Solved windows cannot locate webfldrs.msi

April 21, 2013 at 17:16:24
Specs: Windows 7
Win XP Pro, when I try to find webfldrs.msi the file is missing from system32 folder. I downloaded the installer from Microsoft and it says that it has been installed. When I check again, the file is still not there. Any ideas? I think I need to reinstall dll files. I do not have a repair disk. This computer is a friend's and it appears to have been configured in vietnam, but it was purchased in Thailand. Not sure the international part has anything to do with it. Given the origin it is possible the Windows OS is not authentic to begin with, but with out disks I am unable to do anything about it.

The problem I am trying to fix may have nothing to do with this, but when I boot the computer it hangs on a black screen with a movable cursor for about 5 minutes and then finally loads windows. Event viewer shows several services not loading which was leading me to think the dll's are corrupt or missing. I wasn't sure if that could cause the black screen.

When it was set up they apparently did not set up user accounts. So the primary Admin account is being used as the only user on the computer. Not sure if it could be a corrupt user file for the primary... not sure how that can be fixed (without losing data etc.) if that is the problem.

So I can't simply reload. I can't access webfldrs.msi to reload the dll's. And I don't know how to handle the Admin. Meanwhile booting is a royal pain. I think the main cause could have been trojan related as I had to clean with comodo, eset and malwarebytes to remove many many instances of trojans and spyware.


See More: windows cannot locate webfldrs.msi

Report •


✔ Best Answer
April 29, 2013 at 02:34:06
All being well it should now be flying, almost like a clean install.

Finally.

"I clicked on the link in the program menu and this window popped up. First time to see this"
If Internet Explorer has any glitches, use this & check > Repair Internet Explorer
Tweaking.com - Windows Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...



#1
April 21, 2013 at 18:22:39
Firstly I would run sfc /scannow from the Run box.
This should restore missing system files.

Otherwise I wonder if this update would help (unless it's what you've tried)
http://www.microsoft.com/en-us/down...

Always pop back and let us know the outcome - thanks


Report •

#2
April 22, 2013 at 02:44:29
Hello and thanks for your response. I tried sfc /scannow and that prompts for the WinXP PRO disks to load the files. I have tried the download suggested numerous times, but the file does not load as I am unable to find it either with going directly to system32 and looking or by running in the run box or by the search function in windows explorer. So, I know for sure there are messed up systems files, but now how can I get webfldrs.msi to load so I can use it?

And one other thing on the user accounts. I was able to go into safemode w/ networking. I looked at users there and see that there are definitely two separate accounts for the primary system admin and the second user set up as an admin. I have added a new user and plan to transfer the data of the old to the new and delete that account. I think the user account has been corrupted.

Update: Okay... I have successfully added two new admin users and deleted the original user account. I am still getting the delay with a black screen and cursor at boot (apporx 5 mins). BTW I don't get this delay when I boot into safemode w/networking.


Report •

#3
April 22, 2013 at 09:00:57
When things are better in Safe Mode it can often be due to a driver issue. Corruption maybe. Updating drivers might fix it but the problem is knowing which one. Top my head says that graphics driver would be worth a try (Safe Mode graphics are minimal).

Just the same, if you haven't done so already, install and run this freebie to see if there is any virus about (another reason for slowness):
http://www.filehippo.com/download_m...

Another possibility is that some program startup is slowing the issue. Unchecking items in msconfig Startup might unearth it.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
April 22, 2013 at 12:25:01
I've run comodo anti-virus, malwarebytes, and eset (I think its called)... plus another one I forget. I believe it is clean at this point. I'll try the msconfig startup and let you know what happens.

Is there a way that you know of to download from Microsoft the XP Pro disks so that I can reload the missing components?

I uninstalled and reinstalled the display adapter, but that didn't help with the slow boot either.

I'll check back after I go thru the startup items.


Report •

#5
April 22, 2013 at 13:16:14
Not much in the way of operating systems you can download legally. If you can lay your hands one someone else's XP Pro disk you can at least run sfc.

Always pop back and let us know the outcome - thanks


Report •

#6
April 22, 2013 at 19:45:33
I did msconfig dianostic mode, except for re-adding event log. It still loads slowly. When I checked the logs nothing popped up except for "system" which gave me an error message saying the event log for system is corrupt. Can I fix that somehow?

Report •

#7
April 22, 2013 at 19:54:42
I cleared the system log and restarted. DCOM is causing errors. I am now looking up how to deal with that.

Report •

#8
April 22, 2013 at 23:05:11
I opened the CD for an XP Home version and it had the i386 folder. In that folder was the webfldrs.msi file. I copied that to the desktop and opened with RAR. I was able to run that and it reinstalled the windows components. When I did the first restart, there was zero delay. I did a second restart and it delayed again. After re-running webfldrs.msi nothing changed in terms of the boot time.

I have run malwarebytes again and it found zero things wrong. I also decided to look at the defragment level and there was significant defragment on the disk. I defraged the drive, but again no change to boot time. Now I am downloading eset's online scanner for viruses. I'll run that again. After that, I'll do chkdsk /p /r and see if there are any disk issues that it finds.

Incidently, once the system does start, the load time for the desktop etc. has improved. So, it feels like I am moving in the right direction. One of these things is bound to work eventually.


Report •

#9
April 23, 2013 at 05:40:27
So, today what did I do???....... I ran ESET online scanner and it found 3 new malware files. Those have been cleaned. I did the msconfig startup and deseleted all of the startup items. Neither of these have had any impact on the boot time.

As it turns out I have an OEM version of XP Pro on disk. It is the one I spoke of above. I thought it wasn't XP Pro as the laptop would not recognize it for sfc /scannow; however, I went thru the process of entering into a repair mode and the disks appear to work for doing that process. I just worry if I fix the system with that and then need to re-enter the CD KEY that the installation will request the old OEM key which is no longer valid. I did use the magic jelly bean program to find the current CD KEY for the current installation... so I have that if I do go forward with repairing.

I did do a chkdsk /p /r and errors that were found were fixed. Again, the black screen with cursor remains and boot time is approx 3 minutes. I guess they can live with that, but I worry that at some point it will stop booting altogether.

I did reach out to the company which is a Thai company and I now see the computer is made in China not Vietnam. So I'll see where that gets me with their tech department.

Any other ideas for the black screen problem?


Report •

#10
April 23, 2013 at 07:22:52
Can't add much. Wonder if the long delay is due to the systems waiting for some service or other to start. Some nasty malware rootkit or Trojan might still being present, especially as a new run of ESET continued to find something.

Always pop back and let us know the outcome - thanks


Report •

#11
April 24, 2013 at 00:43:17
I'm running ESET again and after that Comodo. I'll report back...

Udpate: Eset is still running but its found three threats already. One is win32 opencandy which is apparently a really malicious adware. It was the same one Eset found before. I think i'll have to go into safemode to get rid of this one... I'll report back what happens.


Report •

#12
April 24, 2013 at 07:08:05
I see that "win32 opencandy" involves toolbars. It might take a bit of fixing but I think you sould including running this freebie if you haven't already:
http://www.bleepingcomputer.com/dow...

The Scan shows what it has found and the Delete removes all toolbars and their remnants (unless you invoke the listed options). It's a good program and I've not yet hit any problem by letting it Delete all. Sometimes you have to reboot so that it can remove items when Windows is not running. I've found that most toolbars are at least unnecessary, at worst scams.

Just to add some general points. Somtimes running scans in Safe Mode is more effective. Also running Rkill first can often give you a better chance of killing off these pests:
http://www.bleepingcomputer.com/dow...

Always pop back and let us know the outcome - thanks


Report •

#13
April 24, 2013 at 07:28:08
Yes, agree on toolbars personally I never load them on my computer, but my friends are only semi-computer literate and have no idea how much they've infected this machine. I'll run several programs in safemode and see if I can eliminate it and follow up with the program you're suggesting.

Report •

#14
April 24, 2013 at 10:59:20
I ran RKILL and then your program and it found several more toolbar entries that were cleaned. After that I restarted and it booted normally. I then rebooted and it went back to doing the same thing.

BTW RKILL has one entry: RpcSs => %systemroot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Any ideas on that? I tried expanding a copy of the svchost.ex_ file and replacing the original with a new svchost.exe, but when it finally loaded after the black screen the services were all not starting so I had to change back to the original svchost.exe file again.

I ran combofix too, but no help from that. ESET ran again and the candy malware and others were no longer popping up. Malwarebytes is also clean.

I also ran the Fixit file from Microsoft for the Hosts file just to be sure it wasn't corrupted. No change for booting with that either.

So unless you have further ideas about the above or other things I can do... I think I've reached the end of what is possible without the OS disks.

Let me know what you think about that issue that RKILL found.

Thanks


Report •

#15
April 24, 2013 at 11:42:11
Have you tried a system restore?
~winipcfg

ASCII question, get an ANSI


Report •

#16
April 24, 2013 at 12:15:10
There are no old restore points that I would trust given the number of infections this computer had. If there was one from 2010 or earlier maybe... In fact, there are only two restore points total on the computer. I guess that is the max allowed for this system. Dunno.

Report •

#17
April 24, 2013 at 13:17:19
That path to rpcss looks fine to me, so I don't know what it is on about. If you look at the Remote Procedure Call (RPC) service you will find it given there - service normally Automatic and Running. Maybe the "nasty" is fooling Rkill somehow.

One more thing that might be worth a shot is this root kit remover:
http://support.kaspersky.com/5350?e...

Always pop back and let us know the outcome - thanks


Report •

#18
April 25, 2013 at 02:51:45
I ran the new one on its regular settings and it found zero. I selected the two options and it found 8 suspicious files. I have quarantined them, but not sure what to do with them other than that. Here is the report... any ideas?

16:28:25.0437 3828 Detected object count: 8
16:28:25.0437 3828 Actual detected object count: 8
16:32:49.0390 3828 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
16:32:49.0390 3828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:32:49.0531 3828 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys - copied to quarantine
16:32:49.0531 3828 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:32:49.0593 3828 C:\WINDOWS\system32\DRIVERS\e100b325.sys - copied to quarantine
16:32:49.0593 3828 E100B ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:32:49.0718 3828 C:\WINDOWS\system32\DRIVERS\ITECIR.sys - copied to quarantine
16:32:49.0718 3828 ITECIR ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:32:49.0890 3828 C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe - copied to quarantine
16:32:49.0890 3828 MsgPlusService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:32:50.0031 3828 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - copied to quarantine
16:32:50.0031 3828 NBService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:32:50.0109 3828 C:\WINDOWS\system32\DRIVERS\siside.sys - copied to quarantine
16:32:50.0109 3828 SiSide ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:32:50.0312 3828 C:\WINDOWS\system32\DRIVERS\smserial.sys - copied to quarantine
16:32:50.0312 3828 smserial ( UnsignedFile.Multi.Generic ) - User select action: Quarantine


Report •

#19
April 25, 2013 at 04:51:34
I do have a file from the pc company that has the VGA and a few other drivers on it. I decided to try and reload the VGA driver on the computer. However, I am receiving an error that says "Can't find instfunc.exe result file". So the process just hangs and the driver doesn't load. Ideas?

Report •

#20
April 25, 2013 at 07:40:08
You did right to quarantine them.

Seems to me you still have something nasty kicking around. It's really a matter of whether that can be cleaned out and what it might have wrecked by being there.

I'm going to ask a colleague if he can pop by and look at this (a MrGoodguy) because I think it needs a lot more delving. He might not be available - we shall see.

Always pop back and let us know the outcome - thanks


Report •

#21
April 25, 2013 at 20:41:25
I can't think of anything else to do as long as I can't even update these files. Let me know if your colleague has any ideas. Thanks!

Report •

#22
April 26, 2013 at 06:10:52
I did let him know but I guess he is not available right now - keep watching.

Always pop back and let us know the outcome - thanks


Report •

#23
April 26, 2013 at 10:37:42
It was probably a waste of time, but I manually ran Windows Malicious SRT in safe mode. It found zero errors. That is two plus hours I would like back. :-/

Report •

#24
April 26, 2013 at 12:58:23
I did stumble across this re #19, although I can't vouch for it:
http://www.geeksnerrors.com/instfun...
EDIT: Careful tho, I've just seen that the blue link at the top is just a download for their pet speedup program. As the file is a display driver, maybe updating that would be a safer option.

I was also pondering about your slow speed after second boot - sometimes slowness can be a sign of the HD nearing the end of its life.

Always pop back and let us know the outcome - thanks


Report •

#25
April 26, 2013 at 17:11:27
I actually came across a bunch of sites for this same program. I think they actually used to let you do 10 fixes at a time for free a few years back. Now it is pay upfront. I tried to find the drive from SIS.com, but they don't list "mirage 3" as an option.

No idea on the HD, but unless the drive was not installed new I know the computer owners don't use the laptop very much... of course I rarely turn my computer off so that is compared to me.


Report •

#26
April 27, 2013 at 19:19:04
I know you have already run Combofix, could you uninstall it, download the latest version & run again please.

Uninstall ComboFix. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.

Please Copy and Paste instructions into a text file, print/write down steps & info. You will need them, as they are hard to remember, for when you are offline.

Run ComboFix & post the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...

A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...

Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

Run Defogger
http://majorgeeks.com/Defogger_d708...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen look at computer clock.
If it's running Combofix is still working.

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...

