Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Iexplore problem
Message
<blockquote data-quote="Jwill1919" data-source="post: 318384" data-attributes="member: 32096"><p>TwinHeaded Eagle, thanks for helping me! I'm having trouble doing this on my CPU, I can only use Internet Explorer and it is horrible especially with iexplore.exe popping up all over the place. One question: Should I be doing these scans in Safe Mode or in Regular? I can't connect to internet in Safe, it's not allowing me to for some reason. Anyway, it also isn't allowing me to use the "upload a file" feature, so I am going to copy and paste if thats ok? </p><p></p><p>Here are the scans in the order you wanted..</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1012</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version: v2014.12.18.01</p><p></p><p>Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)</p><p>Internet Explorer 7.0.5730.13</p><p>JW :: JUSTIN [administrator]</p><p></p><p>12/20/2014 11:01:14 AM</p><p>mbar-log-2014-12-20 (11-01-14).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 307994</p><p>Time elapsed: 1 hour(s), 5 minute(s), 34 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 1</p><p>Physical Sector #20973568 on Drive #0 (Rootkit.Cidox.J.VBR) -> Replace on reboot. [7d7dbd13c655408b7ccbeef6503fdbdb]</p><p></p><p>(end)</p><p></p><p></p><p></p><p></p><p>NEXT IS SYSTEM.....</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1012</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 7.0.5730.13</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 1.607000 GHz</p><p>Memory total: 937758720, free: 418856960</p><p></p><p>=======================================</p><p>Initializing...</p><p>Done!</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 43A90CE8</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x12)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 20971520</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 20973568 Numsec = 291587072</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 2 type is HIDDEN (0x17)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 312560640 Numsec = 21152</p><p> Partition is not bootable</p><p>Infected: VBR on Hidden (not active) partition --> [Rootkit.Alureon.E.VBR]</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 160041885696 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...</p><p>Done!</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p>Removal scheduling successful. System shutdown needed.</p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1012</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 7.0.5730.13</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 1.607000 GHz</p><p>Memory total: 937758720, free: 347623424</p><p></p><p>=======================================</p><p>Initializing...</p><p>Done!</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 43A90CE8</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x12)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 20971520</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 20973568 Numsec = 291587072</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 2 type is HIDDEN (0x17)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 312560640 Numsec = 21152</p><p> Partition is not bootable</p><p>Hidden partition VBR is not infected.</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 160041885696 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...</p><p>Done!</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...</p><p>Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20973568-i.mbam...</p><p>Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-2-312560640-i.mbam...</p><p>Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1012</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 7.0.5730.13</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 1.607000 GHz</p><p>Memory total: 937758720, free: 509095936</p><p></p><p>Downloaded database version: v2014.12.17.02</p><p>Downloaded database version: v2014.12.14.01</p><p>Downloaded database version: v2014.12.06.01</p><p>=======================================</p><p>Initializing...</p><p>Done!</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 43A90CE8</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x12)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 20971520</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 20973568 Numsec = 291587072</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p>Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR]</p><p></p><p> Partition 2 type is HIDDEN (0x17)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 312560640 Numsec = 21152</p><p> Partition is not bootable</p><p>Hidden partition VBR is not infected.</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 160041885696 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...</p><p>Done!</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1012</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 7.0.5730.13</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 1.607000 GHz</p><p>Memory total: 937758720, free: 593297408</p><p></p><p>Downloaded database version: v2014.12.17.03</p><p>Downloaded database version: v2014.12.17.04</p><p>Downloaded database version: v2014.12.18.01</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 12/17/2014 22:03:58</p><p>------------ Loaded modules -----------</p><p>\WINDOWS\system32\ntkrnlpa.exe</p><p>\WINDOWS\system32\hal.dll</p><p>\WINDOWS\system32\KDCOM.DLL</p><p>\WINDOWS\system32\BOOTVID.dll</p><p>ACPI.sys</p><p>\WINDOWS\system32\DRIVERS\WMILIB.SYS</p><p>pci.sys</p><p>isapnp.sys</p><p>pciide.sys</p><p>\WINDOWS\system32\DRIVERS\PCIIDEX.SYS</p><p>MountMgr.sys</p><p>ftdisk.sys</p><p>PartMgr.sys</p><p>VolSnap.sys</p><p>atapi.sys</p><p>disk.sys</p><p>\WINDOWS\system32\DRIVERS\CLASSPNP.SYS</p><p>fltmgr.sys</p><p>sr.sys</p><p>KSecDD.sys</p><p>Ntfs.sys</p><p>NDIS.sys</p><p>Mup.sys</p><p>\WINDOWS\system32\ntkrnlpa.exe</p><p>\SystemRoot\system32\DRIVERS\processr.sys</p><p>\SystemRoot\system32\DRIVERS\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\usbohci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\nvnetbus.sys</p><p>\SystemRoot\system32\DRIVERS\NVNRM.SYS</p><p>\SystemRoot\system32\DRIVERS\imapi.sys</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\system32\DRIVERS\redbook.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys</p><p>\SystemRoot\system32\DRIVERS\AGRSM.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\Drivers\Modem.SYS</p><p>\SystemRoot\system32\DRIVERS\nv4_mini.sys</p><p>\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS</p><p>\SystemRoot\system32\DRIVERS\audstub.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\DRIVERS\psched.sys</p><p>\SystemRoot\system32\DRIVERS\msgpc.sys</p><p>\SystemRoot\system32\DRIVERS\ptilink.sys</p><p>\SystemRoot\system32\DRIVERS\raspti.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\update.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\system32\drivers\RtkHDAud.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\System32\Drivers\i2omgmt.SYS</p><p>\SystemRoot\System32\Drivers\Fs_Rec.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\Drivers\mnmdd.SYS</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\rasacd.sys</p><p>\SystemRoot\system32\DRIVERS\ipsec.sys</p><p>\SystemRoot\system32\DRIVERS\tcpip.sys</p><p>\SystemRoot\system32\DRIVERS\netbt.sys</p><p>\SystemRoot\System32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\System32\Drivers\Fips.SYS</p><p>\SystemRoot\system32\DRIVERS\ipnat.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\System32\Drivers\Cdfs.SYS</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\Drt2870.sys</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\DRIVERS\usbscan.sys</p><p>\SystemRoot\system32\DRIVERS\usbprint.sys</p><p>\SystemRoot\system32\DRIVERS\HPZius12.sys</p><p>\SystemRoot\system32\DRIVERS\HPZid412.sys</p><p>\SystemRoot\system32\DRIVERS\HPZipr12.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\System32\Drivers\dump_atapi.sys</p><p>\SystemRoot\System32\Drivers\dump_WMILIB.SYS</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\watchdog.sys</p><p>\SystemRoot\System32\drivers\dxg.sys</p><p>\SystemRoot\System32\drivers\dxgthk.sys</p><p>\SystemRoot\System32\nv4_disp.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\mrxdav.sys</p><p>\??\C:\WINDOWS\system32\ANIO.SYS</p><p>\??