5.0.125\ccsvchst.exe [2010-12-27 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110325.001\IDSXpx86.sys [2011-3-25 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110327.001\NAVENG.SYS [2011-3-27 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110327.001\NAVEX15.SYS [2011-3-27 1360760]
.
=============== Created Last 30 ================
.
2011-03-25 04:15:17 -------- d-----w- C:\TDSSKiller_Quarantine
2011-03-25 02:22:50 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2009-10-02 02:56:25 13899 ----a-w- c:\program files\common files\xikikoli.bin
2009-10-02 02:56:25 13567 ----a-w- c:\program files\common files\roryruni.exe
2009-10-02 02:56:25 13317 ----a-w- c:\program files\common files\zacaji.reg
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200822AS rev.3.02 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A32C439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a3327d0]; MOV EAX, [0x8a33284c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\Harddisk0\DR0[0x8A34BAB8]
3 CLASSPNP[0xBA90905B] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\00000060[0x8A350F18]
5 ACPI[0xBA77F620] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> [0x8A361D98]
\Driver\atapi[0x8A3901C0] -> IRP_MJ_CREATE -> 0x8A32C439
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskST3200822AS_____________________________3.02____#5&22185c32&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A32C27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:18:01.06 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/25/2008 10:21:21 AM
System Uptime: 3/27/2011 6:59:25 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 180 GiB total, 121.658 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.998 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP584: 12/27/2010 6:38:02 PM - System Checkpoint
RP585: 12/29/2010 10:14:56 AM - System Checkpoint
RP586: 12/30/2010 10:47:00 AM - System Checkpoint
RP587: 12/31/2010 4:41:34 PM - System Checkpoint
RP588: 1/1/2011 5:28:15 PM - System Checkpoint
RP589: 1/5/2011 8:27:46 PM - System Checkpoint
RP590: 1/6/2011 9:31:43 PM - System Checkpoint
RP591: 1/8/2011 8:55:30 AM - System Checkpoint
RP592: 1/9/2011 3:01:27 PM - System Checkpoint
RP593: 1/10/2011 7:48:44 PM - System Checkpoint
RP594: 1/11/2011 8:16:01 PM - System Checkpoint
RP595: 1/12/2011 9:08:27 PM - System Checkpoint
RP596: 1/14/2011 2:16:34 PM - System Checkpoint
RP597: 1/15/2011 3:17:21 PM - System Checkpoint
RP598: 1/16/2011 5:09:29 PM - System Checkpoint
RP599: 1/17/2011 6:23:49 PM - System Checkpoint
RP600: 1/23/2011 8:27:27 PM - System Checkpoint
RP601: 1/24/2011 9:06:11 PM - System Checkpoint
RP602: 1/26/2011 6:46:39 PM - System Checkpoint
RP603: 1/27/2011 7:32:33 PM - System Checkpoint
RP604: 1/29/2011 11:12:21 AM - System Checkpoint
RP605: 1/30/2011 7:21:27 PM - System Checkpoint
RP606: 2/3/2011 12:09:24 PM - System Checkpoint
RP607: 2/4/2011 1:07:30 PM - System Checkpoint
RP608: 2/5/2011 2:26:27 PM - System Checkpoint
RP609: 2/6/2011 3:07:42 PM - System Checkpoint
RP610: 2/7/2011 3:14:50 PM - System Checkpoint
RP611: 2/8/2011 5:39:46 PM - System Checkpoint
RP612: 2/9/2011 7:03:00 PM - System Checkpoint
RP613: 2/10/2011 7:30:56 PM - System Checkpoint
RP614: 2/12/2011 11:40:50 AM - System Checkpoint
RP615: 2/13/2011 12:17:38 PM - System Checkpoint
RP616: 2/18/2011 6:59:45 PM - System Checkpoint
RP617: 2/19/2011 7:15:45 PM - System Checkpoint
RP618: 2/20/2011 8:07:40 PM - System Checkpoint
RP619: 2/21/2011 8:42:17 PM - System Checkpoint
RP620: 2/22/2011 8:44:56 PM - System Checkpoint
RP621: 2/23/2011 8:46:46 PM - System Checkpoint
RP622: 2/25/2011 11:56:59 AM - System Checkpoint
RP623: 2/26/2011 6:32:46 PM - System Checkpoint
RP624: 2/27/2011 6:53:30 PM - System Checkpoint
RP625: 2/28/2011 8:32:52 PM - System Checkpoint
RP626: 3/5/2011 5:03:26 PM - System Checkpoint
RP627: 3/6/2011 5:18:55 PM - System Checkpoint
RP628: 3/8/2011 7:45:12 AM - System Checkpoint
RP629: 3/16/2011 6:04:37 PM - System Checkpoint
RP630: 3/19/2011 6:50:30 AM - System Checkpoint
RP631: 3/20/2011 8:00:43 PM - System Checkpoint
RP632: 3/26/2011 10:26:46 AM - System Checkpoint
RP633: 3/27/2011 5:44:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Compaq Connections
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Compaq (remove only)
D-Link VGA Webcam
Final Drive Nitro from Compaq (remove only)
Help and Support Additions
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet 3840
HP Help and Support 4.0
HP Software Update
HpSdpAppCoreApp
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
KBD
Lexibox Deluxe from Compaq (remove only)
LightScribe System Software 1.17.90.1
Malwarebytes' Anti-Malware
Meeting Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MLB.TV NexDef Plug-in
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Overball from Compaq (remove only)
PC-Doctor for Windows
Phoenix Assault from Compaq (remove only)
Pinnacle Instant DVD Recorder
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shooting Stars Pool from Compaq (remove only)
SiS VGA Utilities
Slyder from Compaq (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpySubtract
Super Granny from Compaq (remove only)
Tradewinds from Compaq (remove only)
TVAnts 1.0
TVUPlayer 2.5.2.2
Update for Windows XP (KB898461)
Update for Windows XP (KB927891)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
.
==== Event Viewer Messages From Past Week ========
.
3/25/2011 7:26:05 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
3/24/2011 11:15:50 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
I'll say Welcome back- but you'd probably rather not be in this forum! It's been several months.