We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#27
April 28, 2013 at 02:43:04
First off, I didn't realize that defogger should have been run first. So this report is without defogger having been run on the system. Should I redo? Here is the report:

ComboFix 13-04-27.04 - JamSang 04/28/2013 16:30:00.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.765.141 [GMT 7:00]
Running from: c:\documents and settings\JamSang\My Documents\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2028-01-12 08:19 . 2028-01-12 08:19 195584 ----a-w- c:\windows\system32\Xvoice.dll
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\program files\Common Files\Skype
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----r- c:\program files\Skype
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2013-04-28 09:00 . 2013-04-28 09:00 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-28 08:59 . 2006-11-29 06:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-04-28 08:59 . 2013-04-28 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-28 08:58 . 2013-04-28 08:59 -------- d-----w- c:\windows\LastGood
2013-04-28 08:58 . 2013-04-28 08:58 -------- d-----w- c:\program files\Microsoft
2013-04-28 08:57 . 2010-04-16 12:16 4927864 ----a-w- c:\program files\Common Files\Windows Live\.cache\65c82fbe1ce43ee\Silverlight.2.0.exe
2013-04-27 18:42 . 2013-04-27 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon
2013-04-27 18:42 . 2013-04-27 18:42 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-04-27 18:41 . 2013-04-27 18:41 -------- d-----w- c:\program files\spotflux
2013-04-25 09:47 . 2013-04-25 09:47 -------- d-----w- c:\windows\Sun
2013-04-25 09:13 . 2013-04-25 09:32 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-24 19:43 . 2013-04-24 19:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\program files\SRWare Iron
2013-04-24 18:17 . 2013-04-28 08:39 -------- d-----w- c:\windows\system32\CatRoot2
2013-04-24 18:15 . 2013-04-24 18:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-24 18:14 . 2013-04-24 18:14 -------- d-----w- C:\RegBackup
2013-04-24 18:12 . 2013-04-24 18:12 -------- d-----w- c:\program files\Tweaking.com
2013-04-24 14:43 . 2013-04-24 14:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-04-24 14:32 . 2013-04-24 14:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-04-23 12:06 . 2013-04-23 12:07 -------- d-----w- c:\program files\Magical Jelly Bean
2013-04-23 10:05 . 2013-04-24 17:06 -------- d-----w- c:\windows\I386
2013-04-23 03:43 . 2001-08-16 23:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys
2013-04-23 03:42 . 2008-04-13 15:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys
2013-04-23 03:42 . 2001-08-16 22:20 297728 ----a-w- c:\windows\system32\dllcache\ac97sis.sys
2013-04-23 03:42 . 2001-08-16 22:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2013-04-23 03:42 . 2008-04-13 15:06 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-04-23 03:42 . 2001-08-16 23:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-04-23 03:42 . 2001-08-17 08:36 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll
2013-04-23 03:42 . 2001-08-17 08:36 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
2013-04-23 03:42 . 2001-08-17 00:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2013-04-23 03:42 . 2008-04-13 17:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2013-04-23 03:42 . 2008-04-13 17:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-04-23 03:42 . 2001-08-17 00:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-04-23 03:42 . 2001-08-16 22:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-04-23 03:39 . 2008-04-13 17:16 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2013-04-23 03:39 . 2001-08-17 00:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-04-23 03:39 . 2001-08-23 00:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2013-04-23 03:39 . 2001-08-17 00:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-04-23 03:39 . 2001-08-23 00:00 17408 ----a-w- c:\windows\system32\dllcache\nwapi16.dll
2013-04-23 03:39 . 2001-08-23 00:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-04-23 03:39 . 2001-08-23 00:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-04-23 03:39 . 2001-08-23 00:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-04-23 03:39 . 2001-08-23 00:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2013-04-23 03:39 . 2001-08-23 00:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2013-04-23 03:39 . 2001-08-23 00:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-04-23 03:24 . 2013-04-23 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2013-04-22 15:07 . 2013-04-27 21:22 -------- d-----w- c:\documents and settings\Indy
2013-04-22 14:04 . 2013-04-28 08:40 -------- d-----w- c:\documents and settings\Meow
2013-04-22 11:06 . 2013-04-22 11:18 -------- d-----w- c:\program files\Google
2013-04-22 10:45 . 2013-04-28 09:01 -------- d-----w- c:\documents and settings\JamSang
2013-04-21 22:03 . 2008-04-13 22:42 64000 ----a-w- c:\windows\system32\dllcache\nwapi32.dll
2013-04-21 22:03 . 2008-04-13 22:41 68608 ----a-w- c:\windows\system32\dllcache\isatq.dll
2013-04-21 22:03 . 2008-04-13 22:41 13312 ----a-w- c:\windows\system32\dllcache\infoadmn.dll
2013-04-21 22:03 . 2008-04-13 22:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2013-04-21 22:03 . 2008-04-13 22:41 64512 ----a-w- c:\windows\system32\dllcache\iismap.dll
2013-04-21 22:03 . 2008-04-13 22:42 30720 ----a-w- c:\windows\system32\dllcache\iisrstas.exe
2013-04-21 22:03 . 2008-04-13 22:41 133632 ----a-w- c:\windows\system32\dllcache\iisrtl.dll
2013-04-21 22:03 . 2008-04-13 22:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2013-04-21 22:03 . 2008-04-13 22:42 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll
2013-04-21 21:59 . 2013-04-21 21:59 -------- d-----w- c:\windows\EHome
2013-04-21 21:10 . 2013-04-21 21:10 -------- d-----w- c:\program files\Common Files\Java
2013-04-21 21:07 . 2013-04-21 21:07 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-21 21:07 . 2013-04-21 21:07 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-21 21:07 . 2013-04-21 21:07 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-21 21:07 . 2013-04-21 21:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-21 21:07 . 2013-04-21 21:07 -------- d-----w- c:\program files\Java
2013-04-21 19:08 . 2012-06-02 08:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-04-21 18:12 . 2013-04-21 18:32 -------- d-----w- c:\windows\SxsCaPendDel
2013-04-21 17:19 . 2013-04-21 17:19 -------- d-----w- c:\windows\ie8updates
2013-04-21 17:09 . 2013-04-21 17:09 -------- d-----w- c:\program files\MSECache
2013-04-21 16:31 . 2013-04-21 18:16 -------- d-----w- c:\windows\system32\XPSViewer
2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- c:\program files\Reference Assemblies
2013-04-21 16:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- C:\3012f4420958b0b678
2013-04-21 16:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-04-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-04-21 15:52 . 2013-03-02 02:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-21 15:52 . 2013-03-02 02:06 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-21 15:50 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2013-04-21 14:47 . 2013-04-22 14:48 -------- d--h--w- c:\windows\$hf_mig$
2013-04-21 14:41 . 2012-06-02 08:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-04-21 14:34 . 2003-06-25 09:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\dllcache\bthpan.sys
2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\dllcache\rfcomm.sys
2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\dllcache\bthenum.sys
2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\irftp.exe
2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\irmon.dll
2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys
2013-04-19 22:00 . 2013-04-19 22:00 5073136 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe
2013-04-19 22:00 . 2013-04-19 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Baidu Security
2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\program files\Baidu Security
2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\searchplugins
2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\Extensions
2013-04-19 20:09 . 2013-04-19 20:09 -------- d-----w- c:\program files\Common Files\InstallShield
2013-04-19 19:13 . 2013-04-19 19:18 2126 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-04-19 19:13 . 2013-04-19 19:13 -------- d-----w- C:\VTRoot
2013-04-18 15:24 . 2013-04-28 09:15 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-18 15:22 . 2013-04-18 15:22 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-04-18 15:21 . 2013-04-18 15:21 -------- d-----w- c:\program files\COMODO
2013-04-18 15:21 . 2013-04-18 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2013-04-18 15:20 . 2013-04-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-18 14:16 . 2013-04-04 07:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 19:58 . 2011-03-31 16:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2008-04-14 05:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 05:21 . 2013-03-07 05:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-03-07 01:32 . 2008-04-14 00:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-13 17:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 02:06 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 01:25 . 2008-04-14 01:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2009-11-16 10:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-14 00:26 12928 ------w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-29 121089]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2013-01-23 802304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-12-16 125952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\documents and settings\Indy\Start Menu\Programs\Startup\
spotflux.lnk - c:\program files\spotflux\spotflux.exe [2013-4-17 469848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/15/2013 6:39 PM 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [4/15/2013 6:39 PM 592384]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/15/2013 6:39 PM 32816]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/22/2012 5:20 PM 108448]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2/24/2013 7:12 AM 125952]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/22/2012 1:46 AM 144472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2/13/2013 3:38 PM 340096]
R3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\drivers\tapSF0901.sys [3/7/2013 12:21 PM 33160]
S0 SMBALI;SMBALI;c:\windows\system32\drivers\smbali.sys [4/22/2013 5:00 AM 5888]
S0 SMBHC;SMBHC;c:\windows\system32\DRIVERS\SMBHC.sys --> c:\windows\system32\DRIVERS\SMBHC.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 7:09 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2012 1:46 AM 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [4/15/2013 6:38 PM 127184]
S3 KNZECTIJ;KNZECTIJ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SKYPEUPDATE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-22 11:18 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 19:58]
.
2013-04-28 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12]
.
2013-04-28 c:\windows\Tasks\User_Feed_Synchronization-{0C0894DE-5483-43D7-9FB3-EA9A58CD62E5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.myplaycity.com/
mWindow Title = Microsoft Internet Explorer
IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
DPF: {EB75A3EF-AF6A-4032-B840-D057A8442A0F} - hxxp://disk.vn/webhard/diskvn.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-28 16:37
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(524)
c:\windows\system32\cmdcsr.dll
.
- - - - - - - > 'csrss.exe'(2736)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2013-04-28 16:40:23
ComboFix-quarantined-files.txt 2013-04-28 09:40
ComboFix2.txt 2013-04-19 16:36
.
Pre-Run: 142,310,260,736 bytes free
Post-Run: 142,469,632,000 bytes free
.
- - End Of File - - 6B5DF1413BCDD5AEC798D9234CB94ECB


Report •

#28
April 28, 2013 at 03:02:32
The computer continues to hang on boot up as it has been doing. It eventually starts after 3 minutes or so.

Report •

#29
April 28, 2013 at 03:53:56
Thanks Bangkokindy, give me a little time to go through the log.

I am here, where are you please.
http://www.timeanddate.com/worldclo...

"The computer continues to hang on boot up as it has been doing. It eventually starts after 3 minutes or so"

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair later.

If any program won't run ( due to the infection ) let me know.

Copy and Paste the contents of the log/logs after running each program.


Report •

#30
April 28, 2013 at 04:01:47
"First off, I didn't realize that defogger should have been run first. So this report is without defogger having been run on the system. Should I redo?"

Lets do it this way, can always rerun Defogger/Combofix later.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt. Let me know if it dosn't produce a log please.

2: Reboot

3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.


Report •

#31
April 28, 2013 at 04:21:45
Sorry, did not think you were there. I went ahead and re-ran the defogger/combofix. Before I did that though, the girl who owns the computer wanted a program called "live" downloaded. I said okay and did that and did not get any warnings of problems from comodo. I also went thru the installed programs list and looked for anything that was not represented in the programs list on the start menu. I deleted all of those programs from the system that did not match up. The computer hung when I tried uninstalling "foxit". I assume it is uninstalled as it is no longer in the add/remove prg list. So, then I re-ran defogger/combofix just now. I followed all the directions to the letter. Apparently, "live" is not a good program as combo fix deleted everything about it in this latest run. Is it the program or did it get infected as a result of downloading to the infected computer? I will need to tell her the program is no good and not to download if it is a problem program. I will do the other steps later tonite. She needs to use the computer now. Okay here is the latest combofix:



Report •

#32
April 28, 2013 at 04:26:04
ComboFix 13-04-27.04 - JamSang 04/28/2013 17:58:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.765.181 [GMT 7:00]
Running from: c:\documents and settings\JamSang\My Documents\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Naver
c:\program files\Naver\LINE\amp-dll.dll
c:\program files\Naver\LINE\CommLib.dll
c:\program files\Naver\LINE\CommModule.dll
c:\program files\Naver\LINE\DataModule.dll
c:\program files\Naver\LINE\dbghelp.dll
c:\program files\Naver\LINE\Line.exe
c:\program files\Naver\LINE\LineAppMgr.exe
c:\program files\Naver\LINE\LineUnInst.exe
c:\program files\Naver\LINE\LineUpgrader.exe
c:\program files\Naver\LINE\MediaInfo.dll
c:\program files\Naver\LINE\Microsoft.VC90.CRT.manifest
c:\program files\Naver\LINE\msvcp90.dll
c:\program files\Naver\LINE\msvcr90.dll
c:\program files\Naver\LINE\NELO.dll
c:\program files\Naver\LINE\NELO_CrashReporter.exe
c:\program files\Naver\LINE\README.license
c:\program files\Naver\LINE\res\locale\en-US\strings.xml
c:\program files\Naver\LINE\res\locale\es\strings.xml
c:\program files\Naver\LINE\res\locale\ja-JP\strings.xml
c:\program files\Naver\LINE\res\locale\ko-KR\strings.xml
c:\program files\Naver\LINE\res\locale\zh-CN\strings.xml
c:\program files\Naver\LINE\res\locale\zh-TW\strings.xml
c:\program files\Naver\LINE\res\skin\basic\about.nxul
c:\program files\Naver\LINE\res\skin\basic\buddyInfo.nxul
c:\program files\Naver\LINE\res\skin\basic\chatMember.nxul
c:\program files\Naver\LINE\res\skin\basic\chatRoom.nxul
c:\program files\Naver\LINE\res\skin\basic\css\buddyInfo.css
c:\program files\Naver\LINE\res\skin\basic\css\chatMember.css
c:\program files\Naver\LINE\res\skin\basic\css\chatRoom.css
c:\program files\Naver\LINE\res\skin\basic\css\chatRoomMessage.css
c:\program files\Naver\LINE\res\skin\basic\css\common.css
c:\program files\Naver\LINE\res\skin\basic\css\emoji.css
c:\program files\Naver\LINE\res\skin\basic\css\emojiIcon.css
c:\program files\Naver\LINE\res\skin\basic\css\emojiLetter.css
c:\program files\Naver\LINE\res\skin\basic\css\groupMake.css
c:\program files\Naver\LINE\res\skin\basic\css\groupModify.css
c:\program files\Naver\LINE\res\skin\basic\css\invite.css
c:\program files\Naver\LINE\res\skin\basic\css\likeSelect.css
c:\program files\Naver\LINE\res\skin\basic\css\login.css
c:\program files\Naver\LINE\res\skin\basic\css\loginHelp.css
c:\program files\Naver\LINE\res\skin\basic\css\loginSecurity.css
c:\program files\Naver\LINE\res\skin\basic\css\makeGroup.css
c:\program files\Naver\LINE\res\skin\basic\css\myInfo.css
c:\program files\Naver\LINE\res\skin\basic\css\needQRCodeLogin.css
c:\program files\Naver\LINE\res\skin\basic\css\setting.css
c:\program files\Naver\LINE\res\skin\basic\css\settingContents.css
c:\program files\Naver\LINE\res\skin\basic\css\snsPanel.css
c:\program files\Naver\LINE\res\skin\basic\css\snsWindow.css
c:\program files\Naver\LINE\res\skin\basic\css\sticker.css
c:\program files\Naver\LINE\res\skin\basic\css\talk.css
c:\program files\Naver\LINE\res\skin\basic\css\talkAddBuddy.css
c:\program files\Naver\LINE\res\skin\basic\css\talkBuddyList.css
c:\program files\Naver\LINE\res\skin\basic\css\talkChatList.css
c:\program files\Naver\LINE\res\skin\basic\css\toast.css
c:\program files\Naver\LINE\res\skin\basic\css\voip.css
c:\program files\Naver\LINE\res\skin\basic\emoji.nxul
c:\program files\Naver\LINE\res\skin\basic\emojiIcon.nxul
c:\program files\Naver\LINE\res\skin\basic\emojiLetter.nxul
c:\program files\Naver\LINE\res\skin\basic\groupMake.nxul
c:\program files\Naver\LINE\res\skin\basic\groupModify.nxul
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_audio.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_btn_box.png