\C:\WINDOWS\system32\drivers\int15.sys</p><p>\SystemRoot\system32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\wdmaud.sys</p><p>\SystemRoot\system32\drivers\sysaudio.sys</p><p>\SystemRoot\System32\Drivers\HTTP.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys</p><p>\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys</p><p>\WINDOWS\system32\ntdll.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk3\DR6</p><p>Upper Device Object: 0xffffffff84a7aab8</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000076\</p><p>Lower Device Object: 0xffffffff85311818</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk2\DR5</p><p>Upper Device Object: 0xffffffff84a6b030</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000073\</p><p>Lower Device Object: 0xffffffff8531a030</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR4</p><p>Upper Device Object: 0xffffffff852c42b0</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000072\</p><p>Lower Device Object: 0xffffffff853173d0</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff853afab8</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\</p><p>Lower Device Object: 0xffffffff8545fd98</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff853afab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff853e4900, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff853afab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff854dc928, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff8545fd98, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 43A90CE8</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x12)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 20971520</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 20973568 Numsec = 291587072</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p>Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR]</p><p></p><p> Partition 2 type is HIDDEN (0x17)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 312560640 Numsec = 21152</p><p> Partition is not bootable</p><p>Hidden partition VBR is not infected.</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 160041885696 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...</p><p>Done!</p><p>Physical Sector Size: 0</p><p>Drive: 1, DevicePointer: 0xffffffff852c42b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff852bb4b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff852c42b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff853173d0, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 2, DevicePointer: 0xffffffff84a6b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff852c1600, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff84a6b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff8531a030, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 3, DevicePointer: 0xffffffff84a7aab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff84fac9b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff84a7aab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff85311818, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1012</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>System is currently in a safe mode</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 7.0.5730.13</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 1.607000 GHz</p><p>Memory total: 937758720, free: 754548736</p><p></p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 12/20/2014 11:00:37</p><p>------------ Loaded modules -----------</p><p>\WINDOWS\system32\ntoskrnl.exe</p><p>\WINDOWS\system32\hal.dll</p><p>\WINDOWS\system32\KDCOM.DLL</p><p>\WINDOWS\system32\BOOTVID.dll</p><p>ACPI.sys</p><p>\WINDOWS\system32\DRIVERS\WMILIB.SYS</p><p>pci.sys</p><p>isapnp.sys</p><p>pciide.sys</p><p>\WINDOWS\system32\DRIVERS\PCIIDEX.SYS</p><p>MountMgr.sys</p><p>ftdisk.sys</p><p>PartMgr.sys</p><p>VolSnap.sys</p><p>atapi.sys</p><p>disk.sys</p><p>\WINDOWS\system32\DRIVERS\CLASSPNP.SYS</p><p>fltmgr.sys</p><p>sr.sys</p><p>KSecDD.sys</p><p>Ntfs.sys</p><p>NDIS.sys</p><p>Mup.sys</p><p>\WINDOWS\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\DRIVERS\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\usbohci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\imapi.sys</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\system32\DRIVERS\redbook.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\DRIVERS\psched.sys</p><p>\SystemRoot\system32\DRIVERS\msgpc.sys</p><p>\SystemRoot\system32\DRIVERS\ptilink.sys</p><p>\SystemRoot\system32\DRIVERS\raspti.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\update.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\Drivers\i2omgmt.SYS</p><p>\SystemRoot\System32\Drivers\Fs_Rec.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\rasacd.sys</p><p>\SystemRoot\system32\DRIVERS\ipsec.sys</p><p>\SystemRoot\system32\DRIVERS\tcpip.sys</p><p>\SystemRoot\system32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\ipnat.sys</p><p>\SystemRoot\System32\drivers\ws2ifsl.sys</p><p>\SystemRoot\System32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\Drt2870.sys</p><p>\SystemRoot\System32\Drivers\Cdfs.SYS</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\DRIVERS\usbprint.sys</p><p>\SystemRoot\system32\DRIVERS\HPZius12.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\System32\Drivers\dump_atapi.sys</p><p>\SystemRoot\System32\Drivers\dump_WMILIB.SYS</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\watchdog.sys</p><p>\SystemRoot\System32\drivers\dxg.sys</p><p>\SystemRoot\System32\drivers\dxgthk.sys</p><p>\SystemRoot\System32\framebuf.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\srv.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys</p><p>\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys</p><p>\WINDOWS\system32\ntdll.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk3\DR6</p><p>Upper Device Object: 0xffffffff84f14ab8</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000076\</p><p>Lower Device Object: 0xffffffff84efe9a8</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk2\DR5</p><p>Upper Device Object: 0xffffffff84f07ab8</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000073\</p><p>Lower Device Object: 0xffffffff84f0dab0</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR4</p><p>Upper Device Object: 0xffffffff84f0aab8</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000072\</p><p>Lower Device Object: 0xffffffff854c0030</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff854c9ab8</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\</p><p>Lower Device Object: 0xffffffff854d1940</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff854c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff85407a10, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff854c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff854cd6d0, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff854d1940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 43A90CE8</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x12)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 20971520</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 20973568 Numsec = 291587072</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p>Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR]</p><p></p><p> Partition 2 type is HIDDEN (0x17)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 312560640 Numsec = 21152</p><p> Partition is not bootable</p><p>Hidden partition VBR is not infected.</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 160041885696 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...</p><p>Done!</p><p>Physical Sector Size: 0</p><p>Drive: 1, DevicePointer: 0xffffffff84f0aab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff84f0a890, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff84f0aab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff854c0030, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 2, DevicePointer: 0xffffffff84f07ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff84f07890, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff84f07ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff84f0dab0, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 3, DevicePointer: 0xffffffff84f14ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff853ef9d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff84f14ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff84efe9a8, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Could not create restore point...</p><p>Cleaning up...</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p></p><p>NEXT IS FRST.......