Good indication of a rootkit!
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
=====================================
There are only 2 threads on the internet with Host: ilovemrsyoubear.com> this one and your from last Novemver! And the IP is for My Space?
 
Yes, I wish I didnt have to come back here. Anyway, the help was great last time and I am impressed with the quick response again.

what exactly does Host: ilovemrsyoubear.com mean?

Any, here is the log from TDSKiller. I guess it quarantined a root kit

2011/03/27 21:02:22.0625 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2011/03/27 21:02:22.0625 ================================================================================
2011/03/27 21:02:22.0625 SystemInfo:
2011/03/27 21:02:22.0625
2011/03/27 21:02:22.0625 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/27 21:02:22.0625 Product type: Workstation
2011/03/27 21:02:22.0625 ComputerName: HOME
2011/03/27 21:02:22.0625 UserName: Compaq_Owner
2011/03/27 21:02:22.0625 Windows directory: C:\WINDOWS
2011/03/27 21:02:22.0625 System windows directory: C:\WINDOWS
2011/03/27 21:02:22.0625 Processor architecture: Intel x86
2011/03/27 21:02:22.0625 Number of processors: 1
2011/03/27 21:02:22.0625 Page size: 0x1000
2011/03/27 21:02:22.0625 Boot type: Normal boot
2011/03/27 21:02:22.0625 ================================================================================
2011/03/27 21:02:23.0921 Initialize success
2011/03/27 21:02:29.0734 ================================================================================
2011/03/27 21:02:29.0734 Scan started
2011/03/27 21:02:29.0734 Mode: Manual;
2011/03/27 21:02:29.0734 ================================================================================
2011/03/27 21:02:30.0859 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/27 21:02:31.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/27 21:02:31.0609 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/03/27 21:02:31.0890 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/27 21:02:32.0531 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/27 21:02:34.0437 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/27 21:02:35.0546 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/03/27 21:02:35.0968 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/27 21:02:36.0859 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/27 21:02:37.0109 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/27 21:02:37.0578 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/27 21:02:37.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/27 21:02:38.0046 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/27 21:02:38.0406 BHDrvx86 (32d6e07922d17bed40ae746fc86b8a68) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/03/27 21:02:39.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/27 21:02:39.0406 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/27 21:02:39.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/27 21:02:40.0078 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/27 21:02:40.0296 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/27 21:02:41.0562 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
2011/03/27 21:02:41.0828 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/27 21:02:42.0281 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/27 21:02:42.0812 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/27 21:02:43.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/27 21:02:43.0312 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/27 21:02:43.0734 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/27 21:02:43.0968 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/27 21:02:44.0328 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
2011/03/27 21:02:44.0484 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/27 21:02:44.0859 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/27 21:02:45.0125 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/03/27 21:02:45.0406 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/27 21:02:45.0640 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
2011/03/27 21:02:45.0968 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/27 21:02:46.0187 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/27 21:02:46.0453 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/27 21:02:46.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/27 21:02:47.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/27 21:02:47.0281 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/03/27 21:02:47.0515 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/27 21:02:47.0843 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/27 21:02:48.0078 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/27 21:02:48.0578 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/27 21:02:49.0468 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/27 21:02:49.0703 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110325.001\IDSxpx86.sys
2011/03/27 21:02:50.0156 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/27 21:02:50.0593 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/27 21:02:51.0046 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/27 21:02:51.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/27 21:02:51.0500 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/27 21:02:51.0781 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/27 21:02:52.0046 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/27 21:02:52.0265 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/27 21:02:52.0484 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/27 21:02:52.0734 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/27 21:02:53.0031 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/27 21:02:53.0312 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/27 21:02:53.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/27 21:02:54.0015 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/27 21:02:54.0218 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/27 21:02:54.0453 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/27 21:02:54.0687 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/27 21:02:54.0953 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/03/27 21:02:55.0484 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/27 21:02:55.0859 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/27 21:02:56.0218 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/27 21:02:56.0437 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/27 21:02:56.0640 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/27 21:02:56.0843 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/27 21:02:57.0078 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/27 21:02:57.0312 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/27 21:02:57.0578 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/27 21:02:57.0859 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/27 21:02:58.0078 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110327.001\NAVENG.SYS
2011/03/27 21:02:58.0515 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110327.001\NAVEX15.SYS
2011/03/27 21:02:58.0921 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/27 21:02:59.0250 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/27 21:02:59.0515 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/27 21:02:59.0734 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/27 21:02:59.0953 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/27 21:03:00.0187 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/27 21:03:00.0421 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/27 21:03:00.0671 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/27 21:03:00.0937 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/27 21:03:01.0187 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/27 21:03:01.0546 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/27 21:03:01.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/27 21:03:02.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/27 21:03:02.0375 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/27 21:03:02.0625 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/27 21:03:02.0953 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
2011/03/27 21:03:03.0234 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/27 21:03:03.0453 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/27 21:03:03.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/27 21:03:03.0984 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
2011/03/27 21:03:04.0203 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/27 21:03:04.0609 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/27 21:03:04.0859 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/27 21:03:06.0359 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/27 21:03:06.0609 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/27 21:03:06.0859 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/03/27 21:03:07.0093 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/27 21:03:07.0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/27 21:03:07.0531 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/27 21:03:08.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/27 21:03:08.0968 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/27 21:03:09.0187 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/27 21:03:09.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/27 21:03:09.0656 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/27 21:03:09.0906 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/27 21:03:10.0187 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/27 21:03:10.0437 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/27 21:03:10.0687 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/03/27 21:03:10.0921 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
2011/03/27 21:03:11.0156 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/27 21:03:11.0437 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/27 21:03:11.0656 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/27 21:03:11.0859 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/27 21:03:12.0375 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/03/27 21:03:12.0718 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/03/27 21:03:12.0937 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/03/27 21:03:13.0187 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/27 21:03:13.0671 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/27 21:03:13.0937 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/27 21:03:14.0359 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\WINDOWS\System32\Drivers\NAV\1205000.07D\SRTSP.SYS
2011/03/27 21:03:14.0843 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\WINDOWS\system32\drivers\NAV\1205000.07D\SRTSPX.SYS
2011/03/27 21:03:15.0171 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/27 21:03:15.0515 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/27 21:03:15.0734 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/27 21:03:15.0953 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/27 21:03:16.0765 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\WINDOWS\system32\drivers\NAV\1205000.07D\SYMDS.SYS
2011/03/27 21:03:17.0468 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\WINDOWS\system32\drivers\NAV\1205000.07D\SYMEFA.SYS
2011/03/27 21:03:18.0156 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/03/27 21:03:18.0640 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1205000.07D\Ironx86.SYS
2011/03/27 21:03:19.0218 SYMTDI (8c07683bf02b63ad71bcb2cf28af2d06) C:\WINDOWS\System32\Drivers\NAV\1205000.07D\SYMTDI.SYS
2011/03/27 21:03:20.0000 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/27 21:03:20.0328 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/27 21:03:20.0656 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/27 21:03:20.0921 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/27 21:03:21.0187 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/27 21:03:21.0718 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/27 21:03:22.0218 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/27 21:03:22.0484 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/27 21:03:22.0734 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/27 21:03:22.0968 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/27 21:03:23.0218 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/27 21:03:23.0437 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/27 21:03:23.0703 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/27 21:03:23.0906 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/27 21:03:24.0140 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/27 21:03:24.0375 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/27 21:03:24.0609 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/27 21:03:24.0875 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/27 21:03:25.0125 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/27 21:03:25.0359 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/27 21:03:25.0593 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/27 21:03:26.0109 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/27 21:03:26.0375 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/27 21:03:26.0609 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/27 21:03:26.0875 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/27 21:03:27.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/27 21:03:27.0343 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/03/27 21:03:27.0343 ================================================================================
2011/03/27 21:03:27.0343 Scan finished
2011/03/27 21:03:27.0343 ================================================================================
2011/03/27 21:03:27.0359 Detected object count: 1
2011/03/27 21:04:00.0328 \HardDisk0 - quarantined
2011/03/27 21:04:00.0328 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Quarantine
 