Report •

#33
April 28, 2013 at 04:26:59
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_bubble_gray.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_bubble_gray2.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_image_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_video.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_call.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_date_bubble.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_img_err.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_layer.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_menu_line.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_more.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_green.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_green2.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_light_green.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_image_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_video.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_new_buddy.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_sep.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_splitter.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_top.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_video.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_btm_l.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_btm_m.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_btm_r.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_line.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_top_l.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_top_r.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_addblock.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_arrow_down.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_canel.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_chat_type1.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_del.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_emoji.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_file.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_max.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_menu.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_min.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_room_name.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style1.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style2.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style3.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style3_x.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style3_xx.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\flag.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_alarm_off.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_error_sticker.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_fail.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_file.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_person.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\icon_voip.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\icon_voip_disable.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\loading.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\loading_small.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\nick_bubble_l.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\nick_bubble_m.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\nick_bubble_r.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\slider_bar.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\slider_thumb.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\thumnail_box.png
c:\program files\Naver\LINE\res\skin\basic\images\common\bar_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\bar_02.png
c:\program files\Naver\LINE\res\skin\basic\images\common\bg_dlg_title.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_btm_l.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_btm_r.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_line.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_top_l.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_top_r.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_close_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_close_02.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_system.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_type1.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_type2.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_type3.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_update.png
c:\program files\Naver\LINE\res\skin\basic\images\common\check_type1.png
c:\program files\Naver\LINE\res\skin\basic\images\common\checkbox_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\ico_close.png
c:\program files\Naver\LINE\res\skin\basic\images\common\ico_dot01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\ico_return.png
c:\program files\Naver\LINE\res\skin\basic\images\common\icon_clear.png
c:\program files\Naver\LINE\res\skin\basic\images\common\input_box.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close_all.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close_click.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close_over.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_search_1.png
c:\program files\Naver\LINE\res\skin\basic\images\common\Line.ico
c:\program files\Naver\LINE\res\skin\basic\images\common\line_about.png
c:\program files\Naver\LINE\res\skin\basic\images\common\line_about_btn.png
c:\program files\Naver\LINE\res\skin\basic\images\common\loading.png
c:\program files\Naver\LINE\res\skin\basic\images\common\profile_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\common\spin_down.png
c:\program files\Naver\LINE\res\skin\basic\images\common\spin_up.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_02.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_03.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_04.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_05.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\bg_tab.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_icon_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_index.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_latest.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_left.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_letter.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_right.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_sticker_arrow1.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_sticker_arrow2.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\emoji_bottom.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\emoji_select.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\emoji_top_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\select_emoticon.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\select_kaomoji.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\select_sticker.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\stiker_btn_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\group\bg_add_profile_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\group\bg_teamlayer_top_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_plus_02.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_radio_off_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_radio_on_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_cancel_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_invite_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_make_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_member_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_no_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_save_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_talk_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_write_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_yes_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\check_style1.png
c:\program files\Naver\LINE\res\skin\basic\images\group\check_style3.png
c:\program files\Naver\LINE\res\skin\basic\images\group\group_edit_select.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_max.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_min.png

Report •

#34
April 28, 2013 at 04:27:32
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_qrcode_refresh.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\03_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\04_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\es\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\es\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\es\03_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\es\04_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\es\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\es\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ico_q.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ico_step01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ico_step02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\03_jp_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\04_jp_setting.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\05_app_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\06_app_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\07_wap_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\08_wap_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\03_naver.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\04_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\05_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_international.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\line_logo.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bg1.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bg2.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_btm.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bullet.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bullet2.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_line.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\num_box_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\login\popup_img_qrsorry.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-CN\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-CN\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-CN\03_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-CN\04_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-CN\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-CN\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-TW\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-TW\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-TW\03_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-TW\04_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-TW\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\zh-TW\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_bottom_l.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_bottom_m.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_bottom_r.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_check.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_middle_l.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_middle_r.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_top_l.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_top_m.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_top_r.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_uncheck.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_big.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_group.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_group_big.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_makegroup.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\list_img_default.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\list_img_default_group.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\list_img_default_makegroup.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_btm.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_line.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_top.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_topleft.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_topright.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\btn_block_user.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\btn_select.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\ico_arrow.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\layer_btn_close_all.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\tab_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_badge.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_subpanel.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_tab.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_top.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_add_friend.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_chat.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_list_option.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_max.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_menu.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_min.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_top_friendtalk_01.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\check_addbuddy.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\check_group_show.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\group_member_count_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ico_tab01.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ico_tab02.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ico_tab03.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ico_tab04.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\icon_search.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\img_no_data_1.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\img_no_data_2.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\img_no_data_3.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\input_cursor.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\list_tab_bar.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\nick_bubble_l.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\nick_bubble_m.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\nick_bubble_r.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\status_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_end_comment_more.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_icon_comment.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_icon_comment_on.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_icon_like.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_icon_like_on.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_icon_more_normal.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_1001.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_1002.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_1003.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_1004.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_1005.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_1006.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_layer_b_1.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_layer_b_2.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_layer_b_3.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_layer_t_1.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_layer_t_2.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\tm_like_layer_t_3.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\write_01_map_icon_selected.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\write_01_vod_icon_normal.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\write_pic.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\write_stamp.png
c:\program files\Naver\LINE\res\skin\basic\images\tm\write_vod.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_accept.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_refuse.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_close.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_icon_call_accept.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_icon_call_refuse.png
c:\program files\Naver\LINE\res\skin\basic\images\tray\tray_icon_new.ico
c:\program files\Naver\LINE\res\skin\basic\images\tray\tray_icon_offline.ico
c:\program files\Naver\LINE\res\skin\basic\images\tray\tray_icon_online.ico
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_call_accept.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_call_refuse.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_mic.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_mic_dim.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_dim.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_gray.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_green.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_win_btn.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_win_thumnail_110.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_win_thumnail_bg.png
c:\program files\Naver\LINE\res\skin\basic\invite.nxul
c:\program files\Naver\LINE\res\skin\basic\likeSelect.nxul
c:\program files\Naver\LINE\res\skin\basic\login.nxul
c:\program files\Naver\LINE\res\skin\basic\loginHelp.nxul
c:\program files\Naver\LINE\res\skin\basic\loginKickout.nxul
c:\program files\Naver\LINE\res\skin\basic\loginSecurity.nxul
c:\program files\Naver\LINE\res\skin\basic\macUpgradeNotice.nxul
c:\program files\Naver\LINE\res\skin\basic\myInfo.nxul
c:\program files\Naver\LINE\res\skin\basic\needQRCodeLogin.nxul
c:\program files\Naver\LINE\res\skin\basic\notice.nxul
c:\program files\Naver\LINE\res\skin\basic\picturePopup.nxul
c:\program files\Naver\LINE\res\skin\basic\QRCodeHelp.nxul
c:\program files\Naver\LINE\res\skin\basic\setting.nxul
c:\program files\Naver\LINE\res\skin\basic\settingAlarm.nxul
c:\program files\Naver\LINE\res\skin\basic\settingBasic.nxul
c:\program files\Naver\LINE\res\skin\basic\settingContact.nxul
c:\program files\Naver\LINE\res\skin\basic\settingProfile.nxul
c:\program files\Naver\LINE\res\skin\basic\settingTalk.nxul
c:\program files\Naver\LINE\res\skin\basic\skinMsgBox.nxul
c:\program files\Naver\LINE\res\skin\basic\snsPanel.nxul
c:\program files\Naver\LINE\res\skin\basic\snsWindow.nxul
c:\program files\Naver\LINE\res\skin\basic\sticker.nxul
c:\program files\Naver\LINE\res\skin\basic\talk.nxul

Report •

#35
April 28, 2013 at 04:28:06
c:\program files\Naver\LINE\res\skin\basic\talkAddBuddy.nxul
c:\program files\Naver\LINE\res\skin\basic\talkBuddyList.nxul
c:\program files\Naver\LINE\res\skin\basic\talkChatList.nxul
c:\program files\Naver\LINE\res\skin\basic\test.nxul
c:\program files\Naver\LINE\res\skin\basic\toast.nxul
c:\program files\Naver\LINE\res\skin\basic\uploadPicture.nxul
c:\program files\Naver\LINE\res\skin\basic\voip.nxul
c:\program files\Naver\LINE\res\skin\basic\windowPositionHelperTester.nxul
c:\program files\Naver\LINE\res\skin\emoji\emoji_facemark.csv
c:\program files\Naver\LINE\res\skin\emoji\emoji_icon.csv
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_001.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_002.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_003.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_004.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_005.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_006.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_007.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_008.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_009.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0120.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0121.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0122.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0123.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0124.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0125.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0126.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0127.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0128.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0129.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0130.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0131.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0132.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0133.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0134.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0135.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0136.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0137.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0138.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0139.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_14.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_15.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_16.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_17.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_18.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_19.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_20.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_21.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_14.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_15.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_14.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_15.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_16.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_17.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_18.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_19.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_20.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_21.png

Report •

#36
April 28, 2013 at 04:28:59
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_14.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_15.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_16.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_17.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_18.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_19.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_20.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_21.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_14.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_15.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_16.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_1.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_2.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_3.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_4.png
c:\program files\Naver\LINE\res\skin\sticker\tab\tab00_off.png
c:\program files\Naver\LINE\res\skin\sticker\tab\tab00_on.png
c:\program files\Naver\LINE\res\sounds\Bell.wav
c:\program files\Naver\LINE\res\sounds\VoipEnd.wav
c:\program files\Naver\LINE\res\sounds\VoipRing.wav
c:\program files\Naver\LINE\res\sounds\VoipRingback.wav
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\4shared Desktop
2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\program files\4shared Desktop
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\program files\Common Files\Skype
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----r- c:\program files\Skype
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2013-04-28 09:00 . 2013-04-28 09:00 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-28 08:59 . 2006-11-29 06:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-04-28 08:59 . 2013-04-28 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-28 08:58 . 2013-04-28 08:58 -------- d-----w- c:\program files\Microsoft
2013-04-28 08:57 . 2010-04-16 12:16 4927864 ----a-w- c:\program files\Common Files\Windows Live\.cache\65c82fbe1ce43ee\Silverlight.2.0.exe
2013-04-27 18:42 . 2013-04-27 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon
2013-04-27 18:42 . 2013-04-27 18:42 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-04-27 18:41 . 2013-04-27 18:41 -------- d-----w- c:\program files\spotflux
2013-04-25 09:47 . 2013-04-25 09:47 -------- d-----w- c:\windows\Sun
2013-04-25 09:13 . 2013-04-25 09:32 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-24 19:43 . 2013-04-24 19:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\program files\SRWare Iron
2013-04-24 18:17 . 2013-04-28 10:50 -------- d-----w- c:\windows\system32\CatRoot2
2013-04-24 18:15 . 2013-04-24 18:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-24 18:14 . 2013-04-24 18:14 -------- d-----w- C:\RegBackup
2013-04-24 18:12 . 2013-04-24 18:12 -------- d-----w- c:\program files\Tweaking.com
2013-04-24 14:43 . 2013-04-24 14:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-04-24 14:32 . 2013-04-24 14:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-04-23 12:06 . 2013-04-23 12:07 -------- d-----w- c:\program files\Magical Jelly Bean
2013-04-23 10:05 . 2013-04-24 17:06 -------- d-----w- c:\windows\I386
2013-04-23 03:43 . 2001-08-16 23:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys
2013-04-23 03:42 . 2008-04-13 15:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys
2013-04-23 03:42 . 2001-08-16 22:20 297728 ----a-w- c:\windows\system32\dllcache\ac97sis.sys
2013-04-23 03:42 . 2001-08-16 22:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2013-04-23 03:42 . 2008-04-13 15:06 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-04-23 03:42 . 2001-08-16 23:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-04-23 03:42 . 2001-08-17 08:36 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll
2013-04-23 03:42 . 2001-08-17 08:36 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
2013-04-23 03:42 . 2001-08-17 00:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2013-04-23 03:42 . 2008-04-13 17:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2013-04-23 03:42 . 2008-04-13 17:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-04-23 03:42 . 2001-08-17 00:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-04-23 03:42 . 2001-08-16 22:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-04-23 03:39 . 2008-04-13 17:16 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2013-04-23 03:39 . 2001-08-17 00:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-04-23 03:39 . 2001-08-23 00:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2013-04-23 03:39 . 2001-08-17 00:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-04-23 03:39 . 2001-08-23 00:00 17408 ----a-w- c:\windows\system32\dllcache\nwapi16.dll
2013-04-23 03:39 . 2001-08-23 00:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-04-23 03:39 . 2001-08-23 00:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-04-23 03:39 . 2001-08-23 00:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-04-23 03:39 . 2001-08-23 00:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2013-04-23 03:39 . 2001-08-23 00:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2013-04-23 03:39 . 2001-08-23 00:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-04-23 03:24 . 2013-04-23 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2013-04-22 15:07 . 2013-04-27 21:22 -------- d-----w- c:\documents and settings\Indy
2013-04-22 14:04 . 2013-04-28 10:28 -------- d-----w- c:\documents and settings\Meow
2013-04-22 11:06 . 2013-04-22 11:18 -------- d-----w- c:\program files\Google
2013-04-22 10:45 . 2013-04-28 10:49 -------- d-----w- c:\documents and settings\JamSang
2013-04-21 22:03 . 2008-04-13 22:42 64000 ----a-w- c:\windows\system32\dllcache\nwapi32.dll
2013-04-21 22:03 . 2008-04-13 22:41 68608 ----a-w- c:\windows\system32\dllcache\isatq.dll
2013-04-21 22:03 . 2008-04-13 22:41 13312 ----a-w- c:\windows\system32\dllcache\infoadmn.dll
2013-04-21 22:03 . 2008-04-13 22:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2013-04-21 22:03 . 2008-04-13 22:41 64512 ----a-w- c:\windows\system32\dllcache\iismap.dll
2013-04-21 22:03 . 2008-04-13 22:42 30720 ----a-w- c:\windows\system32\dllcache\iisrstas.exe
2013-04-21 22:03 . 2008-04-13 22:41 133632 ----a-w- c:\windows\system32\dllcache\iisrtl.dll
2013-04-21 22:03 . 2008-04-13 22:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2013-04-21 22:03 . 2008-04-13 22:42 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll
2013-04-21 21:59 . 2013-04-21 21:59 -------- d-----w- c:\windows\EHome
2013-04-21 21:10 . 2013-04-21 21:10 -------- d-----w- c:\program files\Common Files\Java
2013-04-21 21:07 . 2013-04-21 21:07 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-21 21:07 . 2013-04-21 21:07 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-21 21:07 . 2013-04-21 21:07 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-21 21:07 . 2013-04-21 21:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-21 21:07 . 2013-04-21 21:07 -------- d-----w- c:\program files\Java
2013-04-21 19:08 . 2012-06-02 08:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-04-21 18:12 . 2013-04-21 18:32 -------- d-----w- c:\windows\SxsCaPendDel
2013-04-21 17:19 . 2013-04-21 17:19 -------- d-----w- c:\windows\ie8updates
2013-04-21 17:09 . 2013-04-21 17:09 -------- d-----w- c:\program files\MSECache
2013-04-21 16:31 . 2013-04-21 18:16 -------- d-----w- c:\windows\system32\XPSViewer
2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- c:\program files\Reference Assemblies
2013-04-21 16:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- C:\3012f4420958b0b678
2013-04-21 16:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-04-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-04-21 15:52 . 2013-03-02 02:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-21 15:52 . 2013-03-02 02:06 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-21 15:50 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2013-04-21 14:47 . 2013-04-22 14:48 -------- d--h--w- c:\windows\$hf_mig$
2013-04-21 14:41 . 2012-06-02 08:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\dllcache\bthpan.sys
2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\dllcache\rfcomm.sys
2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\dllcache\bthenum.sys
2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\irftp.exe
2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\irmon.dll
2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys
2013-04-19 22:00 . 2013-04-19 22:00 5073136 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe
2013-04-19 22:00 . 2013-04-19 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Baidu Security
2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\program files\Baidu Security
2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\searchplugins
2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\Extensions
2013-04-19 20:09 . 2013-04-19 20:09 -------- d-----w- c:\program files\Common Files\InstallShield
2013-04-19 19:13 . 2013-04-19 19:18 2126 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-04-19 19:13 . 2013-04-19 19:13 -------- d-----w- C:\VTRoot
2013-04-18 15:24 . 2013-04-28 10:39 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-18 15:22 . 2013-04-18 15:22 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-04-18 15:21 . 2013-04-18 15:21 -------- d-----w- c:\program files\COMODO
2013-04-18 15:21 . 2013-04-18 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2013-04-18 15:20 . 2013-04-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-18 14:16 . 2013-04-04 07:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-15 11:39 . 2013-04-18 17:02 99392 ----a-w- c:\windows\system32\drivers\inspect.sys
.