</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014</p><p>Ran by JW (administrator) on JUSTIN on 20-12-2014 14:31:28</p><p>Running from C:\Documents and Settings\JW\Desktop</p><p>Loaded Profile: JW (Available profiles: JW)</p><p>Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)</p><p>Internet Explorer Version 7</p><p>Boot Mode: Safe Mode (with Networking)</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\WINDOWS\system32\userinit.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [WZCSLDR2] => C:\Program Files\D-Link\DWA-140 revB\WZCSLDR2.exe</p><p>HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)</p><p>HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)</p><p>HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)</p><p>HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()</p><p>HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)</p><p>HKLM\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)</p><p>HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)</p><p>HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)</p><p>HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-04-27] (Apple Inc.)</p><p>HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\MountPoints2: {905bd734-a42b-11e1-8f14-001d72b8b401} - I:\LaunchU3.exe -a</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g" target="_blank">http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</p><p>HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://www.google.com/ie" target="_blank">http://www.google.com/ie</a></p><p>HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = <a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8</a></p><p>HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g" target="_blank">http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g</a></p><p>SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW</a></p><p>SearchScopes: HKU\S-1-5-21-3723271197-3957454863-557728558-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW</a></p><p>BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)</p><p>BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)</p><p>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} <a href="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab" target="_blank">http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab</a></p><p>DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <a href="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab" target="_blank">http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab</a></p><p>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <a href="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab" target="_blank">http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab</a></p><p>Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)</p><p>Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)</p><p>Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)</p><p>Hosts: 127.0.0.1 localhost</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Documents and Settings\JW\Application Data\Mozilla\Firefox\Profiles\xwkj47g7.default</p><p>FF DefaultSearchEngine: Google</p><p>FF SelectedSearchEngine: Google</p><p>FF Homepage: hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()</p><p>FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)</p><p>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF HKLM\...\Firefox\Extensions: [<a href="mailto:smartwebprinting@hp.com">smartwebprinting@hp.com</a>] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</p><p>FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-31]</p><p>FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension</p><p>FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-03]</p><p>FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5</p><p>FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-06]</p><p>FF HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\Firefox\Extensions: [<a href="mailto:smartwebprinting@hp.com">smartwebprinting@hp.com</a>] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</p><p>FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S4 ANIWConnService; C:\WINDOWS\system32\ANIWConnService.exe [151552 2009-07-07] () [File not signed]</p><p>S4 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [102400 2009-08-21] (Wireless Service) [File not signed]</p><p>S4 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-07-16] () [File not signed]</p><p>S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]</p><p>S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [File not signed]</p><p>S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]</p><p>S4 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1</p><p>S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-12-18] (Emsisoft GmbH)</p><p>S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)</p><p>S2 ANIO; C:\WINDOWS\system32\ANIO.SYS [29411 2009-02-09] () [File not signed]</p><p>S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-18] (Emsisoft GmbH)</p><p>S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2014-12-19] ()</p><p>S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)</p><p>S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)</p><p>R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)</p><p>S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-28] (NVIDIA Corporation)</p><p>S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-28] (NVIDIA Corporation)</p><p>R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2009-08-03] (Ralink Technology, Corp.)</p><p>U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2014-12-19] ()</p><p>S3 int15.sys; \??\c:\acernb\int15.sys [X]</p><p>S3 NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]</p><p>S3 NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]</p><p>U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)</p><p>S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]</p><p>S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]</p><p>U3 TlntSvr; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-20 14:31 - 2014-12-20 14:32 - 00011100 _____ () C:\Documents and Settings\JW\Desktop\FRST.txt</p><p>2014-12-20 14:15 - 2014-12-20 14:15 - 01114112 _____ (Farbar) C:\Documents and Settings\JW\Desktop\FRST.exe</p><p>2014-12-19 12:27 - 2014-12-19 12:29 - 00000000 ___SD () C:\ComboFix</p><p>2014-12-19 12:03 - 2014-12-19 12:03 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys</p><p>2014-12-19 01:05 - 2014-12-19 01:05 - 00000639 _____ () C:\Documents and Settings\JW\Desktop\Start Emsisoft Emergency Kit.lnk</p><p>2014-12-19 01:04 - 2014-12-19 01:06 - 00000000 ____D () C:\EEK</p><p>2014-12-19 00:53 - 2014-12-19 00:53 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys</p><p>2014-12-19 00:53 - 2014-12-19 00:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller</p><p>2014-12-18 23:40 - 2014-12-20 11:00 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-12-18 23:40 - 2014-12-18 23:40 - 00000779 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-12-18 23:40 - 2014-12-18 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-12-18 23:39 - 2014-12-20 11:00 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys</p><p>2014-12-18 23:39 - 2014-12-18 23:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware</p><p>2014-12-18 23:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys</p><p>2014-12-18 12:36 - 2014-12-18 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2014-12-18 12:22 - 2014-12-19 12:13 - 00002404 _____ () C:\Documents and Settings\JW\Desktop\Rkill.txt</p><p>2014-12-18 12:18 - 2014-08-29 14:11 - 00000211 _____ () C:\Boot.bak</p><p>2014-12-18 12:18 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr</p><p>2014-12-18 12:17 - 2014-12-18 12:18 - 00000000 ____D () C:\cmdcons</p><p>2014-12-18 12:11 - 2014-12-18 12:11 - 00000000 ____D () C:\Qoobox</p><p>2014-12-18 12:11 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe</p><p>2014-12-18 12:11 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe</p><p>2014-12-18 12:11 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe</p><p>2014-12-18 12:11 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe</p><p>2014-12-18 12:11 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe</p><p>2014-12-18 12:11 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe</p><p>2014-12-18 12:11 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe</p><p>2014-12-18 12:11 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe</p><p>2014-12-18 12:11 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe</p><p>2014-12-18 12:10 - 2014-12-18 12:10 - 