Solved Help removing a trojan

learninmypc · Nov 4, 2012

Heres the SAS log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2012 at 12:48 PM

Application Version : 5.6.1014

Core Rules Database Version : 9527
Trace Rules Database Version: 7339

Scan type : Complete Scan
Total Scan Time : 01:17:00

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 508
Memory threats detected : 0
Registry items scanned : 39660
Registry threats detected : 0
File items scanned : 57194
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator.SEATTLE\Cookies\EB9JGLMT.txt [ /accounts.google.com ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E6001F9-0A8D-45EC-B593-E452C096CF95}\RP1629\A0413019.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E6001F9-0A8D-45EC-B593-E452C096CF95}\RP1630\A0413482.EXE

If this & my previous thread are because I'm using the Windows firewall ONLY, what firewall would you suggest? An easy one preferably.

Other scans will be posted;.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-11-04 13:03:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2000BB-22GUA0 rev.08.02D08
Running: gb4us0qj.exe; Driver: C:\DOCUME~1\HP_ADM~1.SEA\LOCALS~1\Temp\pxldqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF1AEDD42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF1AEDBAD]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF1B71E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

learninmypc · Nov 4, 2012

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by HP_Administrator at 13:10:48 on 2012-11-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.55 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\SeaMonkey\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kirotv.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251314773281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 192.168.1.1 74.40.74.40
TCP: Interfaces\{8F197E4D-DAFD-4588-9ED7-B5D6B2B1B6D9} : DHCPNameServer = 192.168.1.1 74.40.74.40
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-14 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-14 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-14 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-14 44808]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-24 116648]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-24 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 115168]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2011-8-13 163840]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-08 12:21:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 12:21:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 13:00:24 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-31 13:00:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 14:04:24 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-16 19:59:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2003-11-13 07:41:04 1176416 ----a-w- c:\program files\LOTR3.exe
2003-10-17 16:56:54 340746 -c--a-w- c:\program files\ASSav.scr
.
============= FINISH: 13:12:36.18 ===============