Report •

#37
April 28, 2013 at 04:31:22
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 19:58 . 2011-03-31 16:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2008-04-14 05:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 05:21 . 2013-03-07 05:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-03-07 01:32 . 2008-04-14 00:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-13 17:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 02:06 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 01:25 . 2008-04-14 01:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2009-11-16 10:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-14 00:26 12928 ------w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-29 121089]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2013-01-23 802304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-12-16 125952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\documents and settings\Indy\Start Menu\Programs\Startup\
spotflux.lnk - c:\program files\spotflux\spotflux.exe [2013-4-17 469848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/15/2013 6:39 PM 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [4/15/2013 6:39 PM 592384]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/15/2013 6:39 PM 32816]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/22/2012 5:20 PM 108448]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2/24/2013 7:12 AM 125952]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/22/2012 1:46 AM 144472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2/13/2013 3:38 PM 340096]
R3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\drivers\tapSF0901.sys [3/7/2013 12:21 PM 33160]
S0 SMBALI;SMBALI;c:\windows\system32\drivers\smbali.sys [4/22/2013 5:00 AM 5888]
S0 SMBHC;SMBHC;c:\windows\system32\DRIVERS\SMBHC.sys --> c:\windows\system32\DRIVERS\SMBHC.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 7:09 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2012 1:46 AM 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [4/15/2013 6:38 PM 127184]
S3 KNZECTIJ;KNZECTIJ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-22 11:18 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 19:58]
.
2013-04-28 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12]
.
2013-04-28 c:\windows\Tasks\User_Feed_Synchronization-{0C0894DE-5483-43D7-9FB3-EA9A58CD62E5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.myplaycity.com/
mWindow Title = Microsoft Internet Explorer
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
DPF: {EB75A3EF-AF6A-4032-B840-D057A8442A0F} - hxxp://disk.vn/webhard/diskvn.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LINE - c:\program files\Naver\LINE\LineUnInst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-28 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(516)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2013-04-28 18:14:37
ComboFix-quarantined-files.txt 2013-04-28 11:14
ComboFix2.txt 2013-04-28 09:40
.
Pre-Run: 142,458,187,776 bytes free
Post-Run: 142,464,835,584 bytes free
.
- - End Of File - - CC2C764585B2546896AD09391E93D1EE

Report •

#38
April 28, 2013 at 04:32:47
And sorry it was LINE not LIVE. Thanks for your help. I will continue the process of virus hunting later this evening (Thailand time). Dale

Report •

#39
April 28, 2013 at 04:42:11
"I will continue the process of virus hunting later this evening (Thailand time)"

Ok Dale, I shall make sure I don't go to bed too early.
http://www.timeanddate.com/worldclo...


Report •

#40
April 28, 2013 at 04:44:29
"I went ahead and re-ran the defogger/combofix"
Just as well you did, I would never have known what was going on.

Report •

#41
April 28, 2013 at 05:12:26
Googling LINE reveals the program is OK.
Best she doesn't install any new programs, other than what I ask you to run.

I can only guess it was from a bad source.

When we get all the problems sorted out, here are safe links to download LINE.
http://www.softpedia.com/get/Mobile...
http://www.softpedia.com/progScreen...
http://line.naver.jp/en/


Report •

#42
April 28, 2013 at 06:46:38
Well, bad news. I just ran ESET on my computer and it discovered the same malware called Win32 opencandy. I did not share any files between computers nor download any of the same programs she has on hers. I did however have an open network connection and I had a shared folder there. I did establish a connection once between the computers which required my password for my computer. Was that all it took? I am getting ready to run the defogger/combofix on my toshiba (hers is svoa for ease of typing).

Report •

#43
April 28, 2013 at 07:01:04
The goal of trying to fix a computer is to keep it simple, one small step at a time.

I can only visualize her computer in my head, trying to keep your details is way too complicated.

"This computer is a friend's and it appears to have been configured in vietnam"
Where is that comp?
In your possession or elsewhere.


Report •

#44
April 28, 2013 at 07:04:29
Her computer henceforth to be called svoa is in the other room being used... I should have access to it in an hour or two. My computer is what I am using now which I will now call the toshiba. I'm getting tired of virus hunting :)

Report •

#45
April 28, 2013 at 07:14:47
Eset found on Toshiba...
C:\Users\Indy\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\VTRoot\HarddiskVolume2\Users\Indy\AppData\Local\Temp\is-EE7GI.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined

I did download keyfinder, but I thought that was from bleeping computer. So this could be unrelated to the computers being networked and just the result of downloading keyfinder...?? I have defogger/combofix ready to go.


Report •

#46
April 28, 2013 at 07:20:26
Start a new thread for the Toshiba, otherwise this will end up an impossible mess.

http://www.computing.net/forum/secu...


Report •

#47
April 28, 2013 at 07:32:37
Toshiba combofix report:

ComboFix 13-04-27.04 - Indy 04/28/2013 21:22:09.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1779 [GMT 7:00]
Running from: c:\users\Indy\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Indy\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2013-04-28 14:28 . 2013-04-28 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-27 18:32 . 2013-04-27 18:32 -------- d-----w- c:\users\Indy\AppData\Local\SWTORPerf
2013-04-27 17:54 . 2008-05-30 07:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2013-04-27 17:53 . 2013-04-27 17:53 -------- d-----w- c:\program files\Common Files\BioWare
2013-04-27 17:53 . 2013-04-27 17:53 -------- d-----w- c:\program files\Electronic Arts
2013-04-27 17:53 . 2013-04-27 17:53 -------- d-----w- c:\users\hedev
2013-04-27 17:27 . 2013-04-28 14:28 -------- d-----w- c:\users\Indy\AppData\Local\PMB Files
2013-04-27 17:27 . 2013-04-27 17:28 -------- d-----w- c:\programdata\PMB Files
2013-04-27 17:26 . 2013-04-27 17:26 -------- d-----w- c:\program files\Pando Networks
2013-04-27 17:04 . 2013-04-27 17:04 -------- d-----w- c:\program files\Common Files\Java
2013-04-27 17:04 . 2013-04-27 17:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-27 17:04 . 2013-04-27 17:04 -------- d-----w- c:\program files\Java
2013-04-27 16:35 . 2013-04-27 16:35 -------- d-----w- c:\users\Indy\.swt
2013-04-27 16:35 . 2013-04-27 16:35 -------- d-----w- c:\programdata\Caphyon
2013-04-27 16:35 . 2013-04-27 16:35 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-04-27 16:34 . 2013-04-27 16:34 -------- d-----w- c:\program files\spotflux
2013-04-27 16:33 . 2013-04-28 12:23 -------- d-----w- c:\users\Indy\AppData\Roaming\.spotflux
2013-04-27 16:33 . 2013-04-27 16:33 -------- d-----w- c:\users\Indy\AppData\Roaming\Spotflux
2013-04-27 16:26 . 2013-04-27 16:39 -------- d-----w- c:\programdata\HappyCloud
2013-04-26 13:40 . 2013-04-26 13:40 -------- d-----w- C:\VTRoot
2013-04-26 13:40 . 2013-04-27 15:05 12282 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-04-26 03:08 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2013-04-26 03:08 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2013-04-26 03:08 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2013-04-26 03:08 . 2013-04-26 03:08 -------- d-----w- c:\program files\Xvid
2013-04-25 14:39 . 2013-04-25 14:39 -------- d-----w- c:\program files\ESET
2013-04-25 09:02 . 2013-04-25 09:02 -------- d-----w- c:\program files\Common Files\Skype
2013-04-25 04:57 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-25 00:39 . 2013-04-25 00:39 -------- d-----w- c:\programdata\TechSmith
2013-04-24 12:16 . 2013-04-24 12:16 -------- d-----w- c:\programdata\Shared Space
2013-04-24 08:41 . 2013-04-24 08:42 -------- d-----w- c:\programdata\Comodo
2013-04-24 08:41 . 2013-04-24 08:41 -------- d-----w- c:\programdata\Comodo Downloader
2013-04-24 08:40 . 2013-04-24 08:40 -------- d-----w- c:\program files\COMODO
2013-04-21 08:05 . 2013-04-21 08:05 -------- d-----w- c:\program files\MSECache
2013-04-17 12:23 . 2013-04-17 12:23 -------- d-----w- c:\users\Indy\AppData\Local\Opera
2013-04-17 12:22 . 2013-04-17 12:23 -------- d-----w- c:\program files\Opera
2013-04-16 03:53 . 2013-04-16 03:54 -------- d-----w- c:\windows\system32\Adobe
2013-04-12 13:29 . 2013-04-12 17:03 -------- d-----w- c:\users\Indy\AppData\Roaming\Audacity
2013-04-12 13:29 . 2013-04-12 13:29 -------- d-----w- c:\program files\Audacity
2013-04-10 08:19 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 08:19 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 08:19 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 08:19 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 08:19 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 08:19 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 08:15 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 08:15 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 08:15 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-08 10:19 . 2013-04-08 12:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-04-04 11:31 . 2013-04-04 11:31 -------- d-----w- c:\users\Indy\AppData\Roaming\Barnes & Noble
2013-04-04 11:31 . 2013-04-04 11:31 -------- d-----w- c:\program files\Barnes & Noble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-27 17:04 . 2013-02-25 06:47 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-27 17:04 . 2013-02-25 06:47 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-18 17:02 . 2013-01-16 12:51 84928 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-15 17:38 . 2013-01-16 12:51 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 17:38 . 2013-01-16 12:51 581912 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-04-15 17:38 . 2013-01-16 12:51 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 17:38 . 2013-01-24 15:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 17:38 . 2013-01-24 15:43 348584 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 17:38 . 2013-01-24 15:42 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-15 17:38 . 2013-01-24 15:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-04 07:50 . 2013-02-23 08:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 03:14 . 2013-03-13 03:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB52173F-C9FF-474C-878D-C94B666C8217}\offreg.dll
2013-03-08 14:00 . 2013-03-08 13:57 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 14:00 . 2013-03-08 13:57 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-07 05:21 . 2013-03-07 05:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-02-14 19:48 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-02-14 17:43 . 2013-02-14 17:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-14 17:43 . 2013-02-14 17:43 161792 ----a-w- c:\windows\system32\msls31.dll
2013-02-14 17:43 . 2013-02-14 17:43 86528 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-14 17:43 . 2013-02-14 17:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-02-14 17:43 . 2013-02-14 17:43 74752 ----a-w- c:\windows\system32\iesetup.dll
2013-02-14 17:43 . 2013-02-14 17:43 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-02-14 17:43 . 2013-02-14 17:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-02-14 17:43 . 2013-02-14 17:43 367104 ----a-w- c:\windows\system32\html.iec
2013-02-14 17:43 . 2013-02-14 17:43 35840 ----a-w- c:\windows\system32\imgutil.dll
2013-02-14 17:43 . 2013-02-14 17:43 23552 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-14 17:43 . 2013-02-14 17:43 152064 ----a-w- c:\windows\system32\wextract.exe
2013-02-14 17:43 . 2013-02-14 17:43 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-02-14 17:43 . 2013-02-14 17:43 11776 ----a-w- c:\windows\system32\mshta.exe
2013-02-14 17:43 . 2013-02-14 17:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-02-14 17:43 . 2013-02-14 17:43 101888 ----a-w- c:\windows\system32\admparse.dll
2013-02-14 16:50 . 2013-02-14 16:50 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2013-02-12 04:48 . 2013-03-13 02:20 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 02:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-22 06:40 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 00:45 . 2013-03-13 02:18 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB52173F-C9FF-474C-878D-C94B666C8217}\mpengine.dll
2013-04-12 09:07 . 2013-04-12 09:07 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-04-27 4284976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-08-12 00:09 1324384 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-08-04 01:17 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
2009-08-07 01:05 611672 ----a-w- c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-21 17:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-08 14:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
TCP: Interfaces\{DDEB6388-A067-4BC4-BCE4-FD02039AADFE}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-04-27 23:20; {9EB34849-81D3-4841-939D-666D522B889A}; c:\users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(7960)
c:\windows\system32\guard32.dll
.
Completion time: 2013-04-28 21:31:00
ComboFix-quarantined-files.txt 2013-04-28 14:31
.
Pre-Run: 265,746,743,296 bytes free
Post-Run: 265,774,809,088 bytes free
.
- - End Of File - - D670BE0E0BAC85FFEF9FAD5DA4297B2E


Report •

#48
April 28, 2013 at 07:43:57
Oops! too late. I'll open one now.