00000000 ____D () C:\WINDOWS\erdnt</p><p>2014-12-18 12:04 - 2014-12-18 12:05 - 162702208 _____ () C:\Documents and Settings\JW\Desktop\EmsisoftEmergencyKit.exe</p><p>2014-12-18 11:58 - 2014-12-18 11:59 - 10284408 _____ (SurfRight B.V.) C:\Documents and Settings\JW\Desktop\HitmanPro.exe</p><p>2014-12-18 11:54 - 2014-12-18 11:54 - 15201368 _____ () C:\Documents and Settings\JW\Desktop\RogueKiller.exe</p><p>2014-12-18 11:51 - 2014-12-18 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Documents and Settings\JW\Desktop\mbam-setup-2.0.4.1028.exe</p><p>2014-12-18 11:47 - 2014-12-18 11:47 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\JW\Desktop\iExplore.exe</p><p>2014-12-18 11:46 - 2014-12-18 11:46 - 05601641 ____R (Swearware) C:\Documents and Settings\JW\Desktop\ComboFix.exe</p><p>2014-12-16 09:56 - 2014-12-16 09:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-20 14:32 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW\Local Settings\Temp</p><p>2014-12-20 14:31 - 2014-08-28 16:00 - 00000000 ____D () C:\FRST</p><p>2014-12-20 14:21 - 2009-04-04 16:26 - 00511902 _____ () C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2014-12-20 14:16 - 2014-08-28 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)</p><p>2014-12-20 14:12 - 2009-04-05 00:31 - 01505617 _____ () C:\WINDOWS\WindowsUpdate.log</p><p>2014-12-20 14:07 - 2014-04-01 09:27 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{CDC36A6F-EAFC-428B-8888-3A9296B22B5F}</p><p>2014-12-20 14:07 - 2014-04-01 09:26 - 00000003 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{CDC36A6F-EAFC-428B-8888-3A9296B22B5F}</p><p>2014-12-20 14:07 - 2014-03-20 08:23 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job</p><p>2014-12-20 14:07 - 2009-04-05 00:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT</p><p>2014-12-20 14:07 - 2009-04-04 16:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log</p><p>2014-12-20 14:07 - 2009-04-04 16:29 - 00000050 _____ () C:\WINDOWS\wiaservc.log</p><p>2014-12-20 14:05 - 2014-08-28 20:03 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\mbar</p><p>2014-12-20 14:05 - 2012-01-31 18:38 - 00000178 ___SH () C:\Documents and Settings\JW\ntuser.ini</p><p>2014-12-19 12:28 - 2009-04-05 00:34 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt</p><p>2014-12-19 00:51 - 2012-01-31 19:21 - 00529402 _____ () C:\WINDOWS\setupapi.log</p><p>2014-12-18 22:53 - 2012-01-31 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP</p><p>2014-12-18 22:53 - 2012-01-31 19:26 - 00001712 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log</p><p>2014-12-18 12:18 - 2009-04-05 00:20 - 00000327 __RSH () C:\boot.ini</p><p>2014-12-18 11:41 - 2014-09-23 12:55 - 00054156 ____H () C:\WINDOWS\QTFont.qfn</p><p>2014-12-17 23:04 - 2009-04-05 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help</p><p>2014-12-17 22:52 - 2013-07-20 08:20 - 00000000 ____D () C:\WINDOWS\system32\MRT</p><p>2014-12-17 22:31 - 2012-03-31 22:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2014-12-17 22:10 - 2012-02-03 13:28 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2014-12-16 09:58 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW</p><p>2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\NetworkService</p><p>2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\LocalService</p><p>2014-12-16 09:58 - 2009-04-05 00:30 - 00000000 ____D () C:\WINDOWS\Registration</p><p>2014-12-16 09:56 - 2012-05-01 22:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service</p><p>2014-12-16 09:40 - 2009-04-05 00:18 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl</p><p>2014-12-09 10:53 - 2012-12-16 11:46 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Credentials</p><p>2014-12-08 17:11 - 2014-03-20 08:23 - 00000210 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job</p><p>2014-12-06 11:33 - 2012-01-31 19:53 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job</p><p>2014-11-25 21:28 - 2014-08-07 10:26 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Scrambler</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Documents and Settings\JW\Local Settings\Temp\dllnt_dump.dll</p><p>C:\Documents and Settings\JW\Local Settings\Temp\hpzmsi01.exe</p><p>C:\Documents and Settings\JW\Local Settings\Temp\hpzscr01.EXE</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p>LAST IS ADDITION......</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2014</p><p>Ran by JW at 2014-12-20 14:32:49</p><p>Running from C:\Documents and Settings\JW\Desktop</p><p>Boot Mode: Safe Mode (with Networking)</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden</p><p>Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)</p><p>Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden</p><p>Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)</p><p>Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)</p><p>Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)</p><p>Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)</p><p>ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version: - )</p><p>ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )</p><p>Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)</p><p>Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)</p><p>BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden</p><p>Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden</p><p>Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>D110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden</p><p>Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden</p><p>DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden</p><p>DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)</p><p>D-Link RangeBooster N DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link)</p><p>eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3005 - Acer Incorporated)</p><p>GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden</p><p>HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)</p><p>HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)</p><p>HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)</p><p>HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)</p><p>HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)</p><p>HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)</p><p>HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)</p><p>HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden</p><p>HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden</p><p>iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)</p><p>Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)</p><p>Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden</p><p>Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)</p><p>MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden</p><p>Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)</p><p>Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)</p><p>Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)</p><p>Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)</p><p>MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden</p><p>MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden</p><p>NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )</p><p>PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)</p><p>PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden</p><p>QuickTime (HKLM\...\{08094E03-AFE4-4853-9D31-6D0743DF5328}) (Version: 7.1.6.200 - Apple Computer, Inc.)</p><p>QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden</p><p>Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5628 - Realtek Semiconductor Corp.)