Bootkit Remover:

Download bootkitremover.rar and save to your desktop.
  1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
  2. Double-click on the remover.exe file to run the program.
    NOTE: The tool should be run from a command line with Administrator privileges.
  3. Scanning should be completed quickly
  4. Paste the output in your next reply.
remover.jpg

=====================================
We can deal with some of this now, but please read the following:

I reviewed the thread you posted in November, 2010 and I see you deserted it. You were instructed to 'Please Run the ESET Online Scanner and post the ScanLog with your post for assistance'.
There was no reply and the thread should have been closed. With the number of and types of malware found in the Mbam scan on that thread, I would have been tempted to suggest a reformat/reinstall. Although the TDSS and MBR scans came out clean, that only meant that the malware you had wasn't a rootkit- at least not at that time. But because of the multiple infections that were found- although they were quarantined and deleted in Mbam, you most surely would have been instructed to run either Combofix or OTL to look for any remaining entries or other malware.

You posted this on the previous thread:
the system is running much better after malwarebytes found and fixed several infected files.
Click to expand...
Then left the Mbam log with:
Malware
Registry Keys Infected: 4>> (Worm.AutoRun)
Registry Values Infected: 16>> (Hijack.SecurityCenter), (Hijack.ControlPanelStyle), (Backdoor.Bot)
Folders Infected: 7>> Assorted malware & Adware
Files Infected: 17>> (Trojan.Downloader), (Rogue.AntiVirusPro2010), (Rootkit.TDSS), (Torjan.Vundo), other assorted malware & adware.

Security:
1. You had/have Norton Antivirus.
2. You had/have SpySubtract which was renamed to Trend Micro Anti-Spyware 3.0 which has now been discontinued in favor of a new Internet Security Suite.
3. This means you are relying on the Norton AV for security. No firewall, no current anti- malware programs.

Outdated Programs:
1. You had/have Adobe Reader 7.0> outdated, a vulnerability
2. You had/have J2SE Runtime Environment 5.0, Java(TM) 6 Update 7> both outdated, a vulnerability
You have now added Java(TM) 6 Update 22 which is now outdated.
3. You had Mozilla Firefox (3.0.19) and have now updated to Mozilla Firefox (3.6.16)> which is now outdated, a vulnerability [/B]
=======================================
This was found currently and quarantined: Rootkit.Win32.BackBoot.gen(\HardDisk0)
=======================================
So, we make a pact: You follow through with directions I give which will include additional scans and outdated programs get removed and current versions get installed. If you are willing to do this, proceed:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===========================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If you do not plan to follow this through, please let me know and I will close the thread.
 
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`7fe80000

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
C:\Program Files\InterMute\SpySubtract\ssengine.dll probably a variant of Win32/Agent.HVEUCPZ trojan
D:\I386\Apps\APP09527\src\SpyInstall_HPPre.exe probably a variant of Win32/Agent.HVEUCPZ trojan
 