Report •

#49
April 28, 2013 at 08:26:00
I ran unhide and rebooted. The text file is on the desktop. I downloaded and ran RogueKiller and here is the report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JamSang [Admin rights]
Mode : Remove -- Date : 04/28/2013 22:24:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 0e5a150bcd3e5279cf69e919c0968348
[BSP] eed3b1b3e8bee6eecbe09b28dc4e4d31 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 156249 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 319998736 | Size: 148993 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04282013_02d2224.txt >>
RKreport[1]_S_04282013_02d2223.txt ; RKreport[2]_D_04282013_02d2224.txt


Report •

#50
April 28, 2013 at 08:38:07
Good news! The computer restarted without the delay. I tried it twice.

Report •

#51
April 28, 2013 at 08:44:44
"I ran unhide and rebooted. The text file is on the desktop"
Details please.

Report •

#52
April 28, 2013 at 08:47:24
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 04/28/2013 10:03:57 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 59616 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 1171 files processed.

The C:\DOCUME~1\JamSang\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 04/28/2013 10:04:15 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)


Report •

#53
April 28, 2013 at 19:01:41
Re-running the scans. I re-downloaded combofix. Here is the defogger/combofix report:

ComboFix 13-04-28.01 - JamSang 04/29/2013 8:48.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.765.210 [GMT 7:00]
Running from: c:\documents and settings\JamSang\My Documents\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 )))))))))))))))))))))))))))))))
.
.
2013-04-28 15:22 . 2013-04-28 15:22 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-04-28 15:14 . 2013-04-28 15:14 -------- d-----w- c:\program files\7-Zip
2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\4shared Desktop
2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\program files\4shared Desktop
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\program files\Common Files\Skype
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----r- c:\program files\Skype
2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2013-04-28 09:00 . 2013-04-28 09:00 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-28 08:59 . 2006-11-29 06:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-04-28 08:59 . 2013-04-28 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-28 08:58 . 2013-04-28 08:58 -------- d-----w- c:\program files\Microsoft
2013-04-28 08:57 . 2010-04-16 12:16 4927864 ----a-w- c:\program files\Common Files\Windows Live\.cache\65c82fbe1ce43ee\Silverlight.2.0.exe
2013-04-27 18:42 . 2013-04-27 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon
2013-04-27 18:42 . 2013-04-27 18:42 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-04-27 18:41 . 2013-04-27 18:41 -------- d-----w- c:\program files\spotflux
2013-04-25 09:47 . 2013-04-25 09:47 -------- d-----w- c:\windows\Sun
2013-04-25 09:13 . 2013-04-25 09:32 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-24 19:43 . 2013-04-24 19:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\program files\SRWare Iron
2013-04-24 18:17 . 2013-04-29 01:35 -------- d-----w- c:\windows\system32\CatRoot2
2013-04-24 18:15 . 2013-04-24 18:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-24 18:14 . 2013-04-24 18:14 -------- d-----w- C:\RegBackup
2013-04-24 18:12 . 2013-04-24 18:12 -------- d-----w- c:\program files\Tweaking.com
2013-04-24 14:43 . 2013-04-24 14:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-04-24 14:32 . 2013-04-24 14:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-04-23 12:06 . 2013-04-23 12:07 -------- d-----w- c:\program files\Magical Jelly Bean
2013-04-23 10:05 . 2013-04-24 17:06 -------- d-----w- c:\windows\I386
2013-04-23 03:43 . 2001-08-16 23:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys
2013-04-23 03:42 . 2008-04-13 15:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys
2013-04-23 03:42 . 2001-08-16 22:20 297728 ----a-w- c:\windows\system32\dllcache\ac97sis.sys
2013-04-23 03:42 . 2001-08-16 22:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2013-04-23 03:42 . 2008-04-13 15:06 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-04-23 03:42 . 2001-08-16 23:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-04-23 03:42 . 2001-08-17 08:36 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll
2013-04-23 03:42 . 2001-08-17 08:36 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
2013-04-23 03:42 . 2001-08-17 00:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2013-04-23 03:42 . 2008-04-13 17:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2013-04-23 03:42 . 2008-04-13 17:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-04-23 03:42 . 2001-08-17 00:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-04-23 03:42 . 2001-08-16 22:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-04-23 03:39 . 2008-04-13 17:16 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2013-04-23 03:39 . 2001-08-17 00:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-04-23 03:39 . 2001-08-23 00:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2013-04-23 03:39 . 2001-08-17 00:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-04-23 03:39 . 2001-08-23 00:00 17408 ----a-w- c:\windows\system32\dllcache\nwapi16.dll
2013-04-23 03:39 . 2001-08-23 00:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-04-23 03:39 . 2001-08-23 00:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-04-23 03:39 . 2001-08-23 00:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-04-23 03:39 . 2001-08-23 00:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2013-04-23 03:39 . 2001-08-23 00:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2013-04-23 03:39 . 2001-08-23 00:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-04-23 03:24 . 2013-04-23 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2013-04-22 15:07 . 2013-04-28 18:09 -------- d-----w- c:\documents and settings\Indy
2013-04-22 14:04 . 2013-04-28 23:25 -------- d-----w- c:\documents and settings\Meow
2013-04-22 11:06 . 2013-04-22 11:18 -------- d-----w- c:\program files\Google
2013-04-22 10:45 . 2013-04-28 16:35 -------- d-----w- c:\documents and settings\JamSang
2013-04-21 22:03 . 2008-04-13 22:42 64000 ----a-w- c:\windows\system32\dllcache\nwapi32.dll
2013-04-21 22:03 . 2008-04-13 22:41 68608 ----a-w- c:\windows\system32\dllcache\isatq.dll
2013-04-21 22:03 . 2008-04-13 22:41 13312 ----a-w- c:\windows\system32\dllcache\infoadmn.dll
2013-04-21 22:03 . 2008-04-13 22:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2013-04-21 22:03 . 2008-04-13 22:41 64512 ----a-w- c:\windows\system32\dllcache\iismap.dll
2013-04-21 22:03 . 2008-04-13 22:42 30720 ----a-w- c:\windows\system32\dllcache\iisrstas.exe
2013-04-21 22:03 . 2008-04-13 22:41 133632 ----a-w- c:\windows\system32\dllcache\iisrtl.dll
2013-04-21 22:03 . 2008-04-13 22:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2013-04-21 22:03 . 2008-04-13 22:42 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll
2013-04-21 21:59 . 2013-04-21 21:59 -------- d-----w- c:\windows\EHome
2013-04-21 21:10 . 2013-04-21 21:10 -------- d-----w- c:\program files\Common Files\Java
2013-04-21 21:07 . 2013-04-21 21:07 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-21 21:07 . 2013-04-21 21:07 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-21 21:07 . 2013-04-21 21:07 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-21 21:07 . 2013-04-21 21:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-21 21:07 . 2013-04-21 21:07 -------- d-----w- c:\program files\Java
2013-04-21 19:08 . 2012-06-02 08:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-04-21 18:12 . 2013-04-21 18:32 -------- d-----w- c:\windows\SxsCaPendDel
2013-04-21 17:19 . 2013-04-21 17:19 -------- d-----w- c:\windows\ie8updates
2013-04-21 17:09 . 2013-04-21 17:09 -------- d-----w- c:\program files\MSECache
2013-04-21 16:31 . 2013-04-21 18:16 -------- d-----w- c:\windows\system32\XPSViewer
2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- c:\program files\Reference Assemblies
2013-04-21 16:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- C:\3012f4420958b0b678
2013-04-21 16:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-04-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-04-21 15:52 . 2013-03-02 02:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-21 15:52 . 2013-03-02 02:06 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-21 15:50 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2013-04-21 14:47 . 2013-04-22 14:48 -------- d-----w- c:\windows\$hf_mig$
2013-04-21 14:41 . 2012-06-02 08:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\dllcache\bthpan.sys
2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\dllcache\rfcomm.sys
2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\dllcache\bthenum.sys
2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\irftp.exe
2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\irmon.dll
2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys
2013-04-19 22:00 . 2013-04-19 22:00 5073136 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe
2013-04-19 22:00 . 2013-04-19 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Baidu Security
2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\program files\Baidu Security
2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\searchplugins
2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\Extensions
2013-04-19 20:09 . 2013-04-19 20:09 -------- d-----w- c:\program files\Common Files\InstallShield
2013-04-19 19:13 . 2013-04-19 19:18 2126 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-04-19 19:13 . 2013-04-19 19:13 -------- d-----w- C:\VTRoot
2013-04-18 15:24 . 2013-04-28 23:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-18 15:22 . 2013-04-18 15:22 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-04-18 15:21 . 2013-04-18 15:21 -------- d-----w- c:\program files\COMODO
2013-04-18 15:21 . 2013-04-18 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2013-04-18 15:20 . 2013-04-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 19:58 . 2011-03-31 16:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2008-04-14 05:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 05:21 . 2013-03-07 05:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-03-07 01:32 . 2008-04-14 00:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-13 17:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 02:06 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 01:25 . 2008-04-14 01:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2009-11-16 10:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-14 00:26 12928 ------w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-29 121089]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2013-01-23 802304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-12-16 125952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/15/2013 6:39 PM 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [4/15/2013 6:39 PM 592384]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/15/2013 6:39 PM 32816]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/22/2012 5:20 PM 108448]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2/24/2013 7:12 AM 125952]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/22/2012 1:46 AM 144472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2/13/2013 3:38 PM 340096]
R3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\drivers\tapSF0901.sys [3/7/2013 12:21 PM 33160]
S0 SMBALI;SMBALI;c:\windows\system32\drivers\smbali.sys [4/22/2013 5:00 AM 5888]
S0 SMBHC;SMBHC;c:\windows\system32\DRIVERS\SMBHC.sys --> c:\windows\system32\DRIVERS\SMBHC.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 7:09 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2012 1:46 AM 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [4/15/2013 6:38 PM 127184]
S3 KNZECTIJ;KNZECTIJ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-22 11:18 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 19:58]
.
2013-04-29 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-29 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-29 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-29 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12]
.
2013-04-29 c:\windows\Tasks\User_Feed_Synchronization-{0C0894DE-5483-43D7-9FB3-EA9A58CD62E5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.myplaycity.com/
mWindow Title = Microsoft Internet Explorer
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
DPF: {EB75A3EF-AF6A-4032-B840-D057A8442A0F} - hxxp://disk.vn/webhard/diskvn.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-29 08:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(560)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2013-04-29 08:59:09
ComboFix-quarantined-files.txt 2013-04-29 01:59
ComboFix2.txt 2013-04-28 11:14
ComboFix3.txt 2013-04-28 09:40
.
Pre-Run: 142,319,693,824 bytes free
Post-Run: 142,321,487,872 bytes free
.
- - End Of File - - 576FC094BE66AB567F5EE049675F1E35


Report •

#54
April 28, 2013 at 19:06:00
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 04/29/2013 09:05:04 AM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 58223 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 1171 files processed.

The C:\DOCUME~1\JamSang\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 04/29/2013 09:05:35 AM
Execution time: 0 hours(s), 0 minute(s), and 30 seconds(s)


Report •

#55
April 28, 2013 at 19:08:44
"Re-running the scans. I re-downloaded combofix. Here is the defogger/combofix report:"
That's clean.

What sort of comp is this?
Do you have the recovery disks?


Report •

#56
April 28, 2013 at 19:11:51
Post #54

That's also Clean.


Report •

#57
April 28, 2013 at 19:13:17
SVOA Thailand company. No disks. I have one disk that has a few drivers on it and that is all.