</p><p>Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden</p><p>Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden</p><p>SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden</p><p>SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden</p><p>Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden</p><p>Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden</p><p>TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden</p><p>Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)</p><p>WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden</p><p>WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden</p><p>Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)</p><p>Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)</p><p>Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)</p><p>Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)</p><p>Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )</p><p>Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>19-09-2014 14:52:01 System Checkpoint</p><p>21-09-2014 11:11:32 System Checkpoint</p><p>22-09-2014 11:46:44 System Checkpoint</p><p>23-09-2014 13:50:01 System Checkpoint</p><p>24-09-2014 14:45:17 System Checkpoint</p><p>25-09-2014 15:45:19 System Checkpoint</p><p>27-09-2014 11:47:36 System Checkpoint</p><p>28-09-2014 12:39:52 System Checkpoint</p><p>29-09-2014 13:39:40 System Checkpoint</p><p>01-10-2014 09:35:19 System Checkpoint</p><p>02-10-2014 11:05:52 System Checkpoint</p><p>03-10-2014 13:49:37 System Checkpoint</p><p>06-10-2014 10:05:05 System Checkpoint</p><p>07-10-2014 19:54:53 System Checkpoint</p><p>09-10-2014 10:27:18 System Checkpoint</p><p>10-10-2014 11:36:19 System Checkpoint</p><p>11-10-2014 11:43:04 System Checkpoint</p><p>12-10-2014 12:43:04 System Checkpoint</p><p>13-10-2014 13:26:05 System Checkpoint</p><p>15-10-2014 11:31:18 System Checkpoint</p><p>16-10-2014 02:01:01 Software Distribution Service 3.0</p><p>17-10-2014 02:55:48 System Checkpoint</p><p>23-10-2014 09:54:28 Restore Operation</p><p>27-10-2014 10:50:28 Software Distribution Service 3.0</p><p>27-10-2014 11:08:52 Software Distribution Service 3.0</p><p>27-10-2014 16:38:21 Restore Operation</p><p>28-10-2014 09:15:37 Software Distribution Service 3.0</p><p>29-10-2014 09:59:30 System Checkpoint</p><p>30-10-2014 13:53:05 System Checkpoint</p><p>01-11-2014 12:53:30 System Checkpoint</p><p>02-11-2014 13:27:26 System Checkpoint</p><p>03-11-2014 14:28:38 System Checkpoint</p><p>05-11-2014 12:42:14 System Checkpoint</p><p>06-11-2014 13:08:34 System Checkpoint</p><p>07-11-2014 14:25:20 System Checkpoint</p><p>09-11-2014 14:07:10 System Checkpoint</p><p>10-11-2014 15:13:51 System Checkpoint</p><p>11-11-2014 16:10:42 System Checkpoint</p><p>12-11-2014 03:01:33 Software Distribution Service 3.0</p><p>13-11-2014 03:08:21 System Checkpoint</p><p>14-11-2014 11:25:01 System Checkpoint</p><p>15-11-2014 12:04:03 System Checkpoint</p><p>16-11-2014 20:49:45 System Checkpoint</p><p>18-11-2014 11:00:22 System Checkpoint</p><p>19-11-2014 11:50:56 System Checkpoint</p><p>20-11-2014 12:19:24 System Checkpoint</p><p>21-11-2014 13:07:36 System Checkpoint</p><p>22-11-2014 12:13:52 Restore Operation</p><p>24-11-2014 07:31:09 System Checkpoint</p><p>25-11-2014 10:18:17 System Checkpoint</p><p>26-11-2014 10:21:10 System Checkpoint</p><p>27-11-2014 11:21:05 System Checkpoint</p><p>28-11-2014 12:36:25 System Checkpoint</p><p>29-11-2014 13:21:08 System Checkpoint</p><p>30-11-2014 14:21:05 System Checkpoint</p><p>01-12-2014 15:25:32 System Checkpoint</p><p>02-12-2014 16:21:06 System Checkpoint</p><p>03-12-2014 17:21:22 System Checkpoint</p><p>05-12-2014 16:40:28 System Checkpoint</p><p>08-12-2014 09:59:17 System Checkpoint</p><p>09-12-2014 10:17:24 System Checkpoint</p><p>10-12-2014 12:42:54 Restore Operation</p><p>16-12-2014 09:42:52 Software Distribution Service 3.0</p><p>16-12-2014 09:50:41 Restore Operation</p><p>17-12-2014 21:03:05 Malwarebytes Anti-Rootkit Restore Point</p><p>17-12-2014 22:07:16 Software Distribution Service 3.0</p><p>17-12-2014 23:23:43 Malwarebytes Anti-Rootkit Restore Point</p><p>18-12-2014 22:52:27 Removed HiJackThis</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-04-05 00:18 - 2014-12-19 01:00 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts</p><p>127.0.0.1 localhost</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe</p><p>Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup</p><p>MSCONFIG\startupfolder: C:^Documents and Settings^JW^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\WINDOWS\pss\ZooskMessenger.lnkStartup</p><p>MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe</p><p>MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW</p><p>MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe</p><p>MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"</p><p>MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-3723271197-3957454863-557728558-500 - Administrator - Enabled)</p><p>Guest (S-1-5-21-3723271197-3957454863-557728558-501 - Limited - Disabled)</p><p>HelpAssistant (S-1-5-21-3723271197-3957454863-557728558-1004 - Limited - Disabled)</p><p>JW (S-1-5-21-3723271197-3957454863-557728558-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JW</p><p>SUPPORT_388945a0 (S-1-5-21-3723271197-3957454863-557728558-1002 - Limited - Disabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (12/18/2014 05:05:27 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013c4b.</p><p>Processing media-specific event for [wzcsldr2.exe!ws!]</p><p></p><p>Error: (11/17/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6.</p><p>Processing media-specific event for [wzcsldr2.exe!ws!]</p><p></p><p>Error: (11/15/2014 00:52:53 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013e3b.</p><p>Processing media-specific event for [wzcsldr2.exe!ws!]</p><p></p><p>Error: (11/13/2014 01:36:13 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6.</p><p>Processing media-specific event for [wzcsldr2.exe!ws!]</p><p></p><p>Error: (10/13/2014 01:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000117b5.</p><p>Processing media-specific event for [wzcsldr2.exe!ws!]</p><p></p><p>Error: (10/03/2014 04:49:40 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000178e8.</p><p>Processing media-specific event for [wzcsldr2.exe!ws!]</p><p></p><p>Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 455) (User: )</p><p>Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.</p><p></p><p>Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 489) (User: )</p><p>Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).</p><p></p><p>Error: (09/13/2014 10:17:23 AM) (Source: ESENT) (EventID: 455) (User: )</p><p>Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.</p><p></p><p>Error: (09/13/2014 10:17:22 AM) (Source: ESENT) (EventID: 489) (User: )</p><p>Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/20/2014 02:31:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)</p><p>Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""</p><p>in order to run the server:</p><p>{1BE1F766-5536-11D1-B726-00C04FB926AF}</p><p></p><p>Error: (12/20/2014 02:18:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>Fips</p><p>Processor</p><p>SRTSP</p><p>SRTSPX</p><p></p><p>Error: (12/20/2014 02:07:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>SRTSP</p><p>SRTSPX</p><p></p><p>Error: (12/20/2014 02:05:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)</p><p>Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""</p><p>in order to run the server:</p><p>{1BE1F766-5536-11D1-B726-00C04FB926AF}</p><p></p><p>Error: (12/20/2014 10:57:31 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)</p><p>Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""</p><p>in order to run the server:</p><p>{1BE1F766-5536-11D1-B726-00C04FB926AF}</p><p></p><p>Error: (12/19/2014 06:40:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>Fips</p><p>Processor</p><p>SRTSP</p><p>SRTSPX</p><p></p><p>Error: (12/19/2014 00:18:59 PM) (Source: DCOM) (EventID: 10010) (User: JUSTIN)</p><p>Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.</p><p></p><p>Error: (12/19/2014 00:03:39 PM) (Source: 0) (EventID: 9) (User: )</p><p>Description: \Device\Ide\IdePort4</p><p></p><p>Error: (12/19/2014 00:03:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load: </p><p>SRTSP</p><p>SRTSPX</p><p></p><p>Error: (12/19/2014 00:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)</p><p>Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""</p><p>in order to run the server:</p><p>{1BE1F766-5536-11D1-B726-00C04FB926AF}</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: AMD Athlon(tm) Processor 2650e</p><p>Percentage of memory in use: 22%</p><p>Total physical RAM: 894.32 MB</p><p>Available physical RAM: 694.72 MB</p><p>Total Pagefile: 2171.47 MB</p><p>Available Pagefile: 2079.05 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1939.78 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:139.04 GB) (Free:100.82 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 43A90CE8)</p><p>Partition 1: (Not Active) - (Size=10 GB) - (Type=12)</p><p>Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=10 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 3</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p></p><p>thanks!!</p><p></p><p>Justin</p></blockquote><p></p>