ComboFix 11-03-28.03 - Compaq_Owner 03/28/2011 22:05:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407.1067 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\-1945201032
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\desktop.ini
c:\documents and settings\All Users\Documents\Settings\desktop.ini
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Compaq_Owner\GoToAssistDownloadHelper.exe
C:\install.exe
c:\program files\ISM2
c:\program files\ISM2\dictionary.gz
c:\program files\ISM2\targets.gz
c:\program files\Shared
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\explorer(2).exe
c:\windows\IA
c:\windows\system32\Install.txt
c:\windows\system32\Thumbs.db
c:\windows\tempf.txt
D:\Autorun.inf
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-29 00:52 . 2011-03-29 00:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\NetAssistant
2011-03-29 00:51 . 2011-03-29 00:51 -------- d-----w- c:\program files\Itibiti Soft Phone
2011-03-29 00:51 . 2011-03-29 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder
2011-03-29 00:51 . 2011-03-29 00:51 -------- d-----w- c:\program files\7-Zip
2011-03-29 00:51 . 2011-03-29 00:51 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-03-29 00:50 . 2011-03-29 00:51 -------- d-----w- c:\program files\PriceGong
2011-03-25 04:15 . 2011-03-25 04:15 -------- d-----w- C:\TDSSKiller_Quarantine
2011-03-25 02:22 . 2011-03-25 02:22 -------- d-----w- C:\found.000
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 02:56 . 2009-10-02 02:56 13899 ----a-w- c:\program files\Common Files\xikikoli.bin
2009-10-02 02:56 . 2009-10-02 02:56 13567 ----a-w- c:\program files\Common Files\roryruni.exe
2009-10-02 02:56 . 2009-10-02 02:56 13317 ----a-w- c:\program files\Common Files\zacaji.reg
.
.
------- Sigcheck -------
.
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\Copy of system32\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-04 . F7B47E54AFEA44E21E745A1249D7C384 . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:53 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-05 180269]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 19:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 14:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-18 17:55 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-12-07 05:21 2387968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-01-04 23:54 49152 ----a-w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-05-05 17:48 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 19:31 81920 ----a-w- c:\windows\system32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\symds.sys [12/27/2010 3:58 PM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\symefa.sys [12/27/2010 3:58 PM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [3/14/2011 3:38 PM 800376]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\ironx86.sys [12/27/2010 3:58 PM 136312]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe [12/27/2010 3:58 PM 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/24/2011 8:53 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110325.001\IDSXpx86.sys [3/25/2011 7:50 PM 341944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-07 05:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mianotes5.notes.assurant.com/dwa85W.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\13zt6r9k.Default User\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
MSConfigStartUp-Antivirus Pro 2010 - c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
MSConfigStartUp-iLike - c:\program files\iLike\1.2.16\ilikesidebar.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-mserv - c:\documents and settings\Compaq_Owner\Application Data\svcst.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-svchost - c:\documents and settings\Compaq_Owner\Application Data\svcst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 22:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-28 22:18:04
ComboFix-quarantined-files.txt 2011-03-29 03:17
.
Pre-Run: 130,420,826,112 bytes free
Post-Run: 133,893,578,752 bytes free
.
- - End Of File - - 1BCEDB691F8ED761E5199AB2B69A85A2
 
Okay then! My d... internet went missing- again- then came back up after 4 hours! Sorry- catching up-again!
  • Open Notepad
  • Copy and paste the text in the codebox into Notepad:
Code: 
@ECHO OFF
START 
remover.exe fix  \\.\PhysicalDrive0  
EXIT
  • Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
  • Then in the FILE NAME box type fix.bat.
  • Save fix.bat to your Desktop.
  • Double clicking.Run fix.bat to run.
    You may see a black box appear; this is normal.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

When done, run remover.exe again and post its output.

Do NOT reboot computer!
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\program files\Common Files\xikikoli.bin
c:\program files\Common Files\roryruni.exe
c:\program files\Common Files\zacaji.reg
Folder::
c:\program files\Free Offers from Freeze.com
c:\program files\PriceGong
C:\TDSSKiller_Quarantine
C:\found.000
DDS::
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Hosts: 63.135.80.49 ilovemrsyoubear.com

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :Processes	
D:\I386\Apps\APP09527\src\SpyInstall_HPPre.exe 
:Files  
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe 
C:\Program Files\InterMute\SpySubtract\ssengine.dll 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========================================
Replace the Host Files
==========================================
Give me a few minutes, then go on to next reply.
 