Adware

# AdwCleaner v2.300 - Logfile created 04/29/2013 at 09:09:00
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : JamSang - JAMSANGBANG
# Boot Mode : Normal
# Running from : C:\Documents and Settings\JamSang\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\JamSang\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Meow\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Indy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4173 octets] - [24/04/2013 22:00:50]
AdwCleaner[R2].txt - [868 octets] - [25/04/2013 00:59:37]
AdwCleaner[R3].txt - [1778 octets] - [29/04/2013 09:08:16]
AdwCleaner[S1].txt - [4348 octets] - [24/04/2013 22:02:20]
AdwCleaner[S2].txt - [1259 octets] - [25/04/2013 00:41:40]
AdwCleaner[S3].txt - [927 octets] - [25/04/2013 01:00:10]
AdwCleaner[S4].txt - [355 octets] - [29/04/2013 09:07:56]
AdwCleaner[S5].txt - [1715 octets] - [29/04/2013 09:09:00]

########## EOF - C:\AdwCleaner[S5].txt - [1775 octets] ##########


Report •

#58
April 28, 2013 at 19:16:59
RogueKiller:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JamSang [Admin rights]
Mode : Remove -- Date : 04/29/2013 09:16:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 0e5a150bcd3e5279cf69e919c0968348
[BSP] eed3b1b3e8bee6eecbe09b28dc4e4d31 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 156249 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 319998736 | Size: 148993 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_04292013_02d0916.txt >>
RKreport[1]_S_04282013_02d2223.txt ; RKreport[2]_D_04282013_02d2224.txt ; RKreport[3]_S_04292013_02d0915.txt ; RKreport[4]_D_04292013_02d0916.txt


Report •

#59
April 28, 2013 at 19:25:01
I'll do ESET now as you posted on the other feed.

Report •

#60
April 28, 2013 at 19:26:31
http://www.svoa.co.th

Report •

#61
April 28, 2013 at 19:30:53
Still not clean... I'm watching the scan and Win32/Toolbar.Babylon.E just popped up. I'll post the report when it wraps up... in about 45 minutes.

Report •

#62
April 28, 2013 at 19:33:09
Someone is not being careful installing programs, it is no longer a matter of click, click.

A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install.

Example post #57 > 4shared Tools


Report •

#63
April 28, 2013 at 19:37:18
I'm usually pretty careful with that and avoid all browser add-ons. I must have missed something there... BTW the Line download was from one of the safe sites that are out there. I will reload that later after svoa is deemed clean.

Report •

#64
April 28, 2013 at 19:42:39
Re svoa, I thought that was your abreviation ( nickname )
http://www.svoa.co.th/

See if the recovery disks are available.
download svoa recovery disks ( I did'nt know the model number )
http://is.gd/f4inQb


Report •

#65
April 28, 2013 at 19:56:16
Okay, I will check. This model is ISIS M745S C2D21000. Meanwhile... 7 total malware found. The new ones are variants of Win32/SoftonicDownloader.E.

Report •

#66
April 28, 2013 at 19:58:31
I meant to type IRIS not ISIS.

Report •

#67
April 28, 2013 at 20:09:24
Other keywords for a Google search.

svoa how to make recovery disks

http://is.gd/YHhi8A


Report •

#68
April 28, 2013 at 20:13:33
Not finding anything under those searches for the recovery disks.

Report •

#69
April 28, 2013 at 20:17:56
ESET:

C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{C46EA4F1-447B-4CE3-AEC8-F8DB1F41B874} a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc13.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc14.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc4.exe a variant of Win32/4Shared.C application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc6.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc7.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc8.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined


Report •

#70
April 28, 2013 at 20:23:45
Post #69

They are all fine, you probably haven't emptied the recycle bin or cleaned out your quarantined files.


Report •

#71
April 28, 2013 at 20:25:21
Now do scans with Comodo & Malwarebytes ( MBAM )

Quick scan is OK.


Report •

#72
April 28, 2013 at 20:28:54
Okay, I emptied recycle bin. Can I delete RK Quarantine folder on desktop? I have updated and am running Malwarebytes now.

Report •

#73
April 28, 2013 at 20:32:06
"Can I delete RK Quarantine folder on desktop?"
Yep, wait for MBAM to finish & delete anything that is quarantined.

Report •

#74
April 28, 2013 at 20:32:21
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.29.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JamSang :: JAMSANGBANG [administrator]

4/29/2013 10:27:43 AM
mbam-log-2013-04-29 (10-27-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267778
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#75
April 28, 2013 at 20:37:23
Zero found with Comodo. No txt file report generated for that one I guess. I deleted RK folder and the recycle bin again.

Report •

#76
April 28, 2013 at 20:39:31
Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Please Copy and Paste the contents into your reply.

Report •

#77
April 28, 2013 at 20:42:18
ListParts by Farbar Version: 27-04-2013
Ran by JamSang (administrator) on 29-04-2013 at 10:41:30
Windows XP (X86)
Running From: C:\Documents and Settings\JamSang\My Documents\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 73%
Total physical RAM: 765.1 MB
Available physical RAM: 199.48 MB
Total Pagefile: 1873.96 MB
Available Pagefile: 1233.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.64 MB

======================= Partitions =========================

1 Drive c: (XP-PRO) (Fixed) (Total:152.59 GB) (Free:133.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: () (Fixed) (Total:145.5 GB) (Free:134.52 GB) NTFS

The disk management services could not complete the operation.

============================== MBR Partition Table ==================


****** End Of Log ******


Report •

#78
April 28, 2013 at 20:48:23
"2 Drive d: () (Fixed) (Total:145.5 GB) (Free:134.52 GB) NTFS

The disk management services could not complete the operation"

Do you know what is on Drive 2?

Is it a partition or a separate drive?


Report •

#79
April 28, 2013 at 20:51:50
Games. Partition I believe... doubt this has two drives.

Report •

#80
April 28, 2013 at 20:55:01
Click on D drive & have a look please.

A separate drive if it has one, is an USB plug in.


Report •

#81
April 28, 2013 at 21:01:45
D partition local drive
See attached screen capture of the folder for d.

Report •

#82
April 28, 2013 at 21:13:54
Nice work.

"The disk management services could not complete the operation"

I think we have a problem with Windows Updates.

Let me have a look at what is available via Custom Updates. Don't do any updates yet.

Custom Updates.
http://img89.imageshack.us/img89/97...
http://blogs.conchango.com/marlondu...


Report •

#83
April 28, 2013 at 21:19:12
Windows Updates
I clicked on the link in the program menu and this window popped up. First time to see this.

Report •

#84
April 28, 2013 at 21:25:53
Update of the Windows Update process
BTW when I first started looking at this laptop this was one of the first things I noticed. Update was apparently never turned on. I had to download many many updates.

Report •

#85
April 28, 2013 at 21:27:27
Windows update is telling me it has downloaded updates and is ready to install them...

Report •

#86
April 28, 2013 at 21:29:39
I didn't click update... express or custom.

Report •

#87
April 28, 2013 at 21:34:02
I was just doing SS's.

Post #82
Let me have a look at what is available via Custom Updates. Don't do any updates yet.


Report •

#88
April 28, 2013 at 21:42:18
Custom Updates Capture
Here is the capture I think you wanted.

Report •

#89
April 28, 2013 at 22:02:43
Thanks.
http://i.imgur.com/vPZeJKf.gif

Report •

#90
April 28, 2013 at 22:39:39
hardware scr cap
Here is the requested capture.

Report •

#91
April 28, 2013 at 23:07:48
Thanks, you can update that driver, offers better security.

Still no answer for > "The disk management services could not complete the operation"


Report •

#92
April 28, 2013 at 23:08:43
Update & Run TDSSKiller again. Post the contents of the log. Delete anything in quarantine when finished.

Report •

#93
April 28, 2013 at 23:46:18

13:43:21.0140 1940 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:43:22.0515 1940 ============================================================
13:43:22.0515 1940 Current date / time: 2013/04/29 13:43:22.0515
13:43:22.0515 1940 SystemInfo:
13:43:22.0515 1940
13:43:22.0515 1940 OS Version: 5.1.2600 ServicePack: 3.0
13:43:22.0515 1940 Product type: Workstation
13:43:22.0515 1940 ComputerName: JAMSANGBANG
13:43:22.0515 1940 UserName: JamSang
13:43:22.0515 1940 Windows directory: C:\WINDOWS
13:43:22.0515 1940 System windows directory: C:\WINDOWS
13:43:22.0515 1940 Processor architecture: Intel x86
13:43:22.0515 1940 Number of processors: 2
13:43:22.0515 1940 Page size: 0x1000
13:43:22.0515 1940 Boot type: Normal boot
13:43:22.0515 1940 ============================================================
13:43:24.0531 1940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:43:24.0578 1940 ============================================================
13:43:24.0578 1940 \Device\Harddisk0\DR0:
13:43:24.0578 1940 MBR partitions:
13:43:24.0578 1940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1312CAD0
13:43:24.0593 1940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1312CB4F, BlocksNum 0x12300B72
13:43:24.0593 1940 ============================================================
13:43:24.0640 1940 C: <-> \Device\Harddisk0\DR0\Partition1
13:43:24.0687 1940 D: <-> \Device\Harddisk0\DR0\Partition2
13:43:24.0718 1940 ============================================================
13:43:24.0718 1940 Initialize success
13:43:24.0718 1940 ============================================================
13:43:36.0296 3840 ============================================================
13:43:36.0296 3840 Scan started
13:43:36.0296 3840 Mode: Manual;
13:43:36.0296 3840 ============================================================
13:43:36.0578 3840 ================ Scan system memory ========================
13:43:36.0593 3840 System memory - ok
13:43:36.0593 3840 ================ Scan services =============================
13:43:36.0718 3840 Abiosdsk - ok
13:43:36.0781 3840 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:43:36.0781 3840 ACPI - ok
13:43:36.0796 3840 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:43:36.0796 3840 ACPIEC - ok
13:43:36.0875 3840 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:43:36.0906 3840 AdobeFlashPlayerUpdateSvc - ok
13:43:36.0953 3840 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:43:36.0984 3840 aec - ok
13:43:37.0031 3840 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:43:37.0171 3840 AegisP - ok
13:43:37.0218 3840 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:43:37.0234 3840 AFD - ok
13:43:37.0281 3840 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:43:37.0312 3840 Alerter - ok
13:43:37.0328 3840 AliIde - ok
13:43:37.0390 3840 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
13:43:37.0437 3840 Ambfilt - ok
13:43:37.0468 3840 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:43:37.0484 3840 AppMgmt - ok
13:43:37.0562 3840 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:43:37.0656 3840 aspnet_state - ok
13:43:37.0703 3840 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:43:37.0718 3840 AsyncMac - ok
13:43:37.0750 3840 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:43:37.0765 3840 atapi - ok
13:43:37.0796 3840 Atdisk - ok
13:43:37.0812 3840 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:43:37.0828 3840 Atmarpc - ok
13:43:37.0843 3840 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:43:37.0875 3840 AudioSrv - ok
13:43:37.0921 3840 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:43:37.0937 3840 audstub - ok
13:43:38.0000 3840 [ FE4ED785396EAA554C561992106A35FA ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:43:38.0062 3840 BCM43XX - ok
13:43:38.0093 3840 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:43:38.0109 3840 Beep - ok
13:43:38.0140 3840 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:43:38.0156 3840 BITS - ok
13:43:38.0203 3840 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:43:38.0203 3840 Browser - ok
13:43:38.0250 3840 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:43:38.0281 3840 BthEnum - ok
13:43:38.0312 3840 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:43:38.0343 3840 BthPan - ok
13:43:38.0406 3840 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
13:43:38.0421 3840 BTHPORT - ok
13:43:38.0468 3840 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
13:43:38.0484 3840 BthServ - ok
13:43:38.0515 3840 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:43:38.0531 3840 BTHUSB - ok
13:43:38.0609 3840 catchme - ok
13:43:38.0625 3840 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:43:38.0656 3840 CCDECODE - ok
13:43:38.0687 3840 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:43:38.0687 3840 Cdaudio - ok
13:43:38.0718 3840 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:43:38.0734 3840 Cdfs - ok
13:43:38.0765 3840 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:43:38.0781 3840 Cdrom - ok
13:43:38.0796 3840 Changer - ok
13:43:38.0828 3840 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:43:38.0828 3840 CiSvc - ok
13:43:38.0843 3840 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:43:38.0859 3840 ClipSrv - ok
13:43:38.0890 3840 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:43:38.0984 3840 clr_optimization_v2.0.50727_32 - ok
13:43:38.0984 3840 clwvd - ok
13:43:39.0031 3840 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:43:39.0046 3840 CmBatt - ok
13:43:39.0281 3840 [ D21DD5C3C4BF89D2722D25B7D11336D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:43:39.0406 3840 cmdAgent - ok
13:43:39.0453 3840 [ C934F6E30D8A10D34A652BCF3A5C35BD ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
13:43:39.0453 3840 cmderd - ok
13:43:39.0484 3840 [ 8CDA9C3A987A1CD3F971EB9B33AB1EB6 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
13:43:39.0484 3840 cmdGuard - ok
13:43:39.0515 3840 [ 9DD6E71613F26DDE12A0F007AECA760B ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
13:43:39.0640 3840 cmdHlp - ok
13:43:39.0671 3840 CmdIde - ok
13:43:39.0703 3840 [ C2C420573A006CDFB956443735C78A1B ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
13:43:39.0703 3840 cmdvirth - ok
13:43:39.0750 3840 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:43:39.0750 3840 Compbatt - ok
13:43:39.0765 3840 COMSysApp - ok
13:43:39.0828 3840 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:43:39.0843 3840 CryptSvc - ok
13:43:39.0875 3840 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:43:39.0890 3840 DcomLaunch - ok
13:43:39.0906 3840 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:43:39.0906 3840 Dhcp - ok
13:43:39.0953 3840 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:43:39.0953 3840 Disk - ok
13:43:39.0953 3840 dmadmin - ok
13:43:40.0000 3840 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:43:40.0015 3840 dmboot - ok
13:43:40.0046 3840 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:43:40.0062 3840 dmio - ok
13:43:40.0109 3840 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:43:40.0109 3840 dmload - ok
13:43:40.0140 3840 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:43:40.0140 3840 dmserver - ok
13:43:40.0171 3840 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:43:40.0203 3840 DMusic - ok
13:43:40.0234 3840 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:43:40.0234 3840 Dnscache - ok
13:43:40.0281 3840 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:43:40.0281 3840 Dot3svc - ok
13:43:40.0296 3840 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:43:40.0296 3840 drmkaud - ok
13:43:40.0343 3840 [ 6CA101F9AA3D845BA31F6E13C01301A8 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:43:40.0359 3840 E100B - ok
13:43:40.0390 3840 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:43:40.0406 3840 EapHost - ok
13:43:40.0406 3840 ERSvc - ok
13:43:40.0453 3840 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:43:40.0453 3840 Eventlog - ok
13:43:40.0500 3840 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:43:40.0515 3840 EventSystem - ok
13:43:40.0546 3840 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:43:40.0546 3840 Fastfat - ok
13:43:40.0578 3840 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:43:40.0593 3840 FastUserSwitchingCompatibility - ok
13:43:40.0609 3840 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:43:40.0625 3840 Fdc - ok
13:43:40.0640 3840 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:43:40.0656 3840 Fips - ok
13:43:40.0656 3840 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:43:40.0671 3840 Flpydisk - ok
13:43:40.0718 3840 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:43:40.0718 3840 FltMgr - ok
13:43:40.0812 3840 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:43:40.0843 3840 FontCache3.0.0.0 - ok