[QUOTE="Jwill1919, post: 318384, member: 32096"] TwinHeaded Eagle, thanks for helping me! I'm having trouble doing this on my CPU, I can only use Internet Explorer and it is horrible especially with iexplore.exe popping up all over the place. One question: Should I be doing these scans in Safe Mode or in Regular? I can't connect to internet in Safe, it's not allowing me to for some reason. Anyway, it also isn't allowing me to use the "upload a file" feature, so I am going to copy and paste if thats ok? Here are the scans in the order you wanted.. Malwarebytes Anti-Rootkit BETA 1.07.0.1012 [url="http://www.malwarebytes.org"]www.malwarebytes.org[/url] Database version: v2014.12.18.01 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.5730.13 JW :: JUSTIN [administrator] 12/20/2014 11:01:14 AM mbar-log-2014-12-20 (11-01-14).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 307994 Time elapsed: 1 hour(s), 5 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 1 Physical Sector #20973568 on Drive #0 (Rootkit.Cidox.J.VBR) -> Replace on reboot. [7d7dbd13c655408b7ccbeef6503fdbdb] (end) NEXT IS SYSTEM..... --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1012 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 7.0.5730.13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937758720, free: 418856960 ======================================= Initializing... Done! Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 43A90CE8 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition file system is NTFS Partition is bootable Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 312560640 Numsec = 21152 Partition is not bootable Infected: VBR on Hidden (not active) partition --> [Rootkit.Alureon.E.VBR] Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1012 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 7.0.5730.13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937758720, free: 347623424 ======================================= Initializing... Done! Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 43A90CE8 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition file system is NTFS Partition is bootable Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 312560640 Numsec = 21152 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20973568-i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-2-312560640-i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1012 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 7.0.5730.13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937758720, free: 509095936 Downloaded database version: v2014.12.17.02 Downloaded database version: v2014.12.14.01 Downloaded database version: v2014.12.06.01 ======================================= Initializing... Done! Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 43A90CE8 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition file system is NTFS Partition is bootable Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR] Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 312560640 Numsec = 21152 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1012 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 7.0.5730.13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937758720, free: 593297408 Downloaded database version: v2014.12.17.03 Downloaded database version: v2014.12.17.04 Downloaded database version: v2014.12.18.01 ======================================= Initializing... ------------ Kernel report ------------ 12/17/2014 22:03:58 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \WINDOWS\system32\ntkrnlpa.exe \SystemRoot\system32\DRIVERS\processr.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvnetbus.sys \SystemRoot\system32\DRIVERS\NVNRM.SYS \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\Drt2870.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\HPZius12.sys \SystemRoot\system32\DRIVERS\HPZid412.sys \SystemRoot\system32\DRIVERS\HPZipr12.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\WINDOWS\system32\ANIO.SYS \??\C:\WINDOWS\system32\drivers\int15.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\HTTP.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk3\DR6 Upper Device Object: 0xffffffff84a7aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000076\ Lower Device Object: 0xffffffff85311818 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR5 Upper Device Object: 0xffffffff84a6b030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xffffffff8531a030 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xffffffff852c42b0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xffffffff853173d0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff853afab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\ Lower Device Object: 0xffffffff8545fd98 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff853afab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff853e4900, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff853afab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff854dc928, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8545fd98, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 43A90CE8 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition file system is NTFS Partition is bootable Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR] Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 312560640 Numsec = 21152 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff852c42b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff852bb4b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff852c42b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff853173d0, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff84a6b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff852c1600, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84a6b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8531a030, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff84a7aab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84fac9b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84a7aab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85311818, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished Creating System Restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1012 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 7.0.5730.13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937758720, free: 754548736 ======================================= Initializing... ------------ Kernel report ------------ 12/20/2014 11:00:37 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \WINDOWS\system32\ntoskrnl.exe \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\Drt2870.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\HPZius12.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk3\DR6 Upper Device Object: 0xffffffff84f14ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000076\ Lower Device Object: 0xffffffff84efe9a8 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR5 Upper Device Object: 0xffffffff84f07ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xffffffff84f0dab0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xffffffff84f0aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xffffffff854c0030 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff854c9ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\ Lower Device Object: 0xffffffff854d1940 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff854c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85407a10, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff854c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff854cd6d0, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff854d1940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 43A90CE8 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition file system is NTFS Partition is bootable Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR] Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 312560640 Numsec = 21152 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff84f0aab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84f0a890, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84f0aab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff854c0030, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff84f07ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84f07890, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84f07ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84f0dab0, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff84f14ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff853ef9d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84f14ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84efe9a8, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished Creating System Restore point... Could not create restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= NEXT IS FRST....... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014 Ran by JW (administrator) on JUSTIN on 20-12-2014 14:31:28 Running from C:\Documents and Settings\JW\Desktop Loaded Profile: JW (Available profiles: JW) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 7 Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WZCSLDR2] => C:\Program Files\D-Link\DWA-140 revB\WZCSLDR2.exe HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] () HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-04-27] (Apple Inc.) HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\MountPoints2: {905bd734-a42b-11e1-8f14-001d72b8b401} - I:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g[/url] HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.google.com/ie[/url] HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/url] HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g[/url] SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW[/url] SearchScopes: HKU\S-1-5-21-3723271197-3957454863-557728558-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW[/url] BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[/url] DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[/url] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[/url] Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\JW\Application Data\Mozilla\Firefox\Profiles\xwkj47g7.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://[url="http://www.google.com/"]www.google.com/[/url] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [[email]smartwebprinting@hp.com[/email]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-31] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-03] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-06] FF HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\Firefox\Extensions: [[email]smartwebprinting@hp.com[/email]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found] Chrome: ======= CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ANIWConnService; C:\WINDOWS\system32\ANIWConnService.exe [151552 2009-07-07] () [File not signed] S4 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [102400 2009-08-21] (Wireless Service) [File not signed] S4 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-07-16] () [File not signed] S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed] S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [File not signed] S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed] S4 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-12-18] (Emsisoft GmbH) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation) S2 ANIO; C:\WINDOWS\system32\ANIO.SYS [29411 2009-02-09] () [File not signed] S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-18] (Emsisoft GmbH) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2014-12-19] () S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP) R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-28] (NVIDIA Corporation) S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-28] (NVIDIA Corporation) R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2009-08-03] (Ralink Technology, Corp.) U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2014-12-19] () S3 int15.sys; \??\c:\acernb\int15.sys [X] S3 NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X] S3 NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X] S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X] U3 TlntSvr; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 14:31 - 2014-12-20 14:32 - 00011100 _____ () C:\Documents and Settings\JW\Desktop\FRST.txt 2014-12-20 14:15 - 2014-12-20 14:15 - 01114112 _____ (Farbar) C:\Documents and Settings\JW\Desktop\FRST.exe 2014-12-19 12:27 - 2014-12-19 12:29 - 00000000 ___SD () C:\ComboFix 2014-12-19 12:03 - 2014-12-19 12:03 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2014-12-19 01:05 - 2014-12-19 01:05 - 00000639 _____ () C:\Documents and Settings\JW\Desktop\Start Emsisoft Emergency Kit.lnk 2014-12-19 01:04 - 2014-12-19 01:06 - 00000000 ____D () C:\EEK 2014-12-19 00:53 - 2014-12-19 00:53 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-12-19 00:53 - 2014-12-19 00:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-12-18 23:40 - 2014-12-20 11:00 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-18 23:40 - 2014-12-18 23:40 - 00000779 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-18 23:40 - 2014-12-18 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-18 23:39 - 2014-12-20 11:00 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-18 23:39 - 2014-12-18 23:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-18 23:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-18 12:36 - 2014-12-18 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2014-12-18 12:22 - 2014-12-19 12:13 - 00002404 _____ () C:\Documents and Settings\JW\Desktop\Rkill.txt 2014-12-18 12:18 - 2014-08-29 14:11 - 00000211 _____ () C:\Boot.bak 2014-12-18 12:18 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr 2014-12-18 12:17 - 2014-12-18 12:18 - 00000000 ____D () C:\cmdcons 2014-12-18 12:11 - 2014-12-18 12:11 - 00000000 ____D () C:\Qoobox 2014-12-18 12:11 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-12-18 12:11 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-12-18 12:11 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-12-18 12:11 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-12-18 12:11 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-12-18 12:11 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-12-18 12:11 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-12-18 12:11 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-12-18 12:11 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-12-18 12:10 - 2014-12-18 12:10 - 00000000 ____D () C:\WINDOWS\erdnt 2014-12-18 12:04 - 2014-12-18 12:05 - 162702208 _____ () C:\Documents and Settings\JW\Desktop\EmsisoftEmergencyKit.exe 2014-12-18 11:58 - 2014-12-18 11:59 - 10284408 _____ (SurfRight B.V.) C:\Documents and Settings\JW\Desktop\HitmanPro.exe 2014-12-18 11:54 - 2014-12-18 11:54 - 15201368 _____ () C:\Documents and Settings\JW\Desktop\RogueKiller.exe 2014-12-18 11:51 - 2014-12-18 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Documents and Settings\JW\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-18 11:47 - 2014-12-18 11:47 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\JW\Desktop\iExplore.exe 2014-12-18 11:46 - 2014-12-18 11:46 - 05601641 ____R (Swearware) C:\Documents and Settings\JW\Desktop\ComboFix.exe 2014-12-16 09:56 - 2014-12-16 09:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 14:32 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW\Local Settings\Temp 2014-12-20 14:31 - 2014-08-28 16:00 - 00000000 ____D () C:\FRST 2014-12-20 14:21 - 2009-04-04 16:26 - 00511902 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-20 14:16 - 2014-08-28 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-12-20 14:12 - 2009-04-05 00:31 - 01505617 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-20 14:07 - 2014-04-01 09:27 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{CDC36A6F-EAFC-428B-8888-3A9296B22B5F} 2014-12-20 14:07 - 2014-04-01 09:26 - 00000003 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{CDC36A6F-EAFC-428B-8888-3A9296B22B5F} 2014-12-20 14:07 - 2014-03-20 08:23 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-12-20 14:07 - 2009-04-05 00:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-20 14:07 - 2009-04-04 16:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-20 14:07 - 2009-04-04 16:29 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-20 14:05 - 2014-08-28 20:03 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\mbar 2014-12-20 14:05 - 2012-01-31 18:38 - 00000178 ___SH () C:\Documents and Settings\JW\ntuser.ini 2014-12-19 12:28 - 2009-04-05 00:34 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-19 00:51 - 2012-01-31 19:21 - 00529402 _____ () C:\WINDOWS\setupapi.log 2014-12-18 22:53 - 2012-01-31 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-12-18 22:53 - 2012-01-31 19:26 - 00001712 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log 2014-12-18 12:18 - 2009-04-05 00:20 - 00000327 __RSH () C:\boot.ini 2014-12-18 11:41 - 2014-09-23 12:55 - 00054156 ____H () C:\WINDOWS\QTFont.qfn 2014-12-17 23:04 - 2009-04-05 