If you did not reboot the computer when finished with previous post:

Part 1. Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Part 2.Show Hidden Folders/Files
  • Right click on Taskbar> Explore to open Windows Explorer
  • Go to Tools > Folder Options.
  • Select the View tab.
  • Scroll down to Hidden files and folders.
  • Select Show hidden files and folders.
  • Uncheck Hide extensions of known file types.
  • Uncheck Hide protected operating system files (Recommended).
  • Click Yes when prompted.
  • Click OK.
  • Click on My Computer.
  • Double click on the Local Drive(C)
  • Click on Programs
  • Find each of the following folder and do a Right Click> Delete
    [o] PriceGong
    [o] Freeze.com (Or FreeOffers)
    [o] SpySubtract
When finished Click on Apply> OK> Rehide the files & folders!!
Exit Explorer

Part 3. Uninstall:Go to Control Panel> Add/Remove Programs> Find each
  • PriceGong
  • Freeze.com (or Free Offers)
  • SpySubtract
and Uninstall.

If you get any errors removing the program folders before uninstalling the programs, just reverse Part 2 & 3.

Reboot into Normal Mode.
=========================================
What is Drive D? If it's a flash drive you will need to disinfect it> let me know.
(D:\I386\Apps\APP09527\src\SpyInstall_HPPre.exe)
=========================================
Let me know how the system is running.
 
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`7fe80000
Restoring boot code at \\.\PhysicalDrive0...
OK

Done;
Press any key to quit...
 