Report •

#94
April 28, 2013 at 23:46:54
13:43:40.0890 3840 [ 455F778EE14368468560BD7CB8C854D0 ] FsVga C:\WINDOWS\system32\DRIVERS\fsvga.sys
13:43:40.0906 3840 FsVga - ok
13:43:40.0953 3840 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:43:40.0953 3840 Fs_Rec - ok
13:43:41.0000 3840 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:43:41.0000 3840 Ftdisk - ok
13:43:41.0031 3840 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:43:41.0046 3840 Gpc - ok
13:43:41.0125 3840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:43:41.0125 3840 gupdate - ok
13:43:41.0140 3840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:43:41.0140 3840 gupdatem - ok
13:43:41.0203 3840 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:43:41.0218 3840 HDAudBus - ok
13:43:41.0296 3840 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:43:41.0296 3840 helpsvc - ok
13:43:41.0328 3840 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:43:41.0343 3840 HidServ - ok
13:43:41.0375 3840 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:43:41.0390 3840 hidusb - ok
13:43:41.0421 3840 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:43:41.0421 3840 hkmsvc - ok
13:43:41.0453 3840 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:43:41.0468 3840 HTTP - ok
13:43:41.0515 3840 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:43:41.0515 3840 HTTPFilter - ok
13:43:41.0546 3840 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\DRIVERS\i2omgmt.sys
13:43:41.0562 3840 i2omgmt - ok
13:43:41.0609 3840 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:43:41.0656 3840 i8042prt - ok
13:43:41.0703 3840 [ 2362971B61DC6D8CEA74B0FB2AF7EDF1 ] IDMTDI C:\WINDOWS\system32\DRIVERS\idmtdi.sys
13:43:41.0718 3840 IDMTDI - ok
13:43:41.0812 3840 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:43:41.0843 3840 idsvc - ok
13:43:41.0890 3840 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:43:41.0890 3840 Imapi - ok
13:43:41.0937 3840 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:43:41.0937 3840 ImapiService - ok
13:43:41.0984 3840 [ 17C67D4FFD7217BC851969C550131108 ] Inport C:\WINDOWS\system32\drivers\inport.sys
13:43:42.0000 3840 Inport - ok
13:43:42.0031 3840 [ 31289DE45E75C0FD4A2CD6D9F4031078 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
13:43:42.0031 3840 Inspect - ok
13:43:42.0203 3840 [ 4517FD80B6D734D99AC4B1578443D1D9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:43:42.0421 3840 IntcAzAudAddService - ok
13:43:42.0437 3840 IntelIde - ok
13:43:42.0500 3840 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:43:42.0515 3840 intelppm - ok
13:43:42.0562 3840 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:43:42.0578 3840 Ip6Fw - ok
13:43:42.0593 3840 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:43:42.0609 3840 IpFilterDriver - ok
13:43:42.0625 3840 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:43:42.0625 3840 IpInIp - ok
13:43:42.0656 3840 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:43:42.0656 3840 IpNat - ok
13:43:42.0671 3840 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:43:42.0687 3840 IPSec - ok
13:43:42.0718 3840 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:43:42.0718 3840 IRENUM - ok
13:43:42.0765 3840 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:43:42.0765 3840 isapnp - ok
13:43:42.0781 3840 [ A88B0B23403DDB2B1B19AEB8AAFDFCEE ] ITECIR C:\WINDOWS\system32\DRIVERS\ITECIR.sys
13:43:42.0906 3840 ITECIR - ok
13:43:42.0953 3840 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:43:42.0968 3840 JavaQuickStarterService - ok
13:43:43.0015 3840 [ 5C2F34F60AAEC9DB4DAA973915CBAEDC ] JMCR C:\WINDOWS\system32\DRIVERS\jmcr.sys
13:43:43.0203 3840 JMCR - ok
13:43:43.0234 3840 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:43:43.0265 3840 Kbdclass - ok
13:43:43.0312 3840 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:43:43.0343 3840 kbdhid - ok
13:43:43.0390 3840 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:43:43.0390 3840 kmixer - ok
13:43:43.0437 3840 KNZECTIJ - ok
13:43:43.0484 3840 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:43:43.0484 3840 KSecDD - ok
13:43:43.0515 3840 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:43:43.0515 3840 lanmanserver - ok
13:43:43.0546 3840 [ A8888A5327621856C0CEC4E385F69309 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:43:43.0562 3840 LanmanWorkstation - ok
13:43:43.0562 3840 lbrtfdc - ok
13:43:43.0625 3840 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:43:43.0640 3840 LmHosts - ok
13:43:43.0734 3840 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:43:43.0750 3840 Microsoft Office Groove Audit Service - ok
13:43:43.0781 3840 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:43:43.0781 3840 Modem - ok
13:43:43.0875 3840 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
13:43:43.0906 3840 Monfilt - ok
13:43:43.0937 3840 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:43:43.0953 3840 Mouclass - ok
13:43:43.0968 3840 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:43:43.0968 3840 mouhid - ok
13:43:44.0015 3840 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:43:44.0031 3840 MountMgr - ok
13:43:44.0078 3840 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:43:44.0156 3840 MRxDAV - ok
13:43:44.0296 3840 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:43:44.0359 3840 MRxSmb - ok
13:43:44.0406 3840 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:43:44.0421 3840 MSDTC - ok
13:43:44.0515 3840 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:43:44.0515 3840 Msfs - ok
13:43:44.0656 3840 [ 25EDED99A5644E1CB3DE28B27B760CCB ] MsgPlusService C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
13:43:44.0750 3840 MsgPlusService - ok
13:43:44.0781 3840 MSIServer - ok
13:43:44.0843 3840 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:43:44.0890 3840 MSKSSRV - ok
13:43:44.0921 3840 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:43:44.0937 3840 MSPCLOCK - ok
13:43:44.0968 3840 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:43:44.0984 3840 MSPQM - ok
13:43:45.0031 3840 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:43:45.0046 3840 mssmbios - ok
13:43:45.0125 3840 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:43:45.0125 3840 MSTEE - ok
13:43:45.0203 3840 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:43:45.0218 3840 Mup - ok
13:43:45.0250 3840 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:43:45.0312 3840 NABTSFEC - ok
13:43:45.0359 3840 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:43:45.0421 3840 napagent - ok
13:43:45.0562 3840 [ 7DB7924793B9BD0EC991AD321664C486 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:43:45.0906 3840 NBService - ok
13:43:46.0000 3840 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:43:46.0015 3840 NDIS - ok
13:43:46.0046 3840 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:43:46.0062 3840 NdisIP - ok
13:43:46.0125 3840 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:43:46.0125 3840 NdisTapi - ok
13:43:46.0203 3840 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:43:46.0203 3840 Ndisuio - ok
13:43:46.0218 3840 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:43:46.0281 3840 NdisWan - ok
13:43:46.0328 3840 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:43:46.0359 3840 NDProxy - ok
13:43:46.0406 3840 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:43:46.0421 3840 NetBIOS - ok
13:43:46.0468 3840 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:43:46.0515 3840 NetBT - ok
13:43:46.0609 3840 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:43:46.0656 3840 NetDDE - ok
13:43:46.0671 3840 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:43:46.0671 3840 NetDDEdsdm - ok
13:43:46.0718 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:43:46.0734 3840 Netlogon - ok
13:43:46.0843 3840 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:43:46.0859 3840 Netman - ok
13:43:46.0937 3840 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:43:46.0968 3840 NetTcpPortSharing - ok
13:43:47.0015 3840 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:43:47.0015 3840 Nla - ok
13:43:47.0093 3840 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:43:47.0093 3840 Npfs - ok
13:43:47.0125 3840 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:43:47.0140 3840 Ntfs - ok
13:43:47.0171 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:43:47.0171 3840 NtLmSsp - ok
13:43:47.0203 3840 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:43:47.0218 3840 NtmsSvc - ok
13:43:47.0281 3840 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:43:47.0312 3840 Null - ok
13:43:47.0328 3840 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:43:47.0343 3840 NwlnkFlt - ok
13:43:47.0359 3840 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:43:47.0375 3840 NwlnkFwd - ok
13:43:47.0406 3840 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:43:47.0437 3840 NwlnkIpx - ok
13:43:47.0468 3840 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:43:47.0484 3840 NwlnkNb - ok
13:43:47.0500 3840 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:43:47.0531 3840 NwlnkSpx - ok
13:43:47.0687 3840 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:43:47.0765 3840 odserv - ok
13:43:47.0796 3840 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:43:47.0843 3840 ose - ok
13:43:47.0937 3840 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:43:47.0937 3840 Parport - ok
13:43:47.0968 3840 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:43:47.0968 3840 PartMgr - ok
13:43:48.0000 3840 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:43:48.0000 3840 ParVdm - ok
13:43:48.0031 3840 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:43:48.0031 3840 PCI - ok
13:43:48.0031 3840 PCIDump - ok
13:43:48.0093 3840 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:43:48.0093 3840 PCIIde - ok
13:43:48.0109 3840 PDCOMP - ok
13:43:48.0125 3840 PDFRAME - ok
13:43:48.0140 3840 PDRELI - ok
13:43:48.0156 3840 PDRFRAME - ok
13:43:48.0218 3840 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:43:48.0218 3840 PlugPlay - ok
13:43:48.0234 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:43:48.0234 3840 PolicyAgent - ok
13:43:48.0281 3840 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:43:48.0296 3840 PptpMiniport - ok
13:43:48.0328 3840 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:43:48.0328 3840 Processor - ok
13:43:48.0343 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:43:48.0343 3840 ProtectedStorage - ok
13:43:48.0390 3840 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:43:48.0406 3840 Ptilink - ok
13:43:48.0421 3840 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:43:48.0437 3840 RasAcd - ok
13:43:48.0453 3840 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:43:48.0468 3840 RasAuto - ok
13:43:48.0500 3840 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:43:48.0515 3840 Rasl2tp - ok
13:43:48.0531 3840 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:43:48.0531 3840 RasMan - ok
13:43:48.0546 3840 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:43:48.0546 3840 RasPppoe - ok
13:43:48.0578 3840 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:43:48.0593 3840 Raspti - ok
13:43:48.0625 3840 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:43:48.0625 3840 Rdbss - ok
13:43:48.0640 3840 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:43:48.0656 3840 RDPCDD - ok
13:43:48.0687 3840 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:43:48.0703 3840 rdpdr - ok
13:43:48.0734 3840 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:43:48.0750 3840 RDPWD - ok
13:43:48.0796 3840 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:43:48.0812 3840 RDSessMgr - ok
13:43:48.0859 3840 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:43:48.0859 3840 redbook - ok
13:43:48.0890 3840 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:43:48.0906 3840 RemoteAccess - ok
13:43:48.0937 3840 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:43:48.0953 3840 RFCOMM - ok
13:43:49.0015 3840 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:43:49.0031 3840 RpcLocator - ok
13:43:49.0078 3840 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:43:49.0078 3840 RpcSs - ok
13:43:49.0109 3840 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:43:49.0125 3840 RSVP - ok
13:43:49.0156 3840 [ 2890916EB8DED61CC2D8D057A9778E03 ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
13:43:49.0296 3840 RTL8187B - ok
13:43:49.0312 3840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:43:49.0312 3840 SamSs - ok
13:43:49.0359 3840 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:43:49.0375 3840 SCardSvr - ok
13:43:49.0421 3840 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:43:49.0421 3840 Schedule - ok
13:43:49.0453 3840 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:43:49.0453 3840 sdbus - ok
13:43:49.0468 3840 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:43:49.0484 3840 Secdrv - ok
13:43:49.0500 3840 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:43:49.0515 3840 seclogon - ok
13:43:49.0531 3840 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:43:49.0546 3840 SENS - ok
13:43:49.0546 3840 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:43:49.0562 3840 serenum - ok
13:43:49.0593 3840 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:43:49.0593 3840 Serial - ok
13:43:49.0625 3840 [ 1F16931C722C69E4A7866244796C66A0 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys
13:43:49.0640 3840 sermouse - ok
13:43:49.0671 3840 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:43:49.0687 3840 Sfloppy - ok
13:43:49.0703 3840 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:43:49.0734 3840 SharedAccess - ok
13:43:49.0765 3840 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:43:49.0765 3840 ShellHWDetection - ok
13:43:49.0812 3840 [ 7BA8FEBF9ECB36C029410E7957E7FF9C ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
13:43:50.0015 3840 SiS315 - ok
13:43:50.0093 3840 [ A86E52C55DE3488B3FC0FF2B8AD711BF ] SiSGbeXP C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
13:43:50.0109 3840 SiSGbeXP - ok
13:43:50.0125 3840 [ B4485881BD8AED9B157A2E6CF43C2D51 ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
13:43:50.0125 3840 SiSide - ok
13:43:50.0171 3840 [ 94A0E9F4A7B42899B793F5DE6C362662 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
13:43:50.0312 3840 SiSkp - ok
13:43:50.0375 3840 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:43:50.0375 3840 SkypeUpdate - ok
13:43:50.0421 3840 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:43:50.0421 3840 SLIP - ok
13:43:50.0453 3840 [ 895BE38A993B9BD5ABBE570D63D88A2E ] SMBALI C:\WINDOWS\system32\DRIVERS\SMBALI.sys
13:43:50.0453 3840 SMBALI - ok
13:43:50.0468 3840 SMBHC - ok
13:43:50.0531 3840 [ 2D97B7CC3F118620A704C5DA138CA120 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
13:43:50.0687 3840 smserial - ok
13:43:50.0718 3840 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:43:50.0718 3840 splitter - ok
13:43:50.0765 3840 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:43:50.0781 3840 Spooler - ok
13:43:50.0828 3840 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:43:50.0828 3840 sr - ok
13:43:50.0843 3840 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:43:50.0875 3840 srservice - ok
13:43:50.0906 3840 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:43:50.0921 3840 Srv - ok
13:43:50.0937 3840 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:43:50.0953 3840 SSDPSRV - ok
13:43:51.0000 3840 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:43:51.0078 3840 stisvc - ok
13:43:51.0296 3840 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:43:51.0328 3840 streamip - ok
13:43:51.0390 3840 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:43:51.0421 3840 swenum - ok
13:43:51.0468 3840 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:43:51.0468 3840 swmidi - ok
13:43:51.0468 3840 SwPrv - ok
13:43:51.0515 3840 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:43:51.0515 3840 sysaudio - ok
13:43:51.0562 3840 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:43:51.0593 3840 SysmonLog - ok
13:43:51.0609 3840 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:43:51.0640 3840 TapiSrv - ok
13:43:51.0671 3840 [ 242E6C193856C64B897B4071A8070A31 ] tapSF0901 C:\WINDOWS\system32\DRIVERS\tapSF0901.sys