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-12-17 22:52 - 2013-07-20 08:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-17 22:31 - 2012-03-31 22:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-17 22:10 - 2012-02-03 13:28 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-16 09:58 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW 2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-12-16 09:58 - 2009-04-05 00:30 - 00000000 ____D () C:\WINDOWS\Registration 2014-12-16 09:56 - 2012-05-01 22:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-16 09:40 - 2009-04-05 00:18 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-09 10:53 - 2012-12-16 11:46 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Credentials 2014-12-08 17:11 - 2014-03-20 08:23 - 00000210 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-12-06 11:33 - 2012-01-31 19:53 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-11-25 21:28 - 2014-08-07 10:26 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Scrambler Some content of TEMP: ==================== C:\Documents and Settings\JW\Local Settings\Temp\dllnt_dump.dll C:\Documents and Settings\JW\Local Settings\Temp\hpzmsi01.exe C:\Documents and Settings\JW\Local Settings\Temp\hpzscr01.EXE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ LAST IS ADDITION...... Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2014 Ran by JW at 2014-12-20 14:32:49 Running from C:\Documents and Settings\JW\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version: - ) ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - ) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC) D-Link RangeBooster N DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link) eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3005 - Acer Incorporated) GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard) HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software) PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden QuickTime (HKLM\...\{08094E03-AFE4-4853-9D31-6D0743DF5328}) (Version: 7.1.6.200 - Apple Computer, Inc.) QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5628 - Realtek Semiconductor Corp.) Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-09-2014 14:52:01 System Checkpoint 21-09-2014 11:11:32 System Checkpoint 22-09-2014 11:46:44 System Checkpoint 23-09-2014 13:50:01 System Checkpoint 24-09-2014 14:45:17 System Checkpoint 25-09-2014 15:45:19 System Checkpoint 27-09-2014 11:47:36 System Checkpoint 28-09-2014 12:39:52 System Checkpoint 29-09-2014 13:39:40 System Checkpoint 01-10-2014 09:35:19 System Checkpoint 02-10-2014 11:05:52 System Checkpoint 03-10-2014 13:49:37 System Checkpoint 06-10-2014 10:05:05 System Checkpoint 07-10-2014 19:54:53 System Checkpoint 09-10-2014 10:27:18 System Checkpoint 10-10-2014 11:36:19 System Checkpoint 11-10-2014 11:43:04 System Checkpoint 12-10-2014 12:43:04 System Checkpoint 13-10-2014 13:26:05 System Checkpoint 15-10-2014 11:31:18 System Checkpoint 16-10-2014 02:01:01 Software Distribution Service 3.0 17-10-2014 02:55:48 System Checkpoint 23-10-2014 09:54:28 Restore Operation 27-10-2014 10:50:28 Software Distribution Service 3.0 27-10-2014 11:08:52 Software Distribution Service 3.0 27-10-2014 16:38:21 Restore Operation 28-10-2014 09:15:37 Software Distribution Service 3.0 29-10-2014 09:59:30 System Checkpoint 30-10-2014 13:53:05 System Checkpoint 01-11-2014 12:53:30 System Checkpoint 02-11-2014 13:27:26 System Checkpoint 03-11-2014 14:28:38 System Checkpoint 05-11-2014 12:42:14 System Checkpoint 06-11-2014 13:08:34 System Checkpoint 07-11-2014 14:25:20 System Checkpoint 09-11-2014 14:07:10 System Checkpoint 10-11-2014 15:13:51 System Checkpoint 11-11-2014 16:10:42 System Checkpoint 12-11-2014 03:01:33 Software Distribution Service 3.0 13-11-2014 03:08:21 System Checkpoint 14-11-2014 11:25:01 System Checkpoint 15-11-2014 12:04:03 System Checkpoint 16-11-2014 20:49:45 System Checkpoint 18-11-2014 11:00:22 System Checkpoint 19-11-2014 11:50:56 System Checkpoint 20-11-2014 12:19:24 System Checkpoint 21-11-2014 13:07:36 System Checkpoint 22-11-2014 12:13:52 Restore Operation 24-11-2014 07:31:09 System Checkpoint 25-11-2014 10:18:17 System Checkpoint 26-11-2014 10:21:10 System Checkpoint 27-11-2014 11:21:05 System Checkpoint 28-11-2014 12:36:25 System Checkpoint 29-11-2014 13:21:08 System Checkpoint 30-11-2014 14:21:05 System Checkpoint 01-12-2014 15:25:32 System Checkpoint 02-12-2014 16:21:06 System Checkpoint 03-12-2014 17:21:22 System Checkpoint 05-12-2014 16:40:28 System Checkpoint 08-12-2014 09:59:17 System Checkpoint 09-12-2014 10:17:24 System Checkpoint 10-12-2014 12:42:54 Restore Operation 16-12-2014 09:42:52 Software Distribution Service 3.0 16-12-2014 09:50:41 Restore Operation 17-12-2014 21:03:05 Malwarebytes Anti-Rootkit Restore Point 17-12-2014 22:07:16 Software Distribution Service 3.0 17-12-2014 23:23:43 Malwarebytes Anti-Rootkit Restore Point 18-12-2014 22:52:27 Removed HiJackThis ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-04-05 00:18 - 2014-12-19 01:00 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^JW^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\WINDOWS\pss\ZooskMessenger.lnkStartup MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime ========================= Accounts: ========================== Administrator (S-1-5-21-3723271197-3957454863-557728558-500 - Administrator - Enabled) Guest (S-1-5-21-3723271197-3957454863-557728558-501 - Limited - Disabled) HelpAssistant (S-1-5-21-3723271197-3957454863-557728558-1004 - Limited - Disabled) JW (S-1-5-21-3723271197-3957454863-557728558-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JW SUPPORT_388945a0 (S-1-5-21-3723271197-3957454863-557728558-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/18/2014 05:05:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013c4b. Processing media-specific event for [wzcsldr2.exe!ws!] Error: (11/17/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6. Processing media-specific event for [wzcsldr2.exe!ws!] Error: (11/15/2014 00:52:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013e3b. Processing media-specific event for [wzcsldr2.exe!ws!] Error: (11/13/2014 01:36:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6. Processing media-specific event for [wzcsldr2.exe!ws!] Error: (10/13/2014 01:35:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000117b5. Processing media-specific event for [wzcsldr2.exe!ws!] Error: (10/03/2014 04:49:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000178e8. Processing media-specific event for [wzcsldr2.exe!ws!] Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 455) (User: ) Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 489) (User: ) Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (09/13/2014 10:17:23 AM) (Source: ESENT) (EventID: 455) (User: ) Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (09/13/2014 10:17:22 AM) (Source: ESENT) (EventID: 489) (User: ) Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). System errors: ============= Error: (12/20/2014 02:31:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (12/20/2014 02:18:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Fips Processor SRTSP SRTSPX Error: (12/20/2014 02:07:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX Error: (12/20/2014 02:05:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (12/20/2014 10:57:31 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (12/19/2014 06:40:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Fips Processor SRTSP SRTSPX Error: (12/19/2014 00:18:59 PM) (Source: DCOM) (EventID: 10010) (User: JUSTIN) Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (12/19/2014 00:03:39 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort4 Error: (12/19/2014 00:03:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX Error: (12/19/2014 00:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD Athlon(tm) Processor 2650e Percentage of memory in use: 22% Total physical RAM: 894.32 MB Available physical RAM: 694.72 MB Total Pagefile: 2171.47 MB Available Pagefile: 2079.05 MB Total Virtual: 2047.88 MB Available Virtual: 1939.78 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:139.04 GB) (Free:100.82 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 43A90CE8) Partition 1: (Not Active) - (Size=10 GB) - (Type=12) Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 3 ==================== End Of Log ============================ thanks!! Justin [/QUOTE]
Insert quotes…
Verification
Post reply
Top