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`7fe80000
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
ComboFix 11-03-29.03 - Compaq_Owner 03/29/2011 20:10:05.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407.979 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
FILE ::
"c:\program files\Common Files\roryruni.exe"
"c:\program files\Common Files\xikikoli.bin"
"c:\program files\Common Files\zacaji.reg"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
C:\found.000
c:\found.000\dir0000.chk\plugin-amf
c:\found.000\dir0000.chk\plugin-control-1
c:\found.000\dir0000.chk\plugin-crossdomain-1.xml
c:\found.000\dir0000.chk\plugin-crossdomain.xml
c:\found.000\dir0000.chk\plugin-f76a07be2aa53fc53c59c0c4eb0522f9.swf
c:\program files\Common Files\roryruni.exe
c:\program files\Common Files\xikikoli.bin
c:\program files\Common Files\zacaji.reg
c:\program files\Free Offers from Freeze.com
c:\program files\Free Offers from Freeze.com\101_Free_Songs.ico
c:\program files\Free Offers from Freeze.com\6840.url
c:\program files\Free Offers from Freeze.com\6862.url
c:\program files\Free Offers from Freeze.com\6884.url
c:\program files\Free Offers from Freeze.com\clickfinderror.ico
c:\program files\Free Offers from Freeze.com\control.txt
c:\program files\Free Offers from Freeze.com\musicoasis.ico
c:\program files\PriceGong
c:\program files\PriceGong\2.1.0\FF\chrome.manifest
c:\program files\PriceGong\2.1.0\FF\components\PriceGong.xpt
c:\program files\PriceGong\2.1.0\FF\components\PriceGongFF.dll
c:\program files\PriceGong\2.1.0\FF\content\options.js
c:\program files\PriceGong\2.1.0\FF\content\options.xul
c:\program files\PriceGong\2.1.0\FF\content\PriceGong.png
c:\program files\PriceGong\2.1.0\FF\install.rdf
c:\program files\PriceGong\2.1.0\PriceGongIE.dll
c:\program files\PriceGong\uninst.exe
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\24.03.2011_23.12.57\boot0000\mbr0000\object.ini
c:\tdsskiller_quarantine\24.03.2011_23.12.57\boot0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\24.03.2011_23.12.57\boot0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\24.03.2011_23.12.57\boot0000\object.ini
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0000\mbr0000\object.ini
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0000\object.ini
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0001\mbr0000\object.ini
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0001\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0001\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\27.03.2011_21.02.22\boot0001\object.ini
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 01:16 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-03-30 01:16 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-03-29 00:52 . 2011-03-29 00:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\NetAssistant
2011-03-29 00:51 . 2011-03-29 00:51 -------- d-----w- c:\program files\Itibiti Soft Phone
2011-03-29 00:51 . 2011-03-29 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder
2011-03-29 00:51 . 2011-03-29 00:51 -------- d-----w- c:\program files\7-Zip
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\Copy of system32\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-04 . F7B47E54AFEA44E21E745A1249D7C384 . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-03-29_03.15.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-30 01:01 . 2011-03-30 01:01 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
+ 2011-03-30 01:00 . 2011-03-30 01:00 16384 c:\windows\Temp\Perflib_Perfdata_580.dat
+ 2008-10-22 09:47 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-10-22 09:47 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2004-08-04 12:00 . 2009-12-22 05:42 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll
+ 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 96256 c:\windows\system32\inseng.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 81920 c:\windows\system32\ieencode.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\ieencode.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 12:00 . 2009-12-16 12:57 18432 c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 12:00 . 2009-12-22 05:42 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-04 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2004-08-04 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 09:19 . 2003-02-21 09:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-03-29 23:34 . 2011-03-29 23:34 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_df50a8f8\System.Drawing.Design.dll
+ 2011-03-29 23:34 . 2011-03-29 23:34 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a2f74945\CustomMarshalers.dll
+ 2011-03-29 03:55 . 2011-03-29 03:55 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-04-16 22:14 . 2009-12-16 13:33 352768 c:\windows\system32\xpsp3res.dll
+ 2009-04-16 22:14 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll
+ 2004-08-04 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 662016 c:\windows\system32\wininet.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 662016 c:\windows\system32\wininet.dll
+ 2004-08-04 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll
- 2004-08-04 12:00 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 624640 c:\windows\system32\urlmon.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 624640 c:\windows\system32\urlmon.dll
- 2004-08-04 11:00 . 2009-12-08 09:13 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 449024 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 12:00 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 251392 c:\windows\system32\iepeers.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 251392 c:\windows\system32\iepeers.dll
+ 2005-01-27 04:56 . 2011-03-30 00:24 239144 c:\windows\system32\FNTCACHE.DAT
- 2005-01-27 04:56 . 2009-11-12 01:57 239144 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2009-12-22 05:42 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 11:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 662016 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 662016 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 624640 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 624640 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2004-08-04 11:00 . 2009-12-08 09:13 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-02-07 16:08 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