learninmypc · Nov 4, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/22/2009 1:37:14 AM
System Uptime: 11/4/2012 1:05:55 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 1790/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 180 GiB total, 76.468 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.685 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM (CDFS)
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1574: 9/14/2012 6:50:51 AM - System Checkpoint
RP1575: 9/14/2012 10:24:09 AM - Revo Uninstaller's restore point - COMODO Internet Security
RP1576: 9/14/2012 10:25:57 AM - Removed COMODO Internet Security
RP1577: 9/14/2012 10:30:23 AM - Revo Uninstaller's restore point - COMODO GeekBuddy
RP1578: 9/14/2012 10:42:42 AM - avast! Free Antivirus Setup
RP1579: 9/15/2012 1:11:54 PM - System Checkpoint
RP1580: 9/15/2012 3:31:32 PM - Installed HiJackThis
RP1581: 9/15/2012 3:38:27 PM - Revo Uninstaller's restore point - HiJackThis
RP1582: 9/15/2012 3:38:41 PM - Removed HiJackThis
RP1583: 9/16/2012 10:17:08 PM - System Checkpoint
RP1584: 9/17/2012 10:20:27 PM - System Checkpoint
RP1585: 9/18/2012 11:03:04 PM - System Checkpoint
RP1586: 9/19/2012 11:20:34 PM - System Checkpoint
RP1587: 9/21/2012 12:01:25 AM - System Checkpoint
RP1588: 9/21/2012 10:16:48 PM - Software Distribution Service 3.0
RP1589: 9/22/2012 10:47:38 PM - System Checkpoint
RP1590: 9/24/2012 3:47:27 AM - System Checkpoint
RP1591: 9/25/2012 4:28:07 AM - System Checkpoint
RP1592: 9/26/2012 1:05:49 PM - System Checkpoint
RP1593: 9/27/2012 1:37:08 PM - System Checkpoint
RP1594: 9/28/2012 1:50:34 PM - System Checkpoint
RP1595: 9/29/2012 9:31:14 PM - System Checkpoint
RP1596: 9/30/2012 10:19:53 PM - System Checkpoint
RP1597: 10/1/2012 10:25:10 PM - System Checkpoint
RP1598: 10/2/2012 3:25:25 PM - Revo Uninstaller's restore point - Opera 12.02
RP1599: 10/2/2012 3:29:57 PM - Revo Uninstaller's restore point - Opera 12.02
RP1600: 10/3/2012 11:12:06 PM - System Checkpoint
RP1601: 10/4/2012 11:53:06 PM - System Checkpoint
RP1602: 10/6/2012 2:17:19 AM - System Checkpoint
RP1603: 10/7/2012 3:02:28 AM - System Checkpoint
RP1604: 10/8/2012 7:42:31 AM - System Checkpoint
RP1605: 10/9/2012 7:44:39 AM - System Checkpoint
RP1606: 10/10/2012 3:00:43 AM - Software Distribution Service 3.0
RP1607: 10/11/2012 3:21:16 AM - System Checkpoint
RP1608: 10/12/2012 3:29:30 AM - System Checkpoint
RP1609: 10/13/2012 3:54:29 AM - System Checkpoint
RP1610: 10/14/2012 4:02:47 AM - System Checkpoint
RP1611: 10/14/2012 6:35:31 AM - Revo Uninstaller's restore point - Comodo Dragon
RP1612: 10/14/2012 6:21:04 PM - Revo Uninstaller's restore point - SRWare Iron version SRWare Iron 22.0.1250.0
RP1613: 10/16/2012 12:28:12 AM - System Checkpoint
RP1614: 10/17/2012 12:31:51 AM - System Checkpoint
RP1615: 10/17/2012 10:04:18 AM - Installed Java 7 Update 9
RP1616: 10/18/2012 11:06:04 AM - System Checkpoint
RP1617: 10/19/2012 12:46:01 PM - System Checkpoint
RP1618: 10/20/2012 8:38:22 PM - System Checkpoint
RP1619: 10/21/2012 9:37:52 PM - System Checkpoint
RP1620: 10/22/2012 10:17:32 PM - System Checkpoint
RP1621: 10/23/2012 10:47:23 PM - System Checkpoint
RP1622: 10/24/2012 11:13:31 PM - System Checkpoint
RP1623: 10/25/2012 11:16:47 PM - System Checkpoint
RP1624: 10/27/2012 12:10:11 AM - System Checkpoint
RP1625: 10/28/2012 12:20:01 AM - System Checkpoint
RP1626: 10/29/2012 12:25:11 AM - System Checkpoint
RP1627: 10/30/2012 12:56:38 AM - System Checkpoint
RP1628: 10/31/2012 1:00:10 AM - System Checkpoint
RP1629: 11/1/2012 1:43:52 AM - System Checkpoint
RP1630: 11/2/2012 2:10:09 AM - System Checkpoint
RP1631: 11/2/2012 7:23:18 PM - Revo Uninstaller's restore point - Pale Moon 15.2.1 (x86 en-US)
RP1632: 11/3/2012 7:00:30 PM - System Checkpoint
RP1633: 11/4/2012 10:35:37 AM - Revo Uninstaller's restore point - Secunia PSI (3.0.0.2004)
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Advanced Video FX Engine
Advanced Video FX Utility
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Amazon Kindle
Apple Application Support
Apple Software Update
avast! Free Antivirus
Belarc Advisor 8.1
Belkin Connect Wireless USB Adapter
BufferChm
CameraDrivers
CCleaner
Copy
CPUID CPU-Z 1.62
Creative Live! Cam Center
Creative Live! Cam Notebook Pro
Creative Live! Cam Notebook Pro Driver (1.01.03.0405)
Creative Live! Cam Notebook Pro User's Guide (English)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
Easy Internet Sign-up
ERUNT 1.1j
ESET Online Scanner v3
Fax
FileHippo.com Update Checker
Foxit Reader
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.2
HP Image Zone for Media Center PC
HP Image Zone Plus 4.2
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 4.0
HP Software Update
HP Tunes
HP Unload DLL Patch
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ402
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
Java 7 Update 9
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 6.3.9 (Full)
KBD
Malwarebytes Anti-Malware version 1.65.1.1000
Media Player Classic - Home Cinema 1.6.1.4235
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel Viewer 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Picture It! Photo 2002
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenAL
Otto
PhotoGallery
PhotoMail Maker
Photosmart 320,370,7400,8100,8400 Series
PlayFLV
PrintScreen
Process Lasso
PS2
PSPrinters06
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quick Startup 2.8.0.718
QuickProjects
Readme
Revo Uninstaller 1.94
RoboForm 7-8-2-5 (All Users)
Scan
SeaMonkey 2.13.2 (x86 en-US)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shockwave
SightSpeed
SIW version 2010.07.14
SkinsHP1
SkinsHP2
Sonic Encoders
Sonic RecordNow!
Speccy
Spybot - Search & Destroy
SpywareBlaster 4.6
SUPERAntiSpyware
swMSM
TeamViewer 7
TrayApp
Unload
Unlocker 1.9.1
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP
VC 9.0 Runtime
Virtual Seattle Interactive 98
Visual J# .NET Redistributable Package
VLC media player 2.0.4
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Works Suite OS Pack
Works Synchronization
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
11/4/2012 7:59:53 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
11/1/2012 5:48:34 AM, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
10/29/2012 4:49:29 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/29/2012 4:49:26 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 4:49:25 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 4:49:25 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 4:49:25 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 4:49:25 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/29/2012 4:49:24 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 4:49:24 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================

Jay Pfoutz · Nov 4, 2012

Hi again!