Report •

#95
April 28, 2013 at 23:47:21
13:43:51.0687 3840 tapSF0901 - ok
13:43:51.0734 3840 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:43:51.0750 3840 Tcpip - ok
13:43:51.0796 3840 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:43:51.0796 3840 TDPIPE - ok
13:43:51.0812 3840 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:43:51.0828 3840 TDTCP - ok
13:43:51.0843 3840 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:43:51.0859 3840 TermDD - ok
13:43:51.0875 3840 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:43:51.0906 3840 TermService - ok
13:43:51.0921 3840 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:43:51.0937 3840 Themes - ok
13:43:51.0968 3840 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:43:51.0984 3840 TlntSvr - ok
13:43:52.0000 3840 TosIde - ok
13:43:52.0031 3840 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:43:52.0046 3840 TrkWks - ok
13:43:52.0093 3840 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:43:52.0093 3840 uagp35 - ok
13:43:52.0109 3840 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:43:52.0125 3840 Udfs - ok
13:43:52.0140 3840 ultra - ok
13:43:52.0203 3840 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:43:52.0234 3840 Update - ok
13:43:52.0281 3840 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:43:52.0281 3840 upnphost - ok
13:43:52.0312 3840 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:43:52.0328 3840 UPS - ok
13:43:52.0359 3840 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:43:52.0375 3840 usbccgp - ok
13:43:52.0406 3840 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:43:52.0406 3840 usbehci - ok
13:43:52.0421 3840 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:43:52.0453 3840 usbhub - ok
13:43:52.0484 3840 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:43:52.0484 3840 usbohci - ok
13:43:52.0515 3840 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:43:52.0515 3840 USBSTOR - ok
13:43:52.0546 3840 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:43:52.0546 3840 usbuhci - ok
13:43:52.0578 3840 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:43:52.0593 3840 usbvideo - ok
13:43:52.0625 3840 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:43:52.0625 3840 VgaSave - ok
13:43:52.0640 3840 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:43:52.0656 3840 VolSnap - ok
13:43:52.0687 3840 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:43:52.0687 3840 VSS - ok
13:43:52.0718 3840 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:43:52.0734 3840 W32Time - ok
13:43:52.0765 3840 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:43:52.0781 3840 Wanarp - ok
13:43:52.0796 3840 WDICA - ok
13:43:52.0859 3840 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:43:52.0875 3840 wdmaud - ok
13:43:52.0906 3840 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:43:52.0937 3840 WebClient - ok
13:43:53.0015 3840 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:43:53.0031 3840 winmgmt - ok
13:43:53.0093 3840 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:43:53.0203 3840 WmdmPmSN - ok
13:43:53.0250 3840 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:43:53.0250 3840 Wmi - ok
13:43:53.0265 3840 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:43:53.0281 3840 WmiAcpi - ok
13:43:53.0328 3840 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:43:53.0328 3840 WmiApSrv - ok
13:43:53.0390 3840 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:43:53.0562 3840 WMPNetworkSvc - ok
13:43:53.0593 3840 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:43:53.0609 3840 WS2IFSL - ok
13:43:53.0656 3840 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:43:53.0656 3840 wscsvc - ok
13:43:53.0687 3840 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:43:53.0703 3840 WSTCODEC - ok
13:43:53.0734 3840 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:43:53.0750 3840 wuauserv - ok
13:43:53.0796 3840 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:43:53.0796 3840 WudfPf - ok
13:43:53.0828 3840 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:43:53.0828 3840 WudfSvc - ok
13:43:53.0875 3840 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:43:53.0890 3840 WZCSVC - ok
13:43:53.0921 3840 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:43:53.0937 3840 xmlprov - ok
13:43:53.0968 3840 ================ Scan global ===============================
13:43:54.0000 3840 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:43:54.0031 3840 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:43:54.0046 3840 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:43:54.0078 3840 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:43:54.0078 3840 [Global] - ok
13:43:54.0078 3840 ================ Scan MBR ==================================
13:43:54.0093 3840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:43:54.0265 3840 \Device\Harddisk0\DR0 - ok
13:43:54.0265 3840 ================ Scan VBR ==================================
13:43:54.0265 3840 [ 735EF57E1F455043D14D3DEF56679F44 ] \Device\Harddisk0\DR0\Partition1
13:43:54.0265 3840 \Device\Harddisk0\DR0\Partition1 - ok
13:43:54.0296 3840 [ A1C94512EAD156266D1B3E71FD53C376 ] \Device\Harddisk0\DR0\Partition2
13:43:54.0296 3840 \Device\Harddisk0\DR0\Partition2 - ok
13:43:54.0296 3840 ============================================================
13:43:54.0296 3840 Scan finished
13:43:54.0296 3840 ============================================================
13:43:54.0328 1692 Detected object count: 0
13:43:54.0328 1692 Actual detected object count: 0

Report •

#96
April 28, 2013 at 23:59:01
#93/#94/#95
Clean.

Listparts
1: Restart the computer. Any messages after the reboot?
2: Delete your copy of ListParts and download the latest ListParts and this time put in on the root of C drive (start => My Computer => C drive). Run ListParts and post the log.
Reboot
Run ListParts and post the log.


Report •

#97
April 29, 2013 at 00:03:40
You want me to download the file to the root drive c: correct?

Report •

#98
April 29, 2013 at 00:05:44
"You want me to download the file to the root drive c: correct?"
Correct

Report •

#99
April 29, 2013 at 00:12:20
No messages after the reboot. Here is List:

ListParts by Farbar Version: 27-04-2013
Ran by JamSang (administrator) on 29-04-2013 at 14:11:51
Windows XP (X86)
Running From: C:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 92%
Total physical RAM: 765.1 MB
Available physical RAM: 59.77 MB
Total Pagefile: 1873.96 MB
Available Pagefile: 1033.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.14 MB

======================= Partitions =========================

1 Drive c: (XP-PRO) (Fixed) (Total:152.59 GB) (Free:133.37 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: () (Fixed) (Total:145.5 GB) (Free:134.52 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 153 GB 32 KB
Partition 2 Extended 146 GB 153 GB
Partition 3 Logical 146 GB 153 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C XP-PRO NTFS Partition 153 GB Healthy System (partition with boot components)
======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 146 GB Healthy
======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: F0B1EBB0
Partition 1: (Active) - (Size=153 GB) - (Type=07) (NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=OF) (Extended)


****** End Of Log ******


Report •

#100
April 29, 2013 at 00:16:54
Perfect, no hidden or suspicious infected partitions.

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#101
April 29, 2013 at 00:19:47
Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
COMODO Antivirus
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Google Chrome 26.0.1410.64
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Comodo Firewall cmdagent.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 2%
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#102
April 29, 2013 at 00:26:06
Do you want me to run that with comodo on?

Report •

#103
April 29, 2013 at 00:33:08
"Do you want me to run that with comodo on?"
That was Ok, got the result I wanted, everything is up to date.

Run TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Report •

#104
April 29, 2013 at 00:40:28
Done and rebooted with no messages or issues.

Report •

#105
April 29, 2013 at 00:41:49
Beautiful.

System Restore will have infected files in it, turning System Restore OFF & then ON will remove them.
Windows XP
http://support.microsoft.com/kb/310...


Report •

#106
April 29, 2013 at 00:45:02
That webpage has nothing on it. I went to system and clicked on system restore. I clicked the turn off system restore on all drives box. I hit apply and then close. I reopened and unclicked the box and hit apply and then close. Good?

Report •

#107
April 29, 2013 at 00:47:53
Forgot to say.

Start > My Computer > right click & select Properties.
Select System Restore & untick > Turn off System Restore on all drives ( If partitioned or more than one drive installed )
Select the drive with the operating system on, click Settings & set it on Min.
Any other drive or partition, click Settings & tick > Turn off System Restore on this drive.
http://img858.imageshack.us/g/syste...


Report •

#108
April 29, 2013 at 00:51:17
Okay... I did that.

Report •

#109
April 29, 2013 at 00:52:33
"That webpage has nothing on it"
Does for me, we may have some repairing to do.

Try this first.

Run Chkdsk chkdsk /p /r again.

Obtaining CHKDSK Results ( log file )
http://www.cpucare.net/OS/XP/Viewin...
How to get to Event Viewer.
In Windows XP there are four ways to get to event viewer.
Start > Control Panel > Administrative Tools > Event Viewer.
Right click > My Computer > Manage > Event Viewer.
Start > Run > Eventvwr.
Start > All Programs > Accessories > Command Prompt, paste > Eventvwr & hit Enter.
Obtaining CHKDSK Results
Once Event Viewer is open, select Application.
The 4th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
Scroll through the Source column to find the most recent entry titled Winlogon.
Double-click Winlogon to open the CHKDSK results.
Or,
Go to Start > Run and copy/paste >
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
Press OK. A command window will open, and a check of your disk will run. When that finishes, it will create a checkhd.txt log on your desktop. The check disk will take a while to run, so please be patient.


Report •

#110
April 29, 2013 at 00:55:20
To run chkdsk I can do the command in the cmd window, right? Or do I have to go into Windows repair to launch it?

Report •

#111
April 29, 2013 at 00:59:29
BTW when I clicked on the link it was this link: http://www.recipester.org/Recipe:Di...

Now it is this link: http://support.microsoft.com/kb/310...


Report •

#112
April 29, 2013 at 01:05:02
"BTW when I clicked on the link it was this link"
That was me, realized straight away I had put the wrong link & did an edit. Sorry.

Report •

#113
April 29, 2013 at 01:08:32
Continue with Chkdsk, that was my final test.

"To run chkdsk I can do the command in the cmd window, right?"
Yep. Same way as in post #8


Report •

#114
April 29, 2013 at 01:09:30
when i put in chkdsk /p /r it said that it was not correct. Should it be chkdsk c: /p /r ??

Report •

#115
April 29, 2013 at 01:17:23
"Should it be chkdsk c: /p /r ??"
I've never used that command, because you said in posts #8 & #9, I suggested it again, so you would be comfortable with it.

Do you want other ways?


Report •

#116
April 29, 2013 at 01:20:27
Ahhh okay. Yeah, I found the windows doc I read before and remembered it has to be run from the recovery console. I am running it now.

Report •

#117
April 29, 2013 at 02:04:57
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 4/29/2013
Time: 4:01:48 PM
User: N/A
Computer: JAMSANGBANG
Description:
Checking file system on \DosDevices\C:
The type of the file system is NTFS.
Volume label is XP-PRO.
Cleaning up minor inconsistencies on the drive.
Cleaning up 124 unused index entries from index $SII of file 0x9.
Cleaning up 124 unused index entries from index $SDH of file 0x9.
Cleaning up 124 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

159999335 KB total disk space.
18578164 KB in 52141 files.
16460 KB in 5370 indexes.
0 KB in bad sectors.
204479 KB in use by the system.
65536 KB occupied by the log file.
141200232 KB available on disk.

4096 bytes in each allocation unit.
39999833 total allocation units on disk.
35300058 allocation units available on disk.

Internal Info:
30 e3 01 00 b3 e0 00 00 8e 2a 01 00 00 00 00 00 0........*......
e3 00 00 00 02 00 00 00 cc 03 00 00 00 00 00 00 ................
98 a3 27 01 00 00 00 00 f4 c0 59 19 00 00 00 00 ..'.......Y.....
9a 07 b1 02 00 00 00 00 aa 7e cf 56 01 00 00 00 .........~.V....
30 be 38 6b 04 00 00 00 bc 49 a0 e0 05 00 00 00 0.8k.....I......
99 9e 36 00 00 00 00 00 c0 39 07 00 ad cb 00 00 ..6......9......
00 00 00 00 00 d0 eb 6d 04 00 00 00 fa 14 00 00 .......m........


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...


Report •

#118
April 29, 2013 at 02:14:34
Very good result.

Forgot these, I use them on every comp I work on. Use on both comps.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...


Report •

#119
April 29, 2013 at 02:25:02
Okay, I did that on the XP. I'll do mine later.

Report •

#120
April 29, 2013 at 02:33:09
Okay, I can turn on windows updates again?

Report •

#121
April 29, 2013 at 02:34:06
✔ Best Answer
All being well it should now be flying, almost like a clean install.

Finally.

"I clicked on the link in the program menu and this window popped up. First time to see this"
If Internet Explorer has any glitches, use this & check > Repair Internet Explorer
Tweaking.com - Windows Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...


Report •

#122
April 29, 2013 at 02:37:11
"Okay, I can turn on windows updates again?'
Yep & uninstall Combofix.

Report •

#123
April 29, 2013 at 02:37:21
And I'll download LINE again from one of the sites you suggested.

Report •

#124
April 29, 2013 at 02:45:47
Also, I just noticed a file called iMesh in the downloads. I know I did not download that program, so the owner must have done that. Is there a safe version of iMesh out there?

Report •

#125
April 29, 2013 at 02:56:22
Okay, LINE downloaded and installed. Let me know if you know about iMesh.

Report •

#126
April 29, 2013 at 06:18:07
"Let me know if you know about iMesh"
Sorry, don't know anything about iMesh.

Report •

#127
April 30, 2013 at 03:49:50
Okay thanks. I'll check around.

Report •

Ask Question