- 2004-08-04 12:00 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 12:00 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 251392 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 251392 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2004-08-04 12:00 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
- 2004-08-04 12:00 . 2009-12-22 05:42 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 151040 c:\windows\system32\cdfview.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 151040 c:\windows\system32\cdfview.dll
+ 2004-08-04 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 285696 c:\windows\system32\atmfd.dll
+ 2004-08-04 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2004-08-04 12:00 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2005-05-05 17:36 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-03-29 23:35 . 2011-03-29 23:35 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_163e0e39\System.Drawing.dll
+ 2011-03-29 23:36 . 2011-03-29 23:36 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_acd5541a\System.Drawing.Design.dll
+ 2011-03-29 23:36 . 2011-03-29 23:36 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3cf78c3a\CustomMarshalers.dll
+ 2004-08-04 11:00 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
+ 2004-08-04 11:00 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 1506304 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2009-11-27 17:33 1291264 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2010-02-16 13:19 2181376 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 18:00 . 2010-02-16 12:39 2058368 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 11:00 . 2010-04-16 15:36 3065344 c:\windows\system32\mshtml.dll
+ 2004-08-04 11:00 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 11:00 . 2010-04-16 15:36 1506304 c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 1506304 c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-07 16:10 . 2010-02-16 13:19 2181376 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-02-07 16:10 . 2010-02-16 12:39 2016768 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 16:10 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-07 16:10 . 2010-02-16 13:17 2137088 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 3065344 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-04 12:00 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2004-08-04 12:00 . 2009-12-22 05:42 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\dllcache\danim.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 1023488 c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 12:00 . 2009-12-22 05:42 1054208 c:\windows\system32\danim.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\danim.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 1023488 c:\windows\system32\browseui.dll
- 2004-08-04 11:00 . 2009-12-22 05:42 1023488 c:\windows\system32\browseui.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2005-03-02 00:59 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-03-29 03:56 . 2011-03-29 03:56 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_391f4b1e\System.dll
+ 2011-03-29 23:36 . 2011-03-29 23:36 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_055d7ce0\System.dll
+ 2011-03-29 23:36 . 2011-03-29 23:36 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c235e3f4\System.Xml.dll
+ 2011-03-29 23:34 . 2011-03-29 23:34 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3de89447\System.Xml.dll
+ 2011-03-29 23:36 . 2011-03-29 23:36 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ffb61ee7\System.Windows.Forms.dll
+ 2011-03-29 23:34 . 2011-03-29 23:34 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_20029734\System.Windows.Forms.dll
+ 2011-03-29 23:37 . 2011-03-29 23:37 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_baa6edd6\System.Drawing.dll
+ 2011-03-29 23:35 . 2011-03-29 23:35 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bd4fd532\System.Design.dll
+ 2011-03-29 23:37 . 2011-03-29 23:37 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6f846892\System.Design.dll
+ 2011-03-29 23:35 . 2011-03-29 23:35 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ba04c71a\mscorlib.dll
+ 2011-03-29 23:37 . 2011-03-29 23:37 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_23ccc13a\mscorlib.dll
- 2009-10-15 00:08 . 2009-10-15 00:08 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2011-03-29 03:55 . 2011-03-29 03:55 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-15 00:08 . 2009-10-15 00:08 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-03-29 03:55 . 2011-03-29 03:55 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\2f2bd6.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-05 180269]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 19:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 14:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-18 17:55 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-12-07 05:21 2387968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-01-04 23:54 49152 ----a-w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-05-05 17:48 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 19:31 81920 ----a-w- c:\windows\system32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\symds.sys [12/27/2010 3:58 PM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\symefa.sys [12/27/2010 3:58 PM 652336]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\ironx86.sys [12/27/2010 3:58 PM 136312]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe [12/27/2010 3:58 PM 130000]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [3/14/2011 3:38 PM 800376]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/24/2011 8:53 PM 102448]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110325.002\IDSXpx86.sys [3/14/2011 1:58 PM 341944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-07 05:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mianotes5.notes.assurant.com/dwa85W.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\13zt6r9k.Default User\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1631550F-191D-4826-B069-D9439253D926} - c:\program files\PriceGong\2.1.0\PriceGongIE.dll
AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-29 20:16
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-29 20:18:22
ComboFix-quarantined-files.txt 2011-03-30 01:18
ComboFix2.txt 2011-03-29 03:18
.
Pre-Run: 133,429,030,912 bytes free
Post-Run: 133,408,710,656 bytes free
.
- - End Of File - - FE7F534BDAFDF2DC4BE388F69DBE0C6F
 