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

learninmypc · Nov 4, 2012

ComboFix 12-11-04.01 - HP_Administrator 11/04/2012 13:42:19.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.263 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator.SEATTLE\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\0A7E249F04.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\sp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-01 22:02 . 2012-11-04 17:43 -------- d-----w- c:\documents and settings\HP_Administrator.SEATTLE\Application Data\vlc
2012-10-25 02:01 . 2012-10-25 02:01 -------- d-----w- c:\program files\ESET
2012-10-17 17:05 . 2012-09-25 06:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-15 23:49 . 2012-11-03 02:23 -------- d-----w- c:\documents and settings\HP_Administrator.SEATTLE\Application Data\Moonchild Productions
2012-10-15 23:49 . 2012-10-15 23:49 -------- d-----w- c:\documents and settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Moonchild Productions
2012-10-14 13:27 . 2012-10-14 13:36 -------- d-----w- c:\program files\Comodo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-09-14 17:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-09-14 17:46 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-09-14 17:46 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-09-14 17:46 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-09-14 17:46 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-09-14 17:46 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-09-14 17:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-09-14 17:46 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-09-14 17:44 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-09-14 17:44 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-08 12:21 . 2012-03-29 12:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 12:21 . 2012-02-23 03:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 02:54 . 2009-08-25 23:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 13:00 . 2011-12-13 13:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-31 13:00 . 2010-04-15 15:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 14:04 . 2012-08-30 14:04 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-08-28 15:14 . 2004-09-10 23:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-09-10 23:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-09-10 23:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-09-10 23:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-09-10 23:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-09-10 23:16 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 05:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-16 19:59 . 2012-05-08 15:46 143872 ----a-w- c:\windows\system32\javacpl.cpl
2003-11-13 07:41 . 2003-11-13 07:41 1176416 ----a-w- c:\program files\LOTR3.exe
2003-10-17 16:56 . 2003-10-17 16:56 340746 -c--a-w- c:\program files\ASSav.scr
2012-10-27 03:27 . 2012-10-27 03:25 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-19 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-24 4583424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator.SEATTLE^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\HP_Administrator.SEATTLE\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator.SEATTLE^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\HP_Administrator.SEATTLE\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-11 04:44 136176 ----atw- c:\documents and settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessGovernor]
2011-11-24 11:15 339472 ----a-w- c:\program files\Process Lasso\ProcessGovernor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-09-19 14:08 109336 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-23 23:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
"HPHmon06"=c:\windows\system32\hphmon06.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"AlcxMonitor"=ALCXMNTR.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\HP_Administrator.SEATTLE\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/14/2012 9:46 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/14/2012 9:47 AM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 10:54 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/14/2012 9:47 AM 21256]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 4:21 PM 594048]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [8/13/2011 12:15 PM 163840]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:21]
.
2012-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-11-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-14 22:50]
.
2012-11-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-23 09:28]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd9a721e006dca.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-24 16:30]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307928640-4091270434-1924496998-1008Core1cc4d4247ebd09e.job
- c:\documents and settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 04:44]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307928640-4091270434-1924496998-1008Core1cd5f56320389b2.job
- c:\documents and settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 04:44]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1641465681-471726703-3165085255-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 20:10]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1641465681-471726703-3165085255-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 20:10]
.
2007-09-15 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-01-13 01:48]
.
2012-11-01 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2012-02-25 20:03]
.
2012-11-04 c:\windows\Tasks\User_Feed_Synchronization-{16D795B5-B10F-44CB-946F-5CE8B23252FF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kirotv.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mozilla Firefox 15.0.1 (x86 en-US) - k:\uninstall\helper.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator.SEATTLE\Application Data\Macromedia\Flash Player\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-04 13:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2012-11-04 13:58:55
ComboFix-quarantined-files.txt 2012-11-04 21:58
.
Pre-Run: 82,061,602,816 bytes free
Post-Run: 82,013,622,272 bytes free
.
- - End Of File - - 0058332E99D4C70CDA9AB81F974C6B95

Jay Pfoutz · Nov 5, 2012

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

learninmypc · Nov 5, 2012

No log was found, but I did get this

Other than that, no problems. Will run the eset scan

learninmypc · Nov 5, 2012

Ran eset, no threats found. Would like to know if a 3rd party firewall would help prevent this? TIA

Jay Pfoutz · Nov 5, 2012

Indeed.

If it all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.

learninmypc · Nov 5, 2012

If this " Please download CCleaner Slim and save it to your Desktop - Alternate download link" is the same as ccleaner, I have it. Otherwise, I also have TFC that I saved from a previous thread & use it too. I don't mess with the registry.

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
JavaFX 2.1.1
Java(TM) 7 Update 5
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````

Jay Pfoutz · Nov 5, 2012

TFC's fine. Good job! Topic marked solved.

Solved Help removing a trojan

learninmypc

Posts: 9,676 +724

learninmypc

Posts: 9,676 +724

learninmypc

Posts: 9,676 +724

Jay Pfoutz

Posts: 4,279 +49

learninmypc

Posts: 9,676 +724

Jay Pfoutz

Posts: 4,279 +49

learninmypc

Posts: 9,676 +724

learninmypc

Posts: 9,676 +724

Jay Pfoutz

Posts: 4,279 +49

learninmypc

Posts: 9,676 +724

Jay Pfoutz

Posts: 4,279 +49

Similar threads

Latest posts