All processes killed
========== PROCESSES ==========
No active process named D:\I386\Apps\APP09527\src\SpyInstall_HPPre.exe was found!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe moved successfully.
C:\Program Files\InterMute\SpySubtract\ssengine.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 251698 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54721835 bytes
->Flash cache emptied: 14346 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jessica
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 5034 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 14928 bytes

User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03292011_202308

Files moved on Reboot...

Registry entries deleted on Reboot...
 
The system seems to be running stable now. You asked about drive D:. It is not a flash drive. It is just the recovery partition of the HDD. Is that the correct term?

I did not understand the part about
==========================================
Replace the Host Files
==========================================

what exactly did you want me to do?
 
I want you to click on the blue text that says Replace Host Files and follow the prompts. The link is embedded in the words.

Hyperlinks appear in blue. Placing the cursor on the link makes the gloved hand finger point icon show. Doing a left click take you to the link. This will be standard in all internet text.

Edit: Adding text:
What ever you're using to backup, included an infected file:
D:\I386\Apps\APP09527\src\SpyInstall_HPPre.exe

See if you can open Drive D: select this file and press the button Shift together with Del (Delete)
 
Thank you but I do know what a hyperlink is. I was offended when I read your reply at first but upon further review i dont think that was your intention. I guess you may deal with some people who dont know this type of thing. I just cant resist pointing that out, sorry.

I was able to delete D:\I386\Apps\APP09527\src\SpyInstall_HPPre.exe

I will follow the instructions about replacing the host file. I guess I was hoping you didnt actually want me to read that whole thing. All of your instructions have been straightforward. This article is a different story. Wish me luck.
 
also, firefox is telling me an add on for freeze.com was installed. I am given the option to ENABLE but UNINSTALL is greyed out.

never mind, i uninstalled it thru add/remove programs
 
Be forewarned! Don't mess with me today! Yesterday my damn internet was down- again and today I'm working between squall lines and a tornado watch!

And I will mention that each one of the replies send me email feedback. If I haven't replied yet and you have something to add- other than logs- use Edit and add to existing reply. That won't send another email but I'll see it when I'm back on the thread.

I've done a pretty good job of cleaning up your system. Did you go back to the Free Offers from Freeze.com?

Shutting down- later or in AM. Storm,.

Sorry about host file confusion. I usually just leave the link. I had a short description but no one reads it.
 
Well, I have put one very tough week behind me! Did you want to continue? Or has the performance issue been resolved?
